[RKinner]

There is no sign of the files usually associated with ZeroAccess. I think this is another of the Norton bugs. I just had one of these where it kept detecting the same infection even tho it was not showing in any of my tools. The user said all he did was clear the history and it went away:

http://www.ehow.com/...story-list.html

See if that helps.

Sometimes it also helps to put a folder in place of the consrv.dll file:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


(Usually you will be in C:\windows\system32 if not then:

cd \windows\system32

)

mkdir consrv.dll

[Advertisements]

based on the second screenshot norton is finding the file in the
c:\qoobox\quarantine\c\windows\system32\consrv.dll

is qoobox a malware remover that we ran? can i just delete this directory? thanks

[ericc2728]

based on the second screenshot norton is finding the file in the
c:\qoobox\quarantine\c\windows\system32\consrv.dll

is qoobox a malware remover that we ran? can i just delete this directory? thanks

[RKinner]

Qoobox is where Combofix puts the files that it removes. You can delete the folder if you like.

[ericc2728]

i think i might still have something, firefox continues to try to use a proxy even though i delete the settings and restart the browser.

[RKinner]

Does it change from No Proxy to Manual Proxy?

Run MBAB, Combofix and OTL again and let's see if we can see what is going on.

[ericc2728]

when i ran combofix it said something about the program being expired and do i wish to run in reduced functionality mode. i said yes, and posted the log
mbab log


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-LAPTOP [administrator]

Protection: Enabled

1/23/2012 9:29:10 PM
mbam-log-2012-01-23 (23-59-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 510398
Time elapsed: 2 hour(s), 9 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Eric\Downloads\asus\SoftonicDownloader_for_picasa.exe (PUP.BundleOffer.Downloader.S) -> No action taken.

(end)


