Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon.gen virus, cant use windows update or turn on windows firewall


  • Please log in to reply

#1
azdaren

azdaren

    Member

  • Member
  • PipPip
  • 16 posts

After not being able to turn on windows firewall or use windows update I realized something was wrong.

 

Using malwarebytes and windows defender I know I have the Alureon.gen virus and neither program could wipe it. Below is my OTL log.

 

I have tried some recommended steps to get the firewall working through the services program in windows, however nothing has worked so far. It says Windows firewall is "started" however when I try to turn it on through control center, I get a spinning circle for 30 seconds, then nothing, cant be turned on.

 

Any help here is much appreciated.

 

 

OTL logfile created on: 5/23/2014 6:16:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents\Dropbox
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 5.42 Gb Available Physical Memory | 68.56% Memory free
15.81 Gb Paging File | 13.36 Gb Available in Paging File | 84.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 5.90 Gb Free Space | 3.96% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 581.95 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive E: | 646.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 2794.51 Gb Total Space | 1162.49 Gb Free Space | 41.60% Space Free | Partition Type: NTFS
 
Computer Name: EDWARDSPC2 | User Name: Edwards2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/23 06:15:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents\Dropbox\OTL.exe
PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/07 08:47:43 | 002,561,560 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/05/07 08:47:43 | 001,801,752 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
PRC - [2014/05/07 08:47:43 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/10/16 06:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/09/28 14:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 14:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/09/24 23:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/06 13:35:38 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/11/10 06:47:06 | 000,403,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/11/10 06:46:00 | 005,954,016 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/10/31 09:47:00 | 000,958,520 | ---- | M] (Collobos Software) -- C:\Program Files (x86)\FingerPrint\FingerPrint.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/06/23 21:10:58 | 001,882,360 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
PRC - [2009/06/23 21:08:12 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/23 06:13:27 | 000,043,008 | ---- | M] () -- c:\Users\Edwards2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps09bwb.dll
MOD - [2014/05/07 08:47:43 | 002,561,560 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/05/07 08:47:43 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll
MOD - [2014/05/05 20:53:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/05/05 20:38:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/05/05 20:38:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/05/05 20:38:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/05/05 20:38:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/05/05 20:38:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/05/05 20:38:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 18:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/16 18:41:00 | 003,775,488 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/10/16 06:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/10/11 17:57:28 | 008,295,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/10/11 17:57:28 | 001,553,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/10/11 17:57:28 | 001,188,352 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/10/11 17:57:28 | 001,132,032 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/10/11 17:57:28 | 001,062,400 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/10/11 17:57:28 | 000,920,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/10/11 17:57:28 | 000,702,464 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/10/11 17:57:28 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/10/11 17:57:28 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/10/11 17:57:28 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/10/11 17:57:28 | 000,478,720 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/10/11 17:57:28 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/10/11 17:57:28 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/10/11 17:57:28 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/10/11 17:57:28 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/10/11 17:57:28 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/10/11 17:57:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/10/11 17:57:28 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/10/11 17:57:28 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/10/11 17:57:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/10/11 17:57:28 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/10/11 17:57:28 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/09/24 23:06:14 | 001,233,389 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2012/09/24 23:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/10 23:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/10 23:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/10 23:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/10 23:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/10 23:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/10 23:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/10 23:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 19:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 19:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/10/29 12:39:02 | 000,278,016 | ---- | M] () -- C:\Program Files (x86)\FingerPrint\libcups2.dll
MOD - [2009/06/23 21:07:24 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/13 17:00:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/07 08:47:43 | 001,801,752 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/09/28 14:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/06 13:35:38 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/11/10 06:48:54 | 001,124,096 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/12/02 11:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/07 08:47:43 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/05/05 20:38:29 | 000,045,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\MpEngineStore\MpKsl5c7f28c2.sys -- (MpKsl5c7f28c2)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/24 15:55:20 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/06 13:35:38 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/06 13:35:37 | 001,285,216 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/12/06 13:35:37 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/06 13:35:36 | 000,211,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2011/12/06 13:35:36 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61)
DRV:64bit: - [2011/12/06 13:35:35 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/12/06 13:35:35 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2011/11/22 01:36:50 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011/11/12 11:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2011/09/14 17:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 17:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/01 23:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 10:58:42 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 11:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/09/20 23:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/08/27 10:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/08/10 02:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/23 06:13:18 | 000,045,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0099CCC-A779-4ABA-AF1C-640125F083F1}\MpKsla21d2a77.sys -- (MpKsla21d2a77)