ComboFix 12-01-16.02 - Eric 01/24/2012 0:04.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5887 [GMT -5:00]
Running from: c:\users\Eric\Desktop\geeks to go\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 05:05 . 2012-01-24 05:05 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-01-24 05:05 . 2012-01-24 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 00:08 . 2012-01-24 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-24 00:08 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 17:39 . 2012-01-17 17:39 -------- d-----w- C:\_OTL
2012-01-17 01:10 . 2012-01-17 01:10 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2012-01-17 01:10 . 2012-01-17 01:10 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 06:06 . 2011-12-21 07:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 06:06 . 2011-12-21 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-14 06:06 . 2011-12-21 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 06:06 . 2011-12-21 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 04:24 . 2012-01-14 15:32 -------- d-----w- C:\NBRT
2012-01-14 01:04 . 2012-01-14 01:04 -------- d-----w- C:\NPE
2012-01-13 22:20 . 2012-01-24 05:08 -------- d-----w- c:\users\Eric\AppData\Local\Temp
2012-01-13 21:21 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-13 19:38 . 2012-01-13 19:38 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-11 21:06 . 2012-01-11 21:06 -------- d-----w- c:\program files (x86)\WebGear
2012-01-11 20:29 . 2012-01-11 20:29 326268174 ----a-w- C:\Regbackup.reg
2012-01-11 20:04 . 2012-01-14 05:56 -------- d-----w- c:\users\Eric\AppData\Local\NPE
2012-01-11 08:27 . 2012-01-19 00:09 -------- d-----w- c:\program files (x86)\679C1
2012-01-11 07:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 07:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 07:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 07:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 21:01 . 2012-01-09 21:01 -------- d-----w- c:\users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files\iTunes
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 03:59 . 2011-12-26 03:59 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 22:38 . 2011-06-02 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 03:23 . 2011-11-25 03:23 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-11-25 03:23 . 2011-11-25 03:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-11-24 04:52 . 2011-12-14 06:20 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 06:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:03 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:03 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 06:20 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-09 00:57 . 2011-04-09 00:57 12535496 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-16_23.55.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-07 18:55 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-01-22 01:03 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-01-22 01:03 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
- 2011-07-07 18:54 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2011-01-25 20:00 . 2012-01-24 05:09 71312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-24 05:09 52210 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-25 19:04 . 2012-01-24 05:09 15978 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1948204673-1780984394-1029538037-1000_UserData.bin
- 2011-07-07 18:55 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
+ 2012-01-22 01:03 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
- 2011-07-07 18:55 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
+ 2012-01-22 01:03 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-01-22 01:03 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
+ 2012-01-22 01:03 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
- 2011-01-26 01:04 . 2012-01-16 22:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-26 01:04 . 2012-01-23 20:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-26 01:04 . 2012-01-23 20:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-26 01:04 . 2012-01-16 22:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 22:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-23 20:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-23 20:05 91616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-06-02 03:32 . 2012-01-09 21:24 4280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-06-02 03:32 . 2012-01-23 17:39 4280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-16 23:53 . 2012-01-16 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 05:06 . 2012-01-24 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 05:06 . 2012-01-24 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-16 23:53 . 2012-01-16 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-22 01:03 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
- 2011-07-07 18:56 . 2010-11-20 12:21 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-22 01:03 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll
- 2009-07-14 04:54 . 2012-01-16 23:54 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-24 05:07 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-22 01:03 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
- 2011-07-07 18:56 . 2010-11-20 13:27 395776 c:\windows\system32\webio.dll
+ 2011-01-26 05:02 . 2012-01-24 02:22 264822 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-07-07 18:55 . 2010-11-20 13:27 136192 c:\windows\system32\sspicli.dll
+ 2012-01-22 01:03 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
- 2011-07-07 18:56 . 2010-11-20 13:27 340992 c:\windows\system32\schannel.dll
+ 2012-01-22 01:03 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
+ 2012-01-22 01:03 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-22 01:03 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys
- 2009-07-14 05:01 . 2012-01-14 23:16 425148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-24 05:05 425148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-01-16 23:54 3768320 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 05:07 3768320 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 23:54 9453568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 05:07 9453568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-07 18:56 . 2010-11-20 13:26 1447936 c:\windows\system32\lsasrv.dll
+ 2012-01-22 01:03 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
- 2009-07-14 04:45 . 2012-01-11 08:32 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-23 17:44 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-06 06:04 . 2012-01-06 06:04 3878912 c:\windows\Installer\2e005ff.msi
+ 2009-07-14 02:34 . 2012-01-23 17:39 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-16 04:05 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-25 06:18 . 2012-01-21 17:14 16074336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-01-25 06:18 . 2012-01-13 18:38 16074336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-17 01:15 . 2012-01-14 23:16 19902500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1948204673-1780984394-1029538037-1000-12288.dat
+ 2011-03-17 01:15 . 2012-01-23 19:53 19902500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1948204673-1780984394-1029538037-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dekisoft Monitor Off Utility"="c:\program files (x86)\Monitor Off Utility\monoff.exe" [2011-03-20 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R2 LMIRescue_0fe6e286-2520-4db5-80eb-6fd4c551264d;LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d);c:\users\Eric\AppData\Local\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_261da54f-1e37-4813-8d88-0419630b1c3d;LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d);c:\users\Eric\AppData\Local\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_28ec28fe-b6a0-41cf-875f-97e948bf15af;LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af);c:\users\Eric\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 SQLAgent$MAXIMIZER;SQL Server Agent (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys [2011-08-23 488568]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MSSQL$MAXIMIZER;SQL Server (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\sqlservr.exe [2011-04-24 61916000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-11 62184]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys [x]
S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-05-30 13:26]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://movedowntown...n/MyOffice.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://cbrmls.columbusrealtors.com/5.1.01.11828/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50707
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_˜\00\00˜\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~˜\00\00˜\00\00\00\00˜\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,09,ce,2e,95,53,88,48,b2,44,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,4c,14,00,00,01,00,00,00,1f,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,31,00,00,00,00,00,00,2a,8b,b2,10,00,57,6f,72,64,73,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* \Words]
"Order"=hex:08,00,00,00,02,00,00,00,60,04,00,00,01,00,00,00,07,00,00,00,b0,00,
00,00,06,00,00,00,a2,00,32,00,84,00,00,00,00,e5,6a,cc,20,00,31,35,43,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D*  ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,a4,08,00,00,01,00,00,00,0e,00,00,00,78,00,
00,00,0d,00,00,00,6a,00,32,00,84,00,00,00,00,81,71,03,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Images]
"Order"=hex:08,00,00,00,02,00,00,00,b2,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,84,00,00,00,00,8f,8d,9b,20,00,46,6c,69,63,6b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Personal Devolopment]
"Order"=hex:08,00,00,00,02,00,00,00,48,01,00,00,01,00,00,00,02,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,41,4c,db,20,00,41,4e,54,48,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Success and Motivation]
"Order"=hex:08,00,00,00,02,00,00,00,a0,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,92,11,f4,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,28,0b,00,00,01,00,00,00,11,00,00,00,88,00,
00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,68,5c,85,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,50,08,00,00,01,00,00,00,0c,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,84,00,00,00,00,fc,94,4c,20,00,41,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,f0,09,00,00,01,00,00,00,0e,00,00,00,a2,00,
00,00,0d,00,00,00,94,00,32,00,84,00,00,00,00,25,22,c1,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,88,06,00,00,01,00,00,00,0a,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,48,47,8b,20,00,45,58,50,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology]
"Order"=hex:08,00,00,00,02,00,00,00,7a,14,00,00,01,00,00,00,1d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,b8,33,b2,10,00,4d,45,44,49,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,c2,07,00,00,01,00,00,00,0b,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,84,00,00,00,00,3f,67,9f,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,6c,09,00,00,01,00,00,00,0d,00,00,00,a6,00,
00,00,0c,00,00,00,98,00,32,00,84,00,00,00,00,f5,03,1a,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,08,06,00,00,01,00,00,00,09,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,22,83,aa,20,00,46,49,52,45,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*o*o*d* \Food Carryout]
"Order"=hex:08,00,00,00,02,00,00,00,56,14,00,00,01,00,00,00,21,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,16,81,b7,20,00,41,50,50,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF (1542011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,64,02,00,00,01,00,00,00,04,00,00,00,ae,00,
00,00,01,00,00,00,a0,00,32,00,84,00,00,00,00,6b,b1,7e,20,00,41,53,49,41,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF 2 (1842011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,c0,03,00,00,01,00,00,00,06,00,00,00,96,00,
00,00,03,00,00,00,88,00,32,00,84,00,00,00,00,59,a0,78,20,00,41,42,4f,55,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,45,f8,0e,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs\window 2555]
"Order"=hex:08,00,00,00,02,00,00,00,14,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,02,00,00,00,74,00,32,00,84,00,00,00,00,f3,bc,d0,20,00,43,41,4d,50,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,83,f7,5f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs\window 69]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,c8,00,
00,00,04,00,00,00,ba,00,32,00,84,00,00,00,00,88,15,e2,20,00,41,44,41,4d,26,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,68,59,f1,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs\window 101]
"Order"=hex:08,00,00,00,02,00,00,00,40,07,00,00,01,00,00,00,0a,00,00,00,7c,00,
00,00,07,00,00,00,6e,00,32,00,84,00,00,00,00,41,b9,b4,20,00,43,53,54,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,fb,f9,ef,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs\window 122]
"Order"=hex:08,00,00,00,02,00,00,00,90,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,e5,02,92,20,00,53,45,58,59,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Eye Stuff (2652011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,04,00,00,01,00,00,00,06,00,00,00,da,00,
00,00,04,00,00,00,cc,00,32,00,84,00,00,00,00,bd,f0,de,20,00,42,4c,55,45,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,2c,61,2a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,12,0b,00,00,01,00,00,00,0e,00,00,00,de,00,
00,00,07,00,00,00,d0,00,32,00,84,00,00,00,00,89,5e,f7,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8d,64,d0,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,6a,09,00,00,01,00,00,00,0c,00,00,00,90,00,
00,00,07,00,00,00,82,00,32,00,84,00,00,00,00,5d,24,91,20,00,42,45,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,78,d8,27,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,f6,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,08,00,00,00,c6,00,32,00,84,00,00,00,00,99,5b,0e,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \h*a*r*n*e*s*s* *(*1*3*8*2*0*1*1*)*-*-*1*2*t*a*b*s* \window 107]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,02,00,00,00,da,00,
00,00,01,00,00,00,cc,00,32,00,84,00,00,00,00,e2,91,71,20,00,44,4f,55,42,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,d3,f3,4d,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs\window 442]