DRV - [2010/09/16 20:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 65 0C F1 74 6C CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{5671048E-E426-449B-91E8-59C856A0E521}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2014-02-05 17:30:44&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/11/14 08:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/05 17:30:45 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Edwards2\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID 0913a File not found
O4 - HKCU..\Run: [CrashDumps] rundll32 "C:\Users\Edwards2\AppData\Local\Diagnostics\CrashDumps\kdfgepcf.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [CvmuPack Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CvmuPack Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKCU..\Run: [gekxttxc] regsvr32.exe /s "C:\ProgramData\gekxttxc.dat" File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [OfficeDrop] rundll32 "C:\Users\Edwards2\AppData\Local\VirtualStore\OfficeDrop\ekmdejdljh.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Edwards2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 File not found
O4 - Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{795A726B-E595-4C32-92C3-CE47DADD00AB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 14:50:34 | 000,000,000 | ---D | M] - D:\Automatically Add to iTunes -- [ NTFS ]
O32 - AutoRun File - [2011/08/12 19:12:48 | 000,921,656 | R--- | M] () - E:\AUTORUN.bmp -- [ CDFS ]
O32 - AutoRun File - [2011/08/12 19:12:48 | 000,661,352 | R--- | M] (Nuance Communications, Inc.) - E:\AUTORUN.exe -- [ CDFS ]
O32 - AutoRun File - [2011/08/12 19:12:48 | 000,000,049 | R--- | M] () - E:\AUTORUN.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/12 20:09:12 | 000,441,142 | R--- | M] () - E:\AUTORUN.ini -- [ CDFS ]
O32 - AutoRun File - [2011/01/01 14:50:34 | 000,000,000 | ---D | M] - M:\Automatically Add to iTunes -- [ NTFS ]
O33 - MountPoints2\{b38d4f6b-1eb2-11e1-b404-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b38d4f6b-1eb2-11e1-b404-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.exe -- [2011/08/12 19:12:48 | 000,661,352 | R--- | M] (Nuance Communications, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/23 06:56:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2014/05/23 06:13:29 | 000,000,000 | R--D | C] -- C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/05/23 05:48:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/05/22 21:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/05/22 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/05/20 05:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/05/20 05:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/20 05:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/05/20 05:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/20 05:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/05/19 15:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/05/19 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2014/05/19 05:22:39 | 000,000,000 | ---D | C] -- C:\Users\Edwards2\AppData\Roaming\NAPS2
[2014/05/19 05:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
[2014/05/19 05:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPS2
[2014/05/18 08:06:55 | 000,000,000 | -HSD | C] -- C:\Users\Edwards2\AppData\Local\EmieUserList
[2014/05/18 08:06:55 | 000,000,000 | -HSD | C] -- C:\Users\Edwards2\AppData\Local\EmieSiteList
[2014/05/17 17:24:36 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/07 08:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/05/05 20:38:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2014/05/05 20:32:24 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/29 15:50:37 | 000,000,000 | ---D | C] -- C:\Users\Edwards2\AppData\Roaming\DropboxMaster
[2014/04/23 19:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/23 06:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/23 06:13:14 | 2072,739,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/23 06:10:52 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 06:10:52 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 06:09:04 | 002,252,672 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/23 06:09:04 | 000,696,184 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2014/05/23 06:09:04 | 000,674,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/23 06:09:04 | 000,493,932 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2014/05/23 06:09:04 | 000,175,568 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2014/05/23 06:09:04 | 000,126,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/23 06:09:04 | 000,105,814 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2014/05/23 06:07:35 | 000,001,266 | ---- | M] () -- C:\Users\Edwards2\Desktop\Windows Update.lnk
[2014/05/23 06:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/23 05:52:18 | 000,422,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/22 21:08:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/22 20:05:16 | 000,001,078 | ---- | M] () -- C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/22 20:05:11 | 000,001,052 | ---- | M] () -- C:\Users\Edwards2\Desktop\Dropbox.lnk
[2014/05/22 09:56:58 | 162,986,305 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2014/05/22 05:40:54 | 000,000,200 | ---- | M] () -- C:\Users\Edwards2\Desktop\Repair.bat
[2014/05/21 17:34:03 | 000,558,298 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2014/05/21 06:14:45 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/05/21 06:14:45 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2014/05/20 05:50:52 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/19 05:22:27 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\NAPS2.lnk
[2014/05/17 17:18:03 | 002,221,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/07 08:47:43 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/23 06:07:35 | 000,001,266 | ---- | C] () -- C:\Users\Edwards2\Desktop\Windows Update.lnk
[2014/05/22 21:08:29 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/05/22 21:08:19 | 000,002,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/22 05:40:54 | 000,000,200 | ---- | C] () -- C:\Users\Edwards2\Desktop\Repair.bat
[2014/05/21 06:12:24 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/05/21 06:12:24 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/05/20 05:50:52 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/19 05:22:27 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\NAPS2.lnk
[2014/04/13 13:45:38 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/11/18 09:11:58 | 000,000,004 | ---- | C] () -- C:\Users\Edwards2\AppData\Roaming\skype.ini
[2013/04/27 20:56:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/03/03 19:08:45 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/03/03 19:08:30 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/12/05 13:10:10 | 000,751,078 | ---- | C] () -- C:\Users\Edwards2\AppData\Roaming\1.bmp
[2012/12/05 13:10:08 | 000,018,252 | ---- | C] () -- C:\Users\Edwards2\AppData\Roaming\sound.mp3
[2012/12/05 13:10:03 | 000,114,943 | ---- | C] () -- C:\Users\Edwards2\AppData\Roaming\1.jpg
[2012/03/27 20:32:22 | 000,004,096 | -H-- | C] () -- C:\Users\Edwards2\AppData\Local\keyfile3.drm
[2011/12/06 13:43:54 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/03 18:06:03 | 000,000,305 | -H-- | C] () -- \.iTunes Preferences.plist
[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
 