"Order"=hex:08,00,00,00,02,00,00,00,a2,07,00,00,01,00,00,00,0a,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,84,00,00,00,00,2e,16,49,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,5a,ed,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs\window 44]
"Order"=hex:08,00,00,00,02,00,00,00,cc,0a,00,00,01,00,00,00,0d,00,00,00,e0,00,
00,00,02,00,00,00,d2,00,32,00,84,00,00,00,00,36,22,53,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ice maker (1942011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4a,07,00,00,01,00,00,00,0b,00,00,00,78,00,
00,00,06,00,00,00,6a,00,32,00,84,00,00,00,00,17,03,78,20,00,41,44,53,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,b8,eb,3c,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs\window 16]
"Order"=hex:08,00,00,00,02,00,00,00,02,06,00,00,01,00,00,00,09,00,00,00,de,00,
00,00,04,00,00,00,d0,00,32,00,84,00,00,00,00,b8,f2,a9,20,00,42,45,54,54,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,94,fa,64,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,5c,04,00,00,01,00,00,00,05,00,00,00,e6,00,
00,00,00,00,00,00,d8,00,32,00,84,00,00,00,00,83,68,ab,20,00,4d,41,53,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,97,59,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs\window 52]
"Order"=hex:08,00,00,00,02,00,00,00,62,0b,00,00,01,00,00,00,0f,00,00,00,e6,00,
00,00,06,00,00,00,d8,00,32,00,84,00,00,00,00,0f,55,32,20,00,36,32,37,32,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,14,69,4a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs\window 26]
"Order"=hex:08,00,00,00,02,00,00,00,ea,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,04,00,00,00,c6,00,32,00,84,00,00,00,00,54,8d,73,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pbay porn (3152011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,34,06,00,00,01,00,00,00,07,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,12,04,bd,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8f,b5,83,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs\window 53]
"Order"=hex:08,00,00,00,02,00,00,00,4c,03,00,00,01,00,00,00,05,00,00,00,c8,00,
00,00,02,00,00,00,ba,00,32,00,84,00,00,00,00,ee,fb,ab,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Pinned Tabs (1542011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,d2,00,
00,00,06,00,00,00,c4,00,32,00,84,00,00,00,00,2b,bc,36,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned tabs (2842011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,da,09,00,00,01,00,00,00,0d,00,00,00,9e,00,
00,00,05,00,00,00,90,00,32,00,84,00,00,00,00,33,38,96,20,00,43,4f,4f,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pirate bay xxx (1552011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,3c,a1,9c,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,b2,0d,90,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs\window 105]
"Order"=hex:08,00,00,00,02,00,00,00,54,0f,00,00,01,00,00,00,19,00,00,00,7e,00,
00,00,05,00,00,00,70,00,32,00,84,00,00,00,00,e1,ee,19,20,00,42,42,57,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,ef,e3,42,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs\window 85]
"Order"=hex:08,00,00,00,02,00,00,00,f8,0a,00,00,01,00,00,00,0d,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,84,00,00,00,00,c1,02,ee,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,4b,d5,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs\window 1094]
"Order"=hex:08,00,00,00,02,00,00,00,74,0d,00,00,01,00,00,00,0f,00,00,00,f8,00,
00,00,06,00,00,00,ea,00,32,00,84,00,00,00,00,18,fa,ed,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,86,9f,1f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs\window 1626]
"Order"=hex:08,00,00,00,02,00,00,00,94,15,00,00,01,00,00,00,1a,00,00,00,d4,00,
00,00,11,00,00,00,c6,00,32,00,84,00,00,00,00,ae,63,90,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,d6,1c,29,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs\window 59]
"Order"=hex:08,00,00,00,02,00,00,00,f4,0c,00,00,01,00,00,00,11,00,00,00,e6,00,
00,00,0b,00,00,00,d8,00,32,00,84,00,00,00,00,40,56,a3,20,00,36,54,4f,31,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,c8,68,18,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs\window 137]
"Order"=hex:08,00,00,00,02,00,00,00,84,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,5f,75,22,20,00,5f,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,f5,56,57,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs\window 276]
"Order"=hex:08,00,00,00,02,00,00,00,62,05,00,00,01,00,00,00,07,00,00,00,c2,00,
00,00,02,00,00,00,b4,00,32,00,84,00,00,00,00,d0,94,4a,20,00,42,4f,41,52,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*a*m*i*n*g* \Singularity]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,02,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,cd,25,75,20,00,50,52,4f,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,3a,02,00,00,01,00,00,00,03,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f8,be,3f,20,00,42,4c,41,43,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Generators]
"Order"=hex:08,00,00,00,02,00,00,00,5e,07,00,00,01,00,00,00,0c,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,cb,75,33,20,00,42,45,48,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \My Web Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,03,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,d0,10,51,20,00,46,41,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Spam]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,02,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,a4,2d,e4,20,00,47,45,54,54,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Apartment Rentals]
"Order"=hex:08,00,00,00,02,00,00,00,9e,03,00,00,01,00,00,00,05,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,25,01,37,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Business App Pages]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,01,00,00,00,80,00,32,00,84,00,00,00,00,8b,96,82,20,00,53,4b,59,44,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Continuing Education]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,05,c2,1d,20,00,4f,48,49,4f,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Marketing]
"Order"=hex:08,00,00,00,02,00,00,00,e2,10,00,00,01,00,00,00,1b,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,db,07,50,20,00,31,26,31,43,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate]
"Order"=hex:08,00,00,00,02,00,00,00,22,0f,00,00,01,00,00,00,1a,00,00,00,6a,00,
00,00,08,00,00,00,5c,00,31,00,00,00,00,00,00,fe,95,7f,10,00,45,58,49,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0d,00,00,01,00,00,00,15,00,00,00,68,00,
00,00,10,00,00,00,5a,00,31,00,00,00,00,00,00,3d,a7,29,10,00,55,54,49,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty\Utiltities]
"Order"=hex:08,00,00,00,02,00,00,00,96,00,00,00,01,00,00,00,01,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,dc,b7,4a,20,00,41,45,50,4f,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Hard Money Loans]
"Order"=hex:08,00,00,00,02,00,00,00,a6,03,00,00,01,00,00,00,05,00,00,00,c2,00,
00,00,00,00,00,00,b4,00,32,00,84,00,00,00,00,c3,85,dc,20,00,42,52,4f,4f,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Investing]
"Order"=hex:08,00,00,00,02,00,00,00,d6,04,00,00,01,00,00,00,07,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,84,00,00,00,00,d9,c6,64,20,00,48,41,52,44,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Marketing Sites]
"Order"=hex:08,00,00,00,02,00,00,00,e8,08,00,00,01,00,00,00,0b,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,da,63,f8,20,00,41,4c,45,58,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Printers and Sign]
"Order"=hex:08,00,00,00,02,00,00,00,66,0a,00,00,01,00,00,00,11,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,2e,92,ca,20,00,34,42,55,4d,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Sites to link to]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,01,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,04,0a,75,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Fishing]
"Order"=hex:08,00,00,00,02,00,00,00,32,07,00,00,01,00,00,00,0b,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f4,b6,73,20,00,41,52,45,57,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Galaxy S2]
"Order"=hex:08,00,00,00,02,00,00,00,ea,0a,00,00,01,00,00,00,0e,00,00,00,f8,00,
00,00,0c,00,00,00,ea,00,32,00,84,00,00,00,00,be,da,85,20,00,5f,41,43,53,5f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Guitar Tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4c,04,00,00,01,00,00,00,06,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,93,e1,22,20,00,39,31,31,54,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Local]
"Order"=hex:08,00,00,00,02,00,00,00,78,01,00,00,01,00,00,00,03,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,1a,3f,ad,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Rhymes]
"Order"=hex:08,00,00,00,02,00,00,00,d8,01,00,00,01,00,00,00,03,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,b2,c8,fc,20,00,46,52,45,45,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,a2,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,bb,29,45,20,00,41,4d,45,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \AD]
"Order"=hex:08,00,00,00,02,00,00,00,e0,09,00,00,01,00,00,00,10,00,00,00,78,00,
00,00,0e,00,00,00,6a,00,32,00,84,00,00,00,00,65,e6,c3,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Apple Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,f6,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,dd,04,3c,20,00,41,50,50,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive]
"Order"=hex:08,00,00,00,02,00,00,00,12,0f,00,00,01,00,00,00,1c,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,dd,8b,41,20,00,41,43,45,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive Not Signed Up]
"Order"=hex:08,00,00,00,02,00,00,00,8a,05,00,00,01,00,00,00,0b,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,ef,0f,a0,20,00,62,69,74,47,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,20,04,00,00,01,00,00,00,06,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,84,00,00,00,00,d0,24,0f,20,00,46,49,4c,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Meta Search Engines]
"Order"=hex:08,00,00,00,02,00,00,00,f2,02,00,00,01,00,00,00,05,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,a9,1b,c5,20,00,4c,4f,4f,4b,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Security and Apps]
"Order"=hex:08,00,00,00,02,00,00,00,4a,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,5b,7f,18,20,00,42,49,53,53,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Christmas Gifts]
"Order"=hex:08,00,00,00,02,00,00,00,88,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,bc,0b,8a,20,00,50,4f,47,4f,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Comparison Shopping and Deals]
"Order"=hex:08,00,00,00,02,00,00,00,2a,09,00,00,01,00,00,00,0d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,32,00,84,00,00,00,00,8a,cb,ce,20,00,42,69,7a,72,61,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Department Stores]
"Order"=hex:08,00,00,00,02,00,00,00,a6,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,38,99,70,20,00,4b,4d,41,52,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Electronics, Computers & Accessories]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0c,00,00,01,00,00,00,12,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f9,31,18,20,00,41,42,54,2d,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas]
"Order"=hex:08,00,00,00,02,00,00,00,24,04,00,00,01,00,00,00,07,00,00,00,7e,00,
00,00,06,00,00,00,70,00,31,00,00,00,00,00,00,53,20,17,10,00,57,45,45,4b,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas\Weekly Shopping Lists]
"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,01,00,00,00,5c,00,32,00,84,00,00,00,00,57,e6,59,20,00,4b,72,6f,67,65,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Office Supplies]
"Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,be,af,88,20,00,42,41,4c,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements]
"Order"=hex:08,00,00,00,02,00,00,00,38,03,00,00,01,00,00,00,05,00,00,00,68,00,
00,00,03,00,00,00,5a,00,31,00,00,00,00,00,00,21,54,04,10,00,4e,45,57,46,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements\New folder]
"Order"=hex:08,00,00,00,02,00,00,00,b6,0c,00,00,01,00,00,00,11,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,cb,e6,7f,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sit stand desks, and laptop mounts]
"Order"=hex:08,00,00,00,02,00,00,00,82,09,00,00,01,00,00,00,0c,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,4d,25,ee,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements]
"Order"=hex:08,00,00,00,02,00,00,00,86,0a,00,00,01,00,00,00,10,00,00,00,76,00,
00,00,06,00,00,00,68,00,31,00,00,00,00,00,00,49,0b,6d,10,00,42,53,4e,53,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,00,d6,8f,02,10,00,5f,46,4f,4c,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs\[Folder Name]]
"Order"=hex:08,00,00,00,02,00,00,00,a0,08,00,00,01,00,00,00,0b,00,00,00,60,00,
00,00,0a,00,00,00,52,00,32,00,84,00,00,00,00,48,da,05,20,00,35,34,32,30,7e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,c2,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,4a,ef,d1,20,00,41,49,52,46,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Under Armour]
"Order"=hex:08,00,00,00,02,00,00,00,5c,08,00,00,01,00,00,00,0b,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,df,dc,79,20,00,42,55,59,4d,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Dating Sites]
"Order"=hex:08,00,00,00,02,00,00,00,98,08,00,00,01,00,00,00,0d,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,a8,2c,ba,20,00,41,52,45,59,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Misc Socializing]
"Order"=hex:08,00,00,00,02,00,00,00,44,02,00,00,01,00,00,00,04,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,7d,b2,7a,20,00,4d,59,53,50,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Sed]
"Order"=hex:08,00,00,00,02,00,00,00,16,05,00,00,01,00,00,00,06,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,f5,cb,ad,20,00,41,43,4d,45,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*o*r*t*s* \Volleyball]
"Order"=hex:08,00,00,00,02,00,00,00,0e,07,00,00,01,00,00,00,09,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,c4,14,6a,20,00,41,4c,4c,41,42,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-01-24 00:13:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 05:13
ComboFix2.txt 2012-01-19 22:13
ComboFix3.txt 2012-01-17 00:04
.
Pre-Run: 82,123,976,704 bytes free
Post-Run: 82,115,186,688 bytes free
.
- - End Of File - - 4E8221E34CC9CC91015F783775E60156


OTL logfile created on: 1/24/2012 12:20:38 AM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop\geeks to go
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 67.14% Memory free
15.99 Gb Paging File | 13.02 Gb Available in Paging File | 81.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 76.55 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 21:03:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\geeks to go\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 06:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 06:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/26 14:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 07:58:02 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/14 13:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 13:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:44:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:44:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 20:37:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120123.002\EX64.SYS -- (NAVEX15)
DRV - [2011/10/31 20:37:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120123.002\ENG64.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://movedowntown...n/MyOffice.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7E A0 6E 5F 45 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 22:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/24 00:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 10:10:16 | 000,000,000 | ---D | M]

[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/06 16:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions
[2011/06/29 09:55:20 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/12 12:30:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 19:06:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2011/11/05 13:15:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2012/01/14 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: USA TODAY = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggljnipbdiebhbmadknfbjlhehbohbn\2.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: Open _new & _blank in new background tab = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblhflcbilbefagmeoanbdiofmmnehda\1.0_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Offline Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: LastPass = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Smooth Gestures = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Linkclump = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.0.16_0\
CHR - Extension: Copy Link Text = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2012/01/24 00:07:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dekisoft Monitor Off Utility] C:\Program Files (x86)\Monitor Off Utility\monoff.exe (Dekisoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10 - Broken Internet access at catalog 000000000005
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://cbrmls.columb...ol/IRCSharc.cab (GeacRevw Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3315377E-1827-411A-8A89-D1292871D5AE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 00:07:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/24 00:05:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/23 19:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/23 19:08:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/23 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/21 20:03:27 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/21 20:03:26 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/21 20:03:26 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/21 20:03:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/21 20:03:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/21 20:03:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/17 12:39:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 18:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 18:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 18:39:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 16:57:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 14:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 14:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\geeks to go
[2012/01/13 23:24:55 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/13 20:04:49 | 000,000,000 | ---D | C] -- C:\NPE
[2012/01/13 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/01/13 16:21:42 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/13 14:38:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GO Contact Sync Mod
[2012/01/11 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebGear
[2012/01/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\NPE
[2012/01/11 03:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\679C1
[2012/01/11 02:56:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 02:56:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 02:56:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 02:56:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 02:56:35 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 02:56:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 02:56:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/09 17:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/01/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\PDF-XChange.Viewer.Pro.v2.042.7.Multilingual.Cracked-EAT
[2012/01/09 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5C9B070-3124-44D4-A2B0-51E843B0421E}
[2012/01/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{26F4E894-BE27-4D56-80C2-DECD41B57B7F}
[2012/01/09 01:40:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5F690E7E-FE96-4F1C-ACFC-8A2FBDDD42AD}
[2012/01/09 01:40:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2FC95A88-D39F-459B-B7F0-C58608BE1660}
[2012/01/08 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AACCF45-EC22-46EC-A236-C7D06B5C275F}
[2012/01/08 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D650295A-2195-425A-8A82-0CC902A6F37A}
[2012/01/08 01:40:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A3EF6F9B-EC64-4F35-B611-FA24D122696E}
[2012/01/08 01:40:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AECBE636-CA8D-47A8-9D8C-6A302B8981DE}
[2011/12/30 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA8063F6-590E-4E7C-823F-2ADF139AC157}
[2011/12/30 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43FBE04C-7767-48A2-8A58-49B05224213C}
[2011/12/29 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D35D1A2-7DDC-43A6-B5E6-A175EAB048CF}
[2011/12/29 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDF54AE7-0EA6-4018-BA9E-89E8C01066CA}
[2011/12/25 23:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/08 19:57:26 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/24 00:24:39 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 00:24:39 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 00:08:27 | 000,001,888 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/24 00:07:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/24 00:07:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 00:07:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/24 00:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 00:06:19 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 23:57:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 23:39:11 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/23 22:44:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/23 22:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/23 21:21:13 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/23 19:08:10 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:15:50 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/23 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/21 14:58:39 | 000,002,512 | ---- | M] () -- C:\{7FCD103C-5EDB-4F13-A9D0-4B70CDF0087E}
[2012/01/21 12:53:52 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/01/18 17:42:43 | 000,093,508 | ---- | M] () -- C:\Users\Eric\Desktop\winsock2a.reg
[2012/01/17 12:39:51 | 000,255,874 | ---- | M] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/15 20:50:31 | 000,005,357 | ---- | M] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:50:24 | 000,178,645 | ---- | M] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:16 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:50 | 000,122,616 | ---- | M] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:16:39 | 000,822,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 16:16:39 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 16:16:39 | 000,131,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 16:14:17 | 000,001,380 | ---- | M] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 17:38:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/05 16:00:16 | 001,329,952 | ---- | M] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/24 00:08:27 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/23 19:08:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:15:50 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/21 14:58:39 | 000,002,512 | ---- | C] () -- C:\{7FCD103C-5EDB-4F13-A9D0-4B70CDF0087E}
[2012/01/18 17:42:43 | 000,093,508 | ---- | C] () -- C:\Users\Eric\Desktop\winsock2a.reg
[2012/01/17 12:39:51 | 000,255,874 | ---- | C] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/16 18:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 18:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 18:39:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/15 20:50:31 | 000,005,357 | ---- | C] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:47:24 | 000,178,645 | ---- | C] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:15 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:49 | 000,122,616 | ---- | C] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:20:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F\isolate.ini
[2012/01/13 16:14:15 | 000,001,380 | ---- | C] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/12 22:45:11 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/11 15:29:10 | 326,268,174 | ---- | C] () -- C:\Regbackup.reg
[2012/01/11 03:30:31 | 000,031,256 | ---- | C] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/11 03:30:31 | 000,002,664 | ---- | C] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/05 15:55:56 | 001,329,952 | ---- | C] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:21 | 000,002,600 | ---- | C] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 00:03:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/13 22:00:15 | 000,231,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/08/11 18:59:22 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/12 15:25:44 | 000,797,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\ericc2728.zip
[2011/05/03 10:48:36 | 000,000,320 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SEC540722.trad
[2011/05/03 10:48:24 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2011/03/24 12:38:31 | 000,000,341 | ---- | C] () -- C:\Windows\BCLWDDE.INI
[2011/03/12 15:22:21 | 000,010,240 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 13:22:51 | 000,001,465 | ---- | C] () -- C:\Windows\pcforms.ini
[2011/02/02 14:53:41 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/01 18:03:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/01 17:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/28 14:34:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/27 16:49:45 | 000,037,843 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/27 15:08:04 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/26 15:04:13 | 000,000,410 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/25 22:37:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/25 16:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/01/25 13:36:46 | 000,000,017 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2011/01/25 03:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/30 20:26:00 | 000,365,568 | ---- | C] () -- C:\Windows\SysWow64\WINCTL32.DLL
[2010/06/30 20:26:00 | 000,055,808 | ---- | C] () -- C:\Windows\ICE_JNIRegistry.dll
[2010/06/30 20:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Simspy32.dll
[2010/06/30 20:26:00 | 000,032,768 | ---- | C] () -- C:\Windows\Java2INI.dll
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/13 15:58:21 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2003/02/28 15:51:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\easysoap.dll
[2003/01/28 02:09:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:

< End of report >

[RKinner]

Normally Combofix will want to upgrade. If it can't contact its server then it runs in Reduced Functionality mode.

Let's uninstall combofix then redownload it and run it again: copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Do you know what this stuff is? Apparently they have something to do with one user's IE Favorites (Bookmarks). Can't decide if these should be removed or not.