========== ZeroAccess Check ==========
 
[2013/02/17 18:08:02 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\@
[2013/02/17 18:08:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\L
[2013/02/17 18:08:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/19 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\.oit
[2011/12/06 13:41:01 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Acronis
[2013/11/04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\AVG2012
[2011/12/04 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Canon
[2013/11/04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Digiarty
[2014/04/13 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\DriverCure
[2014/05/23 06:31:44 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Dropbox
[2014/05/23 06:13:29 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\DropboxMaster
[2014/05/10 16:03:13 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\HandBrake
[2011/12/04 12:20:19 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Leadertech
[2013/11/04 14:47:49 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\MyPublisher
[2014/05/19 05:27:28 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\NAPS2
[2013/11/04 14:47:49 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Nuance
[2014/04/13 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\ParetoLogic
[2013/11/04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Search Protection
[2013/11/04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Smilebox
[2014/05/19 21:56:31 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\uTorrent
[2014/05/18 07:32:38 | 000,000,000 | ---D | M] -- C:\Users\Edwards2\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:FD9CE1F3

< End of report >

 


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

:welcome:

 

  •  
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
 

 

:OTL
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) -  File not found
 
:files
C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535
C:\Windows\assembly\Desktop.ini
 
:Commands

[EMPTYTEMP]
[RESETHOSTS]
[EMPTYJAVA]
[REBOOT]

 

 
  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.
 
 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 

Download : ADWCleaner to your desktop.
 
NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs and click on the AdwCleaner icon.
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
 
 

 


  • 0

#3
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks for your help!

 

 

OTL Report

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\SysWOW64\MPK\mpk.exe deleted successfully.
========== FILES ==========
C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\U folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\L folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535 folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Edwards2
->Temp folder emptied: 3520877801 bytes
->Temporary Internet Files folder emptied: 1453707866 bytes
->Java cache emptied: 175247 bytes
->Flash cache emptied: 672 bytes
 
User: Public
 
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2843 bytes
 
User: test.EdwardsPC2
->Temp folder emptied: 1295693 bytes
->Temporary Internet Files folder emptied: 6107841 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57287 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2747491 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3037951540 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321176 bytes
RecycleBin emptied: 45674665003 bytes
 
Total Files Cleaned = 51,250.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Edwards2
->Java cache emptied: 0 bytes
 