[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,4c,14,00,00,01,00,00,00,1f,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,31,00,00,00,00,00,00,2a,8b,b2,10,00,57,6f,72,64,73,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* \Words]
"Order"=hex:08,00,00,00,02,00,00,00,60,04,00,00,01,00,00,00,07,00,00,00,b0,00,
00,00,06,00,00,00,a2,00,32,00,84,00,00,00,00,e5,6a,cc,20,00,31,35,43,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D*  ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,a4,08,00,00,01,00,00,00,0e,00,00,00,78,00,
00,00,0d,00,00,00,6a,00,32,00,84,00,00,00,00,81,71,03,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Images]
"Order"=hex:08,00,00,00,02,00,00,00,b2,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,84,00,00,00,00,8f,8d,9b,20,00,46,6c,69,63,6b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Personal Devolopment]
"Order"=hex:08,00,00,00,02,00,00,00,48,01,00,00,01,00,00,00,02,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,41,4c,db,20,00,41,4e,54,48,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Success and Motivation]
"Order"=hex:08,00,00,00,02,00,00,00,a0,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,92,11,f4,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,28,0b,00,00,01,00,00,00,11,00,00,00,88,00,
00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,68,5c,85,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,50,08,00,00,01,00,00,00,0c,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,84,00,00,00,00,fc,94,4c,20,00,41,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,f0,09,00,00,01,00,00,00,0e,00,00,00,a2,00,
00,00,0d,00,00,00,94,00,32,00,84,00,00,00,00,25,22,c1,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,88,06,00,00,01,00,00,00,0a,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,48,47,8b,20,00,45,58,50,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology]
"Order"=hex:08,00,00,00,02,00,00,00,7a,14,00,00,01,00,00,00,1d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,b8,33,b2,10,00,4d,45,44,49,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,c2,07,00,00,01,00,00,00,0b,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,84,00,00,00,00,3f,67,9f,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,6c,09,00,00,01,00,00,00,0d,00,00,00,a6,00,
00,00,0c,00,00,00,98,00,32,00,84,00,00,00,00,f5,03,1a,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,08,06,00,00,01,00,00,00,09,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,22,83,aa,20,00,46,49,52,45,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*o*o*d* \Food Carryout]
"Order"=hex:08,00,00,00,02,00,00,00,56,14,00,00,01,00,00,00,21,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,16,81,b7,20,00,41,50,50,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF (1542011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,64,02,00,00,01,00,00,00,04,00,00,00,ae,00,
00,00,01,00,00,00,a0,00,32,00,84,00,00,00,00,6b,b1,7e,20,00,41,53,49,41,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF 2 (1842011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,c0,03,00,00,01,00,00,00,06,00,00,00,96,00,
00,00,03,00,00,00,88,00,32,00,84,00,00,00,00,59,a0,78,20,00,41,42,4f,55,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,45,f8,0e,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs\window 2555]
"Order"=hex:08,00,00,00,02,00,00,00,14,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,02,00,00,00,74,00,32,00,84,00,00,00,00,f3,bc,d0,20,00,43,41,4d,50,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,83,f7,5f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs\window 69]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,c8,00,
00,00,04,00,00,00,ba,00,32,00,84,00,00,00,00,88,15,e2,20,00,41,44,41,4d,26,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,68,59,f1,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs\window 101]
"Order"=hex:08,00,00,00,02,00,00,00,40,07,00,00,01,00,00,00,0a,00,00,00,7c,00,
00,00,07,00,00,00,6e,00,32,00,84,00,00,00,00,41,b9,b4,20,00,43,53,54,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,fb,f9,ef,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs\window 122]
"Order"=hex:08,00,00,00,02,00,00,00,90,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,e5,02,92,20,00,53,45,58,59,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Eye Stuff (2652011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,04,00,00,01,00,00,00,06,00,00,00,da,00,
00,00,04,00,00,00,cc,00,32,00,84,00,00,00,00,bd,f0,de,20,00,42,4c,55,45,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,2c,61,2a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,12,0b,00,00,01,00,00,00,0e,00,00,00,de,00,
00,00,07,00,00,00,d0,00,32,00,84,00,00,00,00,89,5e,f7,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8d,64,d0,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,6a,09,00,00,01,00,00,00,0c,00,00,00,90,00,
00,00,07,00,00,00,82,00,32,00,84,00,00,00,00,5d,24,91,20,00,42,45,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,78,d8,27,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,f6,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,08,00,00,00,c6,00,32,00,84,00,00,00,00,99,5b,0e,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \h*a*r*n*e*s*s* *(*1*3*8*2*0*1*1*)*-*-*1*2*t*a*b*s* \window 107]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,02,00,00,00,da,00,
00,00,01,00,00,00,cc,00,32,00,84,00,00,00,00,e2,91,71,20,00,44,4f,55,42,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,d3,f3,4d,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs\window 442]
"Order"=hex:08,00,00,00,02,00,00,00,a2,07,00,00,01,00,00,00,0a,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,84,00,00,00,00,2e,16,49,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,5a,ed,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs\window 44]
"Order"=hex:08,00,00,00,02,00,00,00,cc,0a,00,00,01,00,00,00,0d,00,00,00,e0,00,
00,00,02,00,00,00,d2,00,32,00,84,00,00,00,00,36,22,53,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ice maker (1942011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4a,07,00,00,01,00,00,00,0b,00,00,00,78,00,
00,00,06,00,00,00,6a,00,32,00,84,00,00,00,00,17,03,78,20,00,41,44,53,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,b8,eb,3c,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs\window 16]
"Order"=hex:08,00,00,00,02,00,00,00,02,06,00,00,01,00,00,00,09,00,00,00,de,00,
00,00,04,00,00,00,d0,00,32,00,84,00,00,00,00,b8,f2,a9,20,00,42,45,54,54,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,94,fa,64,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,5c,04,00,00,01,00,00,00,05,00,00,00,e6,00,
00,00,00,00,00,00,d8,00,32,00,84,00,00,00,00,83,68,ab,20,00,4d,41,53,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,97,59,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs\window 52]
"Order"=hex:08,00,00,00,02,00,00,00,62,0b,00,00,01,00,00,00,0f,00,00,00,e6,00,
00,00,06,00,00,00,d8,00,32,00,84,00,00,00,00,0f,55,32,20,00,36,32,37,32,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,14,69,4a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs\window 26]
"Order"=hex:08,00,00,00,02,00,00,00,ea,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,04,00,00,00,c6,00,32,00,84,00,00,00,00,54,8d,73,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pbay porn (3152011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,34,06,00,00,01,00,00,00,07,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,12,04,bd,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8f,b5,83,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs\window 53]
"Order"=hex:08,00,00,00,02,00,00,00,4c,03,00,00,01,00,00,00,05,00,00,00,c8,00,
00,00,02,00,00,00,ba,00,32,00,84,00,00,00,00,ee,fb,ab,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Pinned Tabs (1542011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,d2,00,
00,00,06,00,00,00,c4,00,32,00,84,00,00,00,00,2b,bc,36,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned tabs (2842011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,da,09,00,00,01,00,00,00,0d,00,00,00,9e,00,
00,00,05,00,00,00,90,00,32,00,84,00,00,00,00,33,38,96,20,00,43,4f,4f,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pirate bay xxx (1552011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,3c,a1,9c,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,b2,0d,90,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs\window 105]
"Order"=hex:08,00,00,00,02,00,00,00,54,0f,00,00,01,00,00,00,19,00,00,00,7e,00,
00,00,05,00,00,00,70,00,32,00,84,00,00,00,00,e1,ee,19,20,00,42,42,57,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,ef,e3,42,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs\window 85]
"Order"=hex:08,00,00,00,02,00,00,00,f8,0a,00,00,01,00,00,00,0d,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,84,00,00,00,00,c1,02,ee,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,4b,d5,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs\window 1094]
"Order"=hex:08,00,00,00,02,00,00,00,74,0d,00,00,01,00,00,00,0f,00,00,00,f8,00,
00,00,06,00,00,00,ea,00,32,00,84,00,00,00,00,18,fa,ed,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,86,9f,1f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs\window 1626]
"Order"=hex:08,00,00,00,02,00,00,00,94,15,00,00,01,00,00,00,1a,00,00,00,d4,00,
00,00,11,00,00,00,c6,00,32,00,84,00,00,00,00,ae,63,90,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,d6,1c,29,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs\window 59]
"Order"=hex:08,00,00,00,02,00,00,00,f4,0c,00,00,01,00,00,00,11,00,00,00,e6,00,
00,00,0b,00,00,00,d8,00,32,00,84,00,00,00,00,40,56,a3,20,00,36,54,4f,31,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,c8,68,18,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs\window 137]
"Order"=hex:08,00,00,00,02,00,00,00,84,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,5f,75,22,20,00,5f,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,f5,56,57,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs\window 276]
"Order"=hex:08,00,00,00,02,00,00,00,62,05,00,00,01,00,00,00,07,00,00,00,c2,00,
00,00,02,00,00,00,b4,00,32,00,84,00,00,00,00,d0,94,4a,20,00,42,4f,41,52,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*a*m*i*n*g* \Singularity]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,02,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,cd,25,75,20,00,50,52,4f,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,3a,02,00,00,01,00,00,00,03,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f8,be,3f,20,00,42,4c,41,43,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Generators]
"Order"=hex:08,00,00,00,02,00,00,00,5e,07,00,00,01,00,00,00,0c,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,cb,75,33,20,00,42,45,48,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \My Web Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,03,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,d0,10,51,20,00,46,41,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Spam]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,02,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,a4,2d,e4,20,00,47,45,54,54,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Apartment Rentals]
"Order"=hex:08,00,00,00,02,00,00,00,9e,03,00,00,01,00,00,00,05,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,25,01,37,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Business App Pages]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,01,00,00,00,80,00,32,00,84,00,00,00,00,8b,96,82,20,00,53,4b,59,44,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Continuing Education]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,05,c2,1d,20,00,4f,48,49,4f,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Marketing]
"Order"=hex:08,00,00,00,02,00,00,00,e2,10,00,00,01,00,00,00,1b,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,db,07,50,20,00,31,26,31,43,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate]
"Order"=hex:08,00,00,00,02,00,00,00,22,0f,00,00,01,00,00,00,1a,00,00,00,6a,00,
00,00,08,00,00,00,5c,00,31,00,00,00,00,00,00,fe,95,7f,10,00,45,58,49,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0d,00,00,01,00,00,00,15,00,00,00,68,00,
00,00,10,00,00,00,5a,00,31,00,00,00,00,00,00,3d,a7,29,10,00,55,54,49,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty\Utiltities]
"Order"=hex:08,00,00,00,02,00,00,00,96,00,00,00,01,00,00,00,01,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,dc,b7,4a,20,00,41,45,50,4f,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Hard Money Loans]
"Order"=hex:08,00,00,00,02,00,00,00,a6,03,00,00,01,00,00,00,05,00,00,00,c2,00,
00,00,00,00,00,00,b4,00,32,00,84,00,00,00,00,c3,85,dc,20,00,42,52,4f,4f,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Investing]
"Order"=hex:08,00,00,00,02,00,00,00,d6,04,00,00,01,00,00,00,07,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,84,00,00,00,00,d9,c6,64,20,00,48,41,52,44,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Marketing Sites]
"Order"=hex:08,00,00,00,02,00,00,00,e8,08,00,00,01,00,00,00,0b,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,da,63,f8,20,00,41,4c,45,58,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Printers and Sign]
"Order"=hex:08,00,00,00,02,00,00,00,66,0a,00,00,01,00,00,00,11,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,2e,92,ca,20,00,34,42,55,4d,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Sites to link to]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,01,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,04,0a,75,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Fishing]
"Order"=hex:08,00,00,00,02,00,00,00,32,07,00,00,01,00,00,00,0b,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f4,b6,73,20,00,41,52,45,57,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Galaxy S2]
"Order"=hex:08,00,00,00,02,00,00,00,ea,0a,00,00,01,00,00,00,0e,00,00,00,f8,00,
00,00,0c,00,00,00,ea,00,32,00,84,00,00,00,00,be,da,85,20,00,5f,41,43,53,5f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Guitar Tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4c,04,00,00,01,00,00,00,06,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,93,e1,22,20,00,39,31,31,54,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Local]
"Order"=hex:08,00,00,00,02,00,00,00,78,01,00,00,01,00,00,00,03,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,1a,3f,ad,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Rhymes]
"Order"=hex:08,00,00,00,02,00,00,00,d8,01,00,00,01,00,00,00,03,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,b2,c8,fc,20,00,46,52,45,45,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,a2,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,bb,29,45,20,00,41,4d,45,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \AD]
"Order"=hex:08,00,00,00,02,00,00,00,e0,09,00,00,01,00,00,00,10,00,00,00,78,00,
00,00,0e,00,00,00,6a,00,32,00,84,00,00,00,00,65,e6,c3,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Apple Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,f6,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,dd,04,3c,20,00,41,50,50,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive]
"Order"=hex:08,00,00,00,02,00,00,00,12,0f,00,00,01,00,00,00,1c,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,dd,8b,41,20,00,41,43,45,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive Not Signed Up]
"Order"=hex:08,00,00,00,02,00,00,00,8a,05,00,00,01,00,00,00,0b,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,ef,0f,a0,20,00,62,69,74,47,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,20,04,00,00,01,00,00,00,06,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,84,00,00,00,00,d0,24,0f,20,00,46,49,4c,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Meta Search Engines]
"Order"=hex:08,00,00,00,02,00,00,00,f2,02,00,00,01,00,00,00,05,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,a9,1b,c5,20,00,4c,4f,4f,4b,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Security and Apps]
"Order"=hex:08,00,00,00,02,00,00,00,4a,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,5b,7f,18,20,00,42,49,53,53,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Christmas Gifts]
"Order"=hex:08,00,00,00,02,00,00,00,88,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,bc,0b,8a,20,00,50,4f,47,4f,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Comparison Shopping and Deals]
"Order"=hex:08,00,00,00,02,00,00,00,2a,09,00,00,01,00,00,00,0d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,32,00,84,00,00,00,00,8a,cb,ce,20,00,42,69,7a,72,61,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Department Stores]
"Order"=hex:08,00,00,00,02,00,00,00,a6,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,38,99,70,20,00,4b,4d,41,52,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Electronics, Computers & Accessories]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0c,00,00,01,00,00,00,12,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f9,31,18,20,00,41,42,54,2d,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas]
"Order"=hex:08,00,00,00,02,00,00,00,24,04,00,00,01,00,00,00,07,00,00,00,7e,00,
00,00,06,00,00,00,70,00,31,00,00,00,00,00,00,53,20,17,10,00,57,45,45,4b,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas\Weekly Shopping Lists]
"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,01,00,00,00,5c,00,32,00,84,00,00,00,00,57,e6,59,20,00,4b,72,6f,67,65,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Office Supplies]
"Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,be,af,88,20,00,42,41,4c,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements]
"Order"=hex:08,00,00,00,02,00,00,00,38,03,00,00,01,00,00,00,05,00,00,00,68,00,
00,00,03,00,00,00,5a,00,31,00,00,00,00,00,00,21,54,04,10,00,4e,45,57,46,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements\New folder]
"Order"=hex:08,00,00,00,02,00,00,00,b6,0c,00,00,01,00,00,00,11,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,cb,e6,7f,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sit stand desks, and laptop mounts]
"Order"=hex:08,00,00,00,02,00,00,00,82,09,00,00,01,00,00,00,0c,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,4d,25,ee,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements]
"Order"=hex:08,00,00,00,02,00,00,00,86,0a,00,00,01,00,00,00,10,00,00,00,76,00,
00,00,06,00,00,00,68,00,31,00,00,00,00,00,00,49,0b,6d,10,00,42,53,4e,53,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,00,d6,8f,02,10,00,5f,46,4f,4c,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs\[Folder Name]]
"Order"=hex:08,00,00,00,02,00,00,00,a0,08,00,00,01,00,00,00,0b,00,00,00,60,00,
00,00,0a,00,00,00,52,00,32,00,84,00,00,00,00,48,da,05,20,00,35,34,32,30,7e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,c2,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,4a,ef,d1,20,00,41,49,52,46,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Under Armour]
"Order"=hex:08,00,00,00,02,00,00,00,5c,08,00,00,01,00,00,00,0b,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,df,dc,79,20,00,42,55,59,4d,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Dating Sites]
"Order"=hex:08,00,00,00,02,00,00,00,98,08,00,00,01,00,00,00,0d,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,a8,2c,ba,20,00,41,52,45,59,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Misc Socializing]
"Order"=hex:08,00,00,00,02,00,00,00,44,02,00,00,01,00,00,00,04,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,7d,b2,7a,20,00,4d,59,53,50,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Sed]
"Order"=hex:08,00,00,00,02,00,00,00,16,05,00,00,01,00,00,00,06,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,f5,cb,ad,20,00,41,43,4d,45,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*o*r*t*s* \Volleyball]
"Order"=hex:08,00,00,00,02,00,00,00,0e,07,00,00,01,00,00,00,09,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,c4,14,6a,20,00,41,4c,4c,41,42,\
.

[ericc2728]

when i run combofix i keep getting this notice even though internet security is off


with regards to firefox proxy. i set it to no proxy and it keeps changing back to the proxy settings in my last screenshot when i close and reopen the browser

those registry entries you posted are favorites, i run xmarks to keep everything synced across browsers and also have session managers on all browsers to save sessions, the bookmarks are important, i don't know if the registry entries are.

new combo fix logs after reinstalling


ComboFix 12-01-23.02 - Eric 01/24/2012 12:43:43.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6046 [GMT -5:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 17:53 . 2012-01-24 17:53 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-01-24 17:53 . 2012-01-24 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 00:08 . 2012-01-24 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-24 00:08 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 17:39 . 2012-01-17 17:39 -------- d-----w- C:\_OTL
2012-01-17 01:10 . 2012-01-17 01:10 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2012-01-17 01:10 . 2012-01-17 01:10 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 06:06 . 2011-12-21 07:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 06:06 . 2011-12-21 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-14 06:06 . 2011-12-21 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 06:06 . 2011-12-21 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 04:24 . 2012-01-14 15:32 -------- d-----w- C:\NBRT
2012-01-14 01:04 . 2012-01-14 01:04 -------- d-----w- C:\NPE
2012-01-13 22:20 . 2012-01-24 17:57 -------- d-----w- c:\users\Eric\AppData\Local\Temp
2012-01-13 21:21 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-13 19:38 . 2012-01-13 19:38 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-11 21:06 . 2012-01-11 21:06 -------- d-----w- c:\program files (x86)\WebGear
2012-01-11 20:29 . 2012-01-11 20:29 326268174 ----a-w- C:\Regbackup.reg
2012-01-11 20:04 . 2012-01-14 05:56 -------- d-----w- c:\users\Eric\AppData\Local\NPE
2012-01-11 08:27 . 2012-01-19 00:09 -------- d-----w- c:\program files (x86)\679C1
2012-01-11 07:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 07:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 07:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 07:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 21:01 . 2012-01-09 21:01 -------- d-----w- c:\users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files\iTunes
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 03:59 . 2011-12-26 03:59 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 22:38 . 2011-06-02 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 03:23 . 2011-11-25 03:23 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-11-25 03:23 . 2011-11-25 03:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-11-24 04:52 . 2011-12-14 06:20 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 06:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:03 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:03 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-09 00:57 . 2011-04-09 00:57 12535496 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dekisoft Monitor Off Utility"="c:\program files (x86)\Monitor Off Utility\monoff.exe" [2011-03-20 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R2 LMIRescue_0fe6e286-2520-4db5-80eb-6fd4c551264d;LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d);c:\users\Eric\AppData\Local\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_261da54f-1e37-4813-8d88-0419630b1c3d;LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d);c:\users\Eric\AppData\Local\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_28ec28fe-b6a0-41cf-875f-97e948bf15af;LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af);c:\users\Eric\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 SQLAgent$MAXIMIZER;SQL Server Agent (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120121.005\IDSvia64.sys [2011-12-15 488568]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MSSQL$MAXIMIZER;SQL Server (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\sqlservr.exe [2011-04-24 61916000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-11 62184]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys [x]
S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-05-30 13:26]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://movedowntown...n/MyOffice.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://cbrmls.columbusrealtors.com/5.1.01.11828/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50707
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_˜\00\00˜\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~˜\00\00˜\00\00\00\00˜\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,09,ce,2e,95,53,88,48,b2,44,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,4c,14,00,00,01,00,00,00,1f,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,31,00,00,00,00,00,00,2a,8b,b2,10,00,57,6f,72,64,73,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* \Words]
"Order"=hex:08,00,00,00,02,00,00,00,60,04,00,00,01,00,00,00,07,00,00,00,b0,00,
00,00,06,00,00,00,a2,00,32,00,84,00,00,00,00,e5,6a,cc,20,00,31,35,43,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D*  ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,a4,08,00,00,01,00,00,00,0e,00,00,00,78,00,
00,00,0d,00,00,00,6a,00,32,00,84,00,00,00,00,81,71,03,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Images]
"Order"=hex:08,00,00,00,02,00,00,00,b2,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,84,00,00,00,00,8f,8d,9b,20,00,46,6c,69,63,6b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Personal Devolopment]
"Order"=hex:08,00,00,00,02,00,00,00,48,01,00,00,01,00,00,00,02,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,41,4c,db,20,00,41,4e,54,48,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Success and Motivation]
"Order"=hex:08,00,00,00,02,00,00,00,a0,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,92,11,f4,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,28,0b,00,00,01,00,00,00,11,00,00,00,88,00,
00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,68,5c,85,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,50,08,00,00,01,00,00,00,0c,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,84,00,00,00,00,fc,94,4c,20,00,41,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,f0,09,00,00,01,00,00,00,0e,00,00,00,a2,00,
00,00,0d,00,00,00,94,00,32,00,84,00,00,00,00,25,22,c1,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,88,06,00,00,01,00,00,00,0a,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,48,47,8b,20,00,45,58,50,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology]
"Order"=hex:08,00,00,00,02,00,00,00,7a,14,00,00,01,00,00,00,1d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,b8,33,b2,10,00,4d,45,44,49,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,c2,07,00,00,01,00,00,00,0b,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,84,00,00,00,00,3f,67,9f,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,6c,09,00,00,01,00,00,00,0d,00,00,00,a6,00,
00,00,0c,00,00,00,98,00,32,00,84,00,00,00,00,f5,03,1a,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,08,06,00,00,01,00,00,00,09,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,22,83,aa,20,00,46,49,52,45,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*o*o*d* \Food Carryout]
"Order"=hex:08,00,00,00,02,00,00,00,56,14,00,00,01,00,00,00,21,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,16,81,b7,20,00,41,50,50,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF (1542011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,64,02,00,00,01,00,00,00,04,00,00,00,ae,00,
00,00,01,00,00,00,a0,00,32,00,84,00,00,00,00,6b,b1,7e,20,00,41,53,49,41,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF 2 (1842011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,c0,03,00,00,01,00,00,00,06,00,00,00,96,00,
00,00,03,00,00,00,88,00,32,00,84,00,00,00,00,59,a0,78,20,00,41,42,4f,55,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,45,f8,0e,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs\window 2555]
"Order"=hex:08,00,00,00,02,00,00,00,14,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,02,00,00,00,74,00,32,00,84,00,00,00,00,f3,bc,d0,20,00,43,41,4d,50,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,83,f7,5f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs\window 69]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,c8,00,
00,00,04,00,00,00,ba,00,32,00,84,00,00,00,00,88,15,e2,20,00,41,44,41,4d,26,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,68,59,f1,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs\window 101]
"Order"=hex:08,00,00,00,02,00,00,00,40,07,00,00,01,00,00,00,0a,00,00,00,7c,00,
00,00,07,00,00,00,6e,00,32,00,84,00,00,00,00,41,b9,b4,20,00,43,53,54,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,fb,f9,ef,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs\window 122]
"Order"=hex:08,00,00,00,02,00,00,00,90,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,e5,02,92,20,00,53,45,58,59,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Eye Stuff (2652011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,04,00,00,01,00,00,00,06,00,00,00,da,00,
00,00,04,00,00,00,cc,00,32,00,84,00,00,00,00,bd,f0,de,20,00,42,4c,55,45,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,2c,61,2a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,12,0b,00,00,01,00,00,00,0e,00,00,00,de,00,
00,00,07,00,00,00,d0,00,32,00,84,00,00,00,00,89,5e,f7,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8d,64,d0,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,6a,09,00,00,01,00,00,00,0c,00,00,00,90,00,
00,00,07,00,00,00,82,00,32,00,84,00,00,00,00,5d,24,91,20,00,42,45,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,78,d8,27,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,f6,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,08,00,00,00,c6,00,32,00,84,00,00,00,00,99,5b,0e,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \h*a*r*n*e*s*s* *(*1*3*8*2*0*1*1*)*-*-*1*2*t*a*b*s* \window 107]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,02,00,00,00,da,00,
00,00,01,00,00,00,cc,00,32,00,84,00,00,00,00,e2,91,71,20,00,44,4f,55,42,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,d3,f3,4d,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs\window 442]
"Order"=hex:08,00,00,00,02,00,00,00,a2,07,00,00,01,00,00,00,0a,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,84,00,00,00,00,2e,16,49,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,5a,ed,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs\window 44]
"Order"=hex:08,00,00,00,02,00,00,00,cc,0a,00,00,01,00,00,00,0d,00,00,00,e0,00,
00,00,02,00,00,00,d2,00,32,00,84,00,00,00,00,36,22,53,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ice maker (1942011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4a,07,00,00,01,00,00,00,0b,00,00,00,78,00,
00,00,06,00,00,00,6a,00,32,00,84,00,00,00,00,17,03,78,20,00,41,44,53,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,b8,eb,3c,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs\window 16]
"Order"=hex:08,00,00,00,02,00,00,00,02,06,00,00,01,00,00,00,09,00,00,00,de,00,
00,00,04,00,00,00,d0,00,32,00,84,00,00,00,00,b8,f2,a9,20,00,42,45,54,54,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,94,fa,64,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,5c,04,00,00,01,00,00,00,05,00,00,00,e6,00,
00,00,00,00,00,00,d8,00,32,00,84,00,00,00,00,83,68,ab,20,00,4d,41,53,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,97,59,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs\window 52]
"Order"=hex:08,00,00,00,02,00,00,00,62,0b,00,00,01,00,00,00,0f,00,00,00,e6,00,
00,00,06,00,00,00,d8,00,32,00,84,00,00,00,00,0f,55,32,20,00,36,32,37,32,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,14,69,4a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs\window 26]
"Order"=hex:08,00,00,00,02,00,00,00,ea,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,04,00,00,00,c6,00,32,00,84,00,00,00,00,54,8d,73,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pbay porn (3152011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,34,06,00,00,01,00,00,00,07,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,12,04,bd,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8f,b5,83,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs\window 53]
"Order"=hex:08,00,00,00,02,00,00,00,4c,03,00,00,01,00,00,00,05,00,00,00,c8,00,
00,00,02,00,00,00,ba,00,32,00,84,00,00,00,00,ee,fb,ab,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Pinned Tabs (1542011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,d2,00,
00,00,06,00,00,00,c4,00,32,00,84,00,00,00,00,2b,bc,36,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned tabs (2842011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,da,09,00,00,01,00,00,00,0d,00,00,00,9e,00,
00,00,05,00,00,00,90,00,32,00,84,00,00,00,00,33,38,96,20,00,43,4f,4f,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pirate bay xxx (1552011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,3c,a1,9c,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,b2,0d,90,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs\window 105]
"Order"=hex:08,00,00,00,02,00,00,00,54,0f,00,00,01,00,00,00,19,00,00,00,7e,00,
00,00,05,00,00,00,70,00,32,00,84,00,00,00,00,e1,ee,19,20,00,42,42,57,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,ef,e3,42,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs\window 85]
"Order"=hex:08,00,00,00,02,00,00,00,f8,0a,00,00,01,00,00,00,0d,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,84,00,00,00,00,c1,02,ee,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,4b,d5,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs\window 1094]
"Order"=hex:08,00,00,00,02,00,00,00,74,0d,00,00,01,00,00,00,0f,00,00,00,f8,00,
00,00,06,00,00,00,ea,00,32,00,84,00,00,00,00,18,fa,ed,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,86,9f,1f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs\window 1626]
"Order"=hex:08,00,00,00,02,00,00,00,94,15,00,00,01,00,00,00,1a,00,00,00,d4,00,
00,00,11,00,00,00,c6,00,32,00,84,00,00,00,00,ae,63,90,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,d6,1c,29,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs\window 59]
"Order"=hex:08,00,00,00,02,00,00,00,f4,0c,00,00,01,00,00,00,11,00,00,00,e6,00,
00,00,0b,00,00,00,d8,00,32,00,84,00,00,00,00,40,56,a3,20,00,36,54,4f,31,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,c8,68,18,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs\window 137]
"Order"=hex:08,00,00,00,02,00,00,00,84,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,5f,75,22,20,00,5f,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,f5,56,57,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs\window 276]
"Order"=hex:08,00,00,00,02,00,00,00,62,05,00,00,01,00,00,00,07,00,00,00,c2,00,
00,00,02,00,00,00,b4,00,32,00,84,00,00,00,00,d0,94,4a,20,00,42,4f,41,52,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*a*m*i*n*g* \Singularity]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,02,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,cd,25,75,20,00,50,52,4f,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,3a,02,00,00,01,00,00,00,03,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f8,be,3f,20,00,42,4c,41,43,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Generators]
"Order"=hex:08,00,00,00,02,00,00,00,5e,07,00,00,01,00,00,00,0c,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,cb,75,33,20,00,42,45,48,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \My Web Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,03,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,d0,10,51,20,00,46,41,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Spam]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,02,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,a4,2d,e4,20,00,47,45,54,54,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Apartment Rentals]
"Order"=hex:08,00,00,00,02,00,00,00,9e,03,00,00,01,00,00,00,05,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,25,01,37,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Business App Pages]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,01,00,00,00,80,00,32,00,84,00,00,00,00,8b,96,82,20,00,53,4b,59,44,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Continuing Education]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,05,c2,1d,20,00,4f,48,49,4f,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Marketing]
"Order"=hex:08,00,00,00,02,00,00,00,e2,10,00,00,01,00,00,00,1b,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,db,07,50,20,00,31,26,31,43,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate]
"Order"=hex:08,00,00,00,02,00,00,00,22,0f,00,00,01,00,00,00,1a,00,00,00,6a,00,
00,00,08,00,00,00,5c,00,31,00,00,00,00,00,00,fe,95,7f,10,00,45,58,49,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0d,00,00,01,00,00,00,15,00,00,00,68,00,
00,00,10,00,00,00,5a,00,31,00,00,00,00,00,00,3d,a7,29,10,00,55,54,49,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty\Utiltities]
"Order"=hex:08,00,00,00,02,00,00,00,96,00,00,00,01,00,00,00,01,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,dc,b7,4a,20,00,41,45,50,4f,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Hard Money Loans]
"Order"=hex:08,00,00,00,02,00,00,00,a6,03,00,00,01,00,00,00,05,00,00,00,c2,00,
00,00,00,00,00,00,b4,00,32,00,84,00,00,00,00,c3,85,dc,20,00,42,52,4f,4f,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Investing]
"Order"=hex:08,00,00,00,02,00,00,00,d6,04,00,00,01,00,00,00,07,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,84,00,00,00,00,d9,c6,64,20,00,48,41,52,44,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Marketing Sites]
"Order"=hex:08,00,00,00,02,00,00,00,e8,08,00,00,01,00,00,00,0b,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,da,63,f8,20,00,41,4c,45,58,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Printers and Sign]
"Order"=hex:08,00,00,00,02,00,00,00,66,0a,00,00,01,00,00,00,11,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,2e,92,ca,20,00,34,42,55,4d,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Sites to link to]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,01,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,04,0a,75,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Fishing]
"Order"=hex:08,00,00,00,02,00,00,00,32,07,00,00,01,00,00,00,0b,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f4,b6,73,20,00,41,52,45,57,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Galaxy S2]
"Order"=hex:08,00,00,00,02,00,00,00,ea,0a,00,00,01,00,00,00,0e,00,00,00,f8,00,
00,00,0c,00,00,00,ea,00,32,00,84,00,00,00,00,be,da,85,20,00,5f,41,43,53,5f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Guitar Tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4c,04,00,00,01,00,00,00,06,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,93,e1,22,20,00,39,31,31,54,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Local]
"Order"=hex:08,00,00,00,02,00,00,00,78,01,00,00,01,00,00,00,03,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,1a,3f,ad,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Rhymes]
"Order"=hex:08,00,00,00,02,00,00,00,d8,01,00,00,01,00,00,00,03,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,b2,c8,fc,20,00,46,52,45,45,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,a2,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,bb,29,45,20,00,41,4d,45,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \AD]
"Order"=hex:08,00,00,00,02,00,00,00,e0,09,00,00,01,00,00,00,10,00,00,00,78,00,
00,00,0e,00,00,00,6a,00,32,00,84,00,00,00,00,65,e6,c3,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Apple Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,f6,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,dd,04,3c,20,00,41,50,50,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive]
"Order"=hex:08,00,00,00,02,00,00,00,12,0f,00,00,01,00,00,00,1c,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,dd,8b,41,20,00,41,43,45,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive Not Signed Up]
"Order"=hex:08,00,00,00,02,00,00,00,8a,05,00,00,01,00,00,00,0b,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,ef,0f,a0,20,00,62,69,74,47,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,20,04,00,00,01,00,00,00,06,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,84,00,00,00,00,d0,24,0f,20,00,46,49,4c,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Meta Search Engines]
"Order"=hex:08,00,00,00,02,00,00,00,f2,02,00,00,01,00,00,00,05,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,a9,1b,c5,20,00,4c,4f,4f,4b,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Security and Apps]
"Order"=hex:08,00,00,00,02,00,00,00,4a,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,5b,7f,18,20,00,42,49,53,53,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Christmas Gifts]
"Order"=hex:08,00,00,00,02,00,00,00,88,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,bc,0b,8a,20,00,50,4f,47,4f,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Comparison Shopping and Deals]
"Order"=hex:08,00,00,00,02,00,00,00,2a,09,00,00,01,00,00,00,0d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,32,00,84,00,00,00,00,8a,cb,ce,20,00,42,69,7a,72,61,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Department Stores]
"Order"=hex:08,00,00,00,02,00,00,00,a6,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,38,99,70,20,00,4b,4d,41,52,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Electronics, Computers & Accessories]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0c,00,00,01,00,00,00,12,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,f9,31,18,20,00,41,42,54,2d,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas]
"Order"=hex:08,00,00,00,02,00,00,00,24,04,00,00,01,00,00,00,07,00,00,00,7e,00,
00,00,06,00,00,00,70,00,31,00,00,00,00,00,00,53,20,17,10,00,57,45,45,4b,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas\Weekly Shopping Lists]
"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,01,00,00,00,5c,00,32,00,84,00,00,00,00,57,e6,59,20,00,4b,72,6f,67,65,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Office Supplies]
"Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,be,af,88,20,00,42,41,4c,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements]
"Order"=hex:08,00,00,00,02,00,00,00,38,03,00,00,01,00,00,00,05,00,00,00,68,00,
00,00,03,00,00,00,5a,00,31,00,00,00,00,00,00,21,54,04,10,00,4e,45,57,46,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements\New folder]
"Order"=hex:08,00,00,00,02,00,00,00,b6,0c,00,00,01,00,00,00,11,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,cb,e6,7f,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sit stand desks, and laptop mounts]
"Order"=hex:08,00,00,00,02,00,00,00,82,09,00,00,01,00,00,00,0c,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,4d,25,ee,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements]
"Order"=hex:08,00,00,00,02,00,00,00,86,0a,00,00,01,00,00,00,10,00,00,00,76,00,
00,00,06,00,00,00,68,00,31,00,00,00,00,00,00,49,0b,6d,10,00,42,53,4e,53,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,00,d6,8f,02,10,00,5f,46,4f,4c,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs\[Folder Name]]
"Order"=hex:08,00,00,00,02,00,00,00,a0,08,00,00,01,00,00,00,0b,00,00,00,60,00,
00,00,0a,00,00,00,52,00,32,00,84,00,00,00,00,48,da,05,20,00,35,34,32,30,7e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,c2,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,4a,ef,d1,20,00,41,49,52,46,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Under Armour]
"Order"=hex:08,00,00,00,02,00,00,00,5c,08,00,00,01,00,00,00,0b,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,df,dc,79,20,00,42,55,59,4d,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Dating Sites]
"Order"=hex:08,00,00,00,02,00,00,00,98,08,00,00,01,00,00,00,0d,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,a8,2c,ba,20,00,41,52,45,59,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Misc Socializing]
"Order"=hex:08,00,00,00,02,00,00,00,44,02,00,00,01,00,00,00,04,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,7d,b2,7a,20,00,4d,59,53,50,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Sed]
"Order"=hex:08,00,00,00,02,00,00,00,16,05,00,00,01,00,00,00,06,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,f5,cb,ad,20,00,41,43,4d,45,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*o*r*t*s* \Volleyball]
"Order"=hex:08,00,00,00,02,00,00,00,0e,07,00,00,01,00,00,00,09,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,c4,14,6a,20,00,41,4c,4c,41,42,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-01-24 13:13:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 18:13
ComboFix2.txt 2012-01-24 05:13
.
Pre-Run: 149,080,834,048 bytes free
Post-Run: 149,061,496,832 bytes free
.
- - End Of File - - 4DD7CC62F105B742A7669FF7D65BF8A1

[RKinner]

I just remember a registry key that does something similar.

Go into Firefox and change it back to no proxy.

Download and Save the attached int.zip file. (Close all Browsers) Right click on it and Extract All then right click on int.reg and MERGE.



Reboot and see if FF still wants to use the proxy.

[ericc2728]

yes it reset again to the proxy. malaware bytes detected 2 objects, were those just false positives?

[RKinner]

You can have MBAM get rid of them if you want but it doesn't seem likely that they would cause a problem. The first one is just revo which I guess MBAM is afraid might uninstall stuff. The second one doesn't look like it is anything more than adware.

C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Eric\Downloads\asus\SoftonicDownloader_for_picasa.exe (PUP.BundleOffer.Downloader.S) -> No action taken.

We can try ESET and see if it finds anything:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

[ericc2728]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f18de4e88b62b4ab06ec512d7ce65e4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-25 02:02:06
# local_time=2012-01-24 09:02:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 94 15985722 78985890 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=319859
# found=11
# cleaned=11
# scan_time=14486
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.0.1a.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.0.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.5.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.7.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.8.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_ROM_v1.5a.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_ROM_v2.5.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin_'s_E4GT_Bare_ROM_v2.6.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin_'s_E4GT_ROM_v2.0.zip a variant of Android/MTracker.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Documents\Game Backup Tools\XtremeXP_Pack.rar a variant of Win32/Packed.CrackPack.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eric\Downloads\asus\SoftonicDownloader_for_picasa.exe Win32/SoftonicDownloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esetscan
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.0.1a.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.0.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.5.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.7.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_Bare_ROM_v2.8.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_ROM_v1.5a.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin's_E4GT_ROM_v2.5.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin_'s_E4GT_Bare_ROM_v2.6.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Galaxy S 2 ROMS\Calkulin_'s_E4GT_ROM_v2.0.zip a variant of Android/MTracker.A application deleted - quarantined
C:\Users\Eric\Documents\Game Backup Tools\XtremeXP_Pack.rar a variant of Win32/Packed.CrackPack.A application deleted - quarantined
C:\Users\Eric\Downloads\asus\SoftonicDownloader_for_picasa.exe Win32/SoftonicDownloader application cleaned by deleting - quarantined

bitdefender


QuickScan 32-bit v0.9.9.103
---------------------------
Scan date: Tue Jan 24 21:26:28 2012
Machine ID: 4AD679C1



No infection found.
-------------------



Processes
---------
CrashPlan Tray 3980 C:\Program Files\CrashPlan\CrashPlanTray.exe
Google Chrome 564 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1308 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1316 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3876 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1396 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4456 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1740 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1876 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4492 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4816 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2368 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4988 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5032 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5184 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5192 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2664 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5628 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5740 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3180 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3636 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3716 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3756 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3804 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3816 C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
Google Talk Plugin 5648 C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
Malwarebytes Anti-Malware 3016 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft SQL Server 2380 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft® Windows® Operating System 4308 C:\Windows\SysWOW64\rundll32.exe
MobileDeviceService 1388 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
QuickBooks for Windows 2100 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
Symantec Security Technologies 1496 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
Symantec Security Technologies 2828 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
Synaptics Gesture Suite Featuring Scryb 2340 C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
TeamViewer 2520 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
TeamViewer 2796 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
TeamViewer 2556 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
TeamViewer 3420 C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
XobniService 2656 C:\Program Files (x86)\Xobni\XobniService.exe


Network activity
----------------
Process TeamViewer_Service.exe (2556) connected on port 5938 --> 131.215.6.91
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 74.125.225.87
Process chrome.exe (4456) connected on port 80 (HTTP) --> 64.208.21.41
Process chrome.exe (4456) connected on port 80 (HTTP) --> 69.31.97.104
Process chrome.exe (4456) connected on port 80 (HTTP) --> 69.25.24.23
Process chrome.exe (4456) connected on port 80 (HTTP) --> 205.177.95.222
Process chrome.exe (4456) connected on port 5222 (XMPP/Jabber) --> 209.85.225.125
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 74.125.113.99
Process chrome.exe (4456) connected on port 80 (HTTP) --> 63.215.202.6
Process chrome.exe (4456) connected on port 80 (HTTP) --> 69.171.229.16
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 74.125.225.136
Process chrome.exe (4456) connected on port 80 (HTTP) --> 74.125.225.123
Process chrome.exe (4456) connected on port 80 (HTTP) --> 70.37.131.11
Process chrome.exe (4456) connected on port 80 (HTTP) --> 74.125.225.45
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 74.125.225.66
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 209.85.145.132
Process chrome.exe (4456) connected on port 443 (HTTP over SSL) --> 74.125.225.109
Process chrome.exe (4456) connected on port 80 (HTTP) --> 66.235.143.121

Process QBCFMonitorService.exe (2100) listens on ports: 8019
Process TeamViewer_Service.exe (2556) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 5938


Autoruns and critical files
---------------------------
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
CrashPlan Tray C:\Program Files\CrashPlan\CrashPlanTray.exe
Dekisoft Monitor Off Utility C:\Program Files (x86)\Monitor Off Utility\monoff.exe
Facebook Update C:\Users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe
Glary Utilities C:\Program Files (x86)\Glary Utilities\initialize.exe
Microsoft IntelliPoint c:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe


Browser plugins
---------------
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Adobe PDF Toolbar for IE c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
BitDefender QuickScan C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.103_0\npqscan.dll
Facebook Video Calling Plugin C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
Geac ReView ActiveX Control Module C:\Windows\Downloaded Program Files\GeacRevw.ocx
Google Talk Plugin C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
Google Talk Plugin Video Accelerator C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Google Update C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.290.11 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U27 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
LastPass Toolbar c:\program files (x86)\lastpass\lpbar.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Norton Confidential C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPLastPass C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass.dll
NPLastPass C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass64.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Picasa C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\18.6.0.29\ips\ipsbho.dll
VLC Multimedia Plug-in C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 32db02f09b30c20ef2f66ef4ec3e816d c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
MD5: 9c00c20e9763cb54bfbbd82b7058e5e4 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 8b46d5a1d3ef08232c04d0eafb871fb2 C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 2973f53a4ce0bfb15f5473bd2a8a006a C:\Program Files (x86)\Common Files\Intuit\QuickBooks\CFScan.dll
MD5: 6bee1814470dc12fa20c53dfc3c97ebb C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
MD5: ef24eccdc534eed64b9380043dd1fd59 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
MD5: e4bc0c9438351bdd77e53a1cc83c13d1 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBDBPortFinder.dll
MD5: fc2741a70b84d7e7ba5f51a352669ee8 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\stlport_r50.dll
MD5: 6e5dac168d1ff9843e84a59d51d31107 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 5ccf1be80930aeb1cdebf561666325e8 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
MD5: 7a898e4a744621711be7e7b796c69876 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: 66aa43f07dee7fe8f22d955e06a1fb0b C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MD5: 0f22d547f5d2a6ba561698b0c8291809 C:\Program Files (x86)\Glary Utilities\initialize.exe
MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 6f158c6029d841a5f37708cc2bbf3362 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 23a8892bac8533861ad527efdb64972f c:\program files (x86)\lastpass\lpbar.dll
MD5: ee407cac6c5fbc79af7c0aa180727e55 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: 80d7997fc092cdb9da217d8dc5386f48 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 7760679b6854a33433deb7f49a6f4a61 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: de199f3aa9c541a349af95a5c72a71af C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: cd1425ff218a4724166f08b9bb72e733 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\instapi10.dll
MD5: 7d67c07c63796775cc5492bcfeaff125 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: 12c66190cbcc036abbadc7cdd0b61033 C:\Program Files (x86)\Monitor Off Utility\monoff.exe
MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 138ef7ed9cb97497f1113a9fa06ca0b7 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 589697cbe6daf871a0d09caefa863208 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ACCTMGR.DLL
MD5: ce2f59aa06e589aaa43581ef5b8c39a0 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\APPMGR32.DLL
MD5: decb5263bf00c3986bb32a8828d41584 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\asEngine.dll
MD5: fc019481ff2307b15c9782b754ecace9 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\asHelper.dll
MD5: 39bb3b67410f3b838bffb4279e7a493f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MD5: 9b45e9a0bc2b6832992b337ff1d6022e C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AVIfc.dll
MD5: c7979d21269949d53c80b0169d601339 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AVMail.dll
MD5: 59ab5e28f9f6fe0f2e22bf244c93e109 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\avModule.dll
MD5: 388c75e109fe0af001a7182443086266 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AVPAPP32.dll
MD5: 3fa1c3f245b99cbc8eca335afd768092 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AVPSVC32.dll
MD5: 33c3a5cd1d4f95aed46d6c6081edd3f3 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\BHClient.dll
MD5: becae02803277efec3ffb6c31feca370 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\BHSVCPLG.DLL
MD5: 939f327171b94a14d43a54d4bbf2129b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCEMLPXY.DLL
MD5: ef4e4231057f9887cda435a0697a8334 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCGEVT.DLL
MD5: f9ac3d7e84f7a996e921d9b2da084f7d C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccGLog.dll
MD5: db7951146ca1e218e1d3bcff115848a3 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccIPC.dll
MD5: 2f33af526667313ecc13d85da103cc2e C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCJOBMGR.DLL
MD5: 7a03683fdec05543a5cf7aa968129a1f C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccL100U.dll
MD5: 6fee15b53d624e06d86759258e1f6a9c C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSet.dll
MD5: c59f4fc0c28c236bdde2fd35167de054 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCSUBENG.DLL
MD5: 2ca0b0c4460898ed5371e4988954f466 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvc.dll
MD5: e78a365cc3e0fbfc018a33dce01909f8 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
MD5: abff5f1e970dbc68e2cae682378dc717 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccVrTrst.dll
MD5: d3239392a9b422a01fe9b39f0a962902 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CLTALDIS.DLL
MD5: 1a1a3414769230bcf722d73b4dcc6b8e C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltElPrv.dll
MD5: 154aff44dba0fb30d89197cd9b9457b9 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltLMC.dll
MD5: 8e3f864e86b395726c70b989556f675c C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CLTLMS.DLL
MD5: dded9d52ac7ba65615150ac620054c06 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coDataPr.dll
MD5: fe223be49dfe3712c6fd706cdf211adc C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
MD5: 190b93f154409017a1bdd5ac8aa841e4 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\COSVCPLG.DLL
MD5: 972e0f9d74fa23c0f5b0044a77c6c37e C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\DIMASTER.DLL
MD5: 79128ef15a21117f4423230f08b1cb38 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\diStRptr.dll
MD5: 0137c7150f01db5c2c36c3d98841be07 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\DSCli.dll
MD5: 177364f26f682529220af4906131dc2a C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\EFACli.dll
MD5: 6ef6592b863bf08cad0b1a37ad9512a0 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\FWCORE.DLL
MD5: a72054b59e7c738be986a2d8e7d07af8 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\FWGenPlg.dll
MD5: c6a3ff637f063de81a5e4e43eea78e8f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\FWSESAL.DLL
MD5: 22641180d30f972cad4697ed889d2829 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\FWSetup.dll
MD5: d9acd6311fafb141fe183460722655fd C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\HNCORE.DLL
MD5: 21215b293e3af3126d313b2be33723ca c:\program files (x86)\norton internet security\engine\18.6.0.29\ips\ipsbho.dll
MD5: b983863e75a932baa3675ed53aafa68b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\IPSPLUG.DLL
MD5: 291ff480ee525b23575fe9d4ded60fae C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\IRON.DLL
MD5: 9ac9959cf6836f9ea0583b1c0a6481ea C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISDATAPR.DLL
MD5: 199abd6ed8cc94e7818b40da0c8d21de C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISDATASV.DLL
MD5: 24c04a3e47562cea85ada5b9b9ecb997 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISERROR.DLL
MD5: d4f1f2d63528e8b5547cbd00a355599c C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\LUE.DLL
MD5: 600a1b7746da3da31a9c398c25ca90db C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\NCW.DLL
MD5: 31b3fc9bc457de2cdcaec62c5647a8d7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\NPCTRAY.DLL
MD5: b6658a6bfe8a0ecd72df867738f24822 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\NUMEng.dll
MD5: 166cd77a4694d2dbab54df1a10ac7c8b C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\QBackup.dll
MD5: 70512b221f1a69dd768c8555b0967f70 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SDKCMN.DLL
MD5: a4a6cc47f54e193d3610d422669ff995 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SNDSVC.DLL
MD5: 39d6403adf3e02248c42f8ab6d940af5 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\srtsp32.dll
MD5: 1286f9939cc963d379f87a0fb05f6184 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymNeti.dll
MD5: 721487b5fe3d97d54d36122db2fe8e1b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SYMRDRSV.DLL
MD5: 266aa534fdb2224395b4c9be6f5bd7f0 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymRedir.dll
MD5: d01d6de1b4341f844d066acb361951b4 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\UIALERT.DLL
MD5: 446d7ca8329464d6d537bad27af60fac C:\Program Files (x86)\Norton Internet Security\MUI\18.6.0.29\09\01\cltRes.loc
MD5: b60e9769655ddee8368e3abb6668e076 C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
MD5: 1c46c27e9f1938b9589859c70450d275 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
MD5: cc398eee87e3af073cdf90ae7c513d26 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
MD5: 5ff377e68cfaa4ba7da75d899133aa6f C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Resource_en.dll
MD5: 33966a658ff37e0c65d46e59f37e2380 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
MD5: 3c9abdb842055b4aff471e56a1d84b31 C:\Program Files (x86)\TeamViewer\Version7\tv_w32.dll
MD5: a139f70c02809926ba416fd70b361a55 C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
MD5: 255144d9c764241c897c85c798c52241 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: f92ac523f897bbc2f0d1b33c1f760c65 C:\Program Files (x86)\Xobni\XobniService.exe
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: e2cec73b4d221b9ffe906748d1f5fc54 C:\Program Files\CrashPlan\CrashPlanService.exe
MD5: 1d0e69aa5bd5c76e443b5b189add049a C:\Program Files\CrashPlan\CrashPlanTray.exe
MD5: 0b169fe016039571ecc6db70073f8979 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
MD5: 46d249f9db7844cc01050a9345f0f61b C:\Program Files\iPod\bin\iPodService.exe
MD5: 0080231ec57d26b380f630cc790dab85 c:\Program Files\Microsoft IntelliPoint\ipoint.exe
MD5: 04ef36eaf5c4dbce424d81b76f1e9231 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: f98ddfbfe0ee66d4c4b00693512b9527 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: 70f05e8ece922c20e785a46224e12183 c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\SQLAGENT.EXE
MD5: 5d3cfda70dd8d0c9dd400d41ffefb241 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 1d757a7e020c577c4259a755f21b7152 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
MD5: c52f26b8a20847d79f59fcc03d62696e C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHEngine.dll
MD5: 18c40c3f368323b203ace403cb430db1 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120121.005\IDSvia64.sys
MD5: 0b97f1a640ad3d159a7b5d2164c42e50 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120124.002\IDSvia64.sys
MD5: 58815deb605847d3e07c4f832e1d412b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120124.002\IDSxpx86.dll
MD5: 2dbe90210de76be6e1653bb20ec70ec2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.008\ENG64.SYS
MD5: 346da70e203b8e2c850277713de8f71b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.008\EX64.SYS
MD5: fcc7c432fbf465c38fd5d940580ef9b7 C:\Users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe
MD5: 72e5d1e0f6f173466d3b961d0de63381 C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
MD5: 179db748af84332ca16099b9cf366877 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MD5: 8d1b68759519d5e1593b20a26ecb1cee C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MD5: 61e1df3e6fba2865ec49a07335a05b31 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MD5: b5b83fd3de0b57dab90ced4e853795b7 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\chrome.dll
MD5: be0ff1633a2b280fb455ccd07c111050 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MD5: 1b4a64ca2f74b19efbd429c36834229c C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\icudt.dll
MD5: c9b5b6b2ed938048e2d24e4358b65299 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MD5: fe697b33db1d0b128b22380c5b144177 C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
MD5: e5c93e2cf6c7b903799cf99f71286e1a C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: a5114e279300f15859221ed76cf17c40 C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass.dll
MD5: 088328294822e29fc90b7ece0a336069 C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass64.dll
MD5: 8aa2ee43e12639c23f7102b87d10e9a8 C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.103_0\npqscan.dll
MD5: a1d75bc74c15bae15d77631fc54333b7 C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
MD5: d27110f959b9bdb03513fbfbde061733 C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: ad2c471e10d9af88b80571afbedc2028 C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
MD5: 113fe2ed884604b4f32f746a4d7296a3 C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 6d7de520d8aa80a243347becd401eb54 C:\Windows\AppPatch\AcWow64.DLL
MD5: 2d2134a385ddb43daa5650657a6aadc5 C:\Windows\assembly\GAC_32\Utilities\2.0.0.13158__6298d2d1fcfb5d85\Utilities.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 0b8a02326aaa52df2878ead4b3faf2d5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MD5: c1ef78195dee2d5c6175b4bc1f4d69a0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MD5: e66426b31094c915f37ef7cae67dee11 C:\Windows\Downloaded Program Files\GeacRevw.ocx
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: e24fe90e9de8d8ae70e59f7b01675def C:\Windows\system32\AVICAP32.dll
MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL
MD5: fa9c2835878eeeedba3bcc2892bb528a C:\Windows\system32\jsproxy.dll
MD5: f3f571288cde445881102e385bf3471f C:\Windows\system32\Magnification.dll
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\mapi32.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\system32\MMDevAPI.DLL
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: c5a99a4c0dc9f0f5a95ba0c83d30a549 C:\Windows\System32\mstask.dll
MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\PDH.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: c8333f1f77a1b2e25f2202e892caf634 C:\Windows\system32\prnfldr.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\setupapi.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\Wintrust.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\ws2_32.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\SysWOW64\credssp.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\crypt32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: 691e93028b8723e05b4a637be77380dd c:\windows\syswow64\ieframe.dll
MD5: 1416ab557be700fa117323b6b8f32882 C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll
MD5: 814638f572f497d96b17bf254113d9a4 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: a16195753e7c603fb732c53fe08c64bf C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 02f98b5c0e397ad06124d84428cf8f1a C:\Windows\syswow64\WININET.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.10 KB recvd
Scanned 446 files and modules - 49 seconds

==============================================================================

[RKinner]

Tell me some more about the proxy. Does it stay away after you change it until you restart FF or until you reboot or change back right away?

I thought I had already asked this but must have asked on the wrong thread and now they are wondering what I am talking about.

There is also a config option in FF that we should look at:
http://kb.mozillazin...ing_preferences

[ericc2728]

yes it appears that the proxy resets itself when i restart firefox. although i haven't been browsing on firefox very long since i thought hackers could be recording keystrokes, i've been able to surf successfully after changing the setting to no proxy. it's only when i close out of the browser and restart it that it goes back to proxy settings.
you don't think it's malware? maybe a bug in firefox?
i looked at that locking settings link but it's above my expertise. not sure if i understand it

[RKinner]

Open FF. (Don't change the proxy). type:

about:config
and hit Enter. You will get a stupid warning about voiding the warranty and promising to be careful. OK it and it will take you to a long list of options.

Scroll down to where it talks about network.proxy.http_port presumably this will have value: 50707 (is network.proxy.http_port in bold in your about:config - changes from the default are supposed to be in bold)

Double click on it and change it to 0.

Right above it should be:

network.proxy.ftp_port with a value of 127.0.0.1

Doubleclick on it and delete the entry.

Now go down to

network.proxy.type and change it to 0.

Now go to your home page.

Go back to about.config

Did the three values stay the same?

Close FF.

Open FF and go to about:config.

Did they change back?