User: Public
 
User: test
 
User: test.EdwardsPC2
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05232014_123841

Files\Folders moved on Reboot...
C:\Users\Edwards2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Edwards2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{6F1BDEE8-6706-4284-BB85-5758DF7E13DD}.tmp moved successfully.
File\Folder C:\Users\Edwards2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13E2FFC5-C220-4E59-88A1-5AEACF448A91}.tmp not found!
File\Folder C:\Users\Edwards2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CAA94348-FB5B-43B2-8DA4-DD2E41876C56}.tmp not found!
C:\Users\Edwards2\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

JRT Report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Edwards2 on Fri 05/23/2014 at 12:59:58.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

~~~ Files

Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Edwards2\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Edwards2\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/23/2014 at 13:03:52.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

I could not get the AdwCleaner to run, it just kept telling me there is a similar program running, I had everything shut down.

 

 

 

 

FARBAR REPORTS

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by Edwards2 (administrator) on EDWARDSPC2 on 23-05-2014 13:17:25
Running from D:\Documents\Dropbox\VIRUS
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2014
Ran by Edwards2 at 2014-05-23 13:16:37
Running from D:\Documents\Dropbox\VIRUS
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Acronis True Image Home 2012 (HKLM-x32\...\{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible) (Version: 15.0.6131 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.6131 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.3722 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\BrowserSafeguard) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
Canon MF4360-4390 (HKLM\...\{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}) (Version:  - )
Disk Unlocker (HKLM-x32\...\{E9275D69-7DEC-430B-BA1B-F74DFF9B0B43}) (Version: 2.0.6 - ASUS)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.1.0.688 - Sanford, L.P.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FingerPrint 1.1.0.169 (HKLM-x32\...\{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1) (Version: 1.1.0.169 - Collobos Software)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
MetaX for Windows (HKLM-x32\...\{76D8175C-E1C0-40B8-8FE8-8F3C34FDB872}) (Version: 2.19 - No Bull Software)
MetaX for Windows (HKLM-x32\...\{CA29AAB9-6C08-4ADE-8BFF-7F8D64568C9D}) (Version: 2.20 - No Bull Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11300.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12900.2.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.16800.7.15 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.11200.16.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.11400.18.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.12300.23.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11400.15.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14800.28.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.12600.30.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1  - NETGEAR Inc.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.1.17 - Intuit)
Quicken Rental Property Manager (HKLM-x32\...\InstallShield_{5F2A8319-D8C7-4603-BB03-2B90794861B6}) (Version: 1.0 - Intuit)
Quicken Rental Property Manager (x32 Version: 1.0 - Intuit) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smilebox (HKCU\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 waziper (x32 Version: 011.000.1822 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 waziper (x32 Version: 012.000.1264 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 waziper (x32 Version: 013.000.1313 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Ultra Video Joiner 5.2.0609 (HKLM-x32\...\Ultra Video Joiner_is1) (Version:  - Aone Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX DVD Ripper 5.5.3 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
WinX DVD Ripper Platinum 6.8.1 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)

==================== Restore Points  =========================

23-05-2014 14:31:23 Scheduled Checkpoint
23-05-2014 19:58:11 Removed Microsoft Visual C++ 2005 Redistributable (x64)
23-05-2014 19:59:15 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
23-05-2014 19:59:31 Removed Microsoft Visual C++ 2005 Redistributable
23-05-2014 19:59:42 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-05-23 12:42 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {28333E8E-5B64-44CD-A164-F9617004EF4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {336C8E60-2341-4397-BCD7-41A9F621615B} - System32\Tasks\{B93FD8BE-69C4-4165-83CB-A2C5E6AE69EC} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {39ACE44D-F2C7-467A-B106-03C5E7D84BF1} - System32\Tasks\{7702328A-126E-41C9-8F05-E43B6460ECA2} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {7C95ED18-33F4-4D28-9CF2-74CFA6C9AF6A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {86D46F56-BF61-49BA-8728-1C0CEC82CB4D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {92890730-F2B6-4799-9AB3-9FB1E62E327B} - System32\Tasks\{1D5E2084-3233-4E5B-A30E-DF94F9723860} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {9E57CDAE-D3C8-4574-8C0E-1FE9EE72E572} - System32\Tasks\{096EDA67-0FE0-4953-9E5E-8B71DAE62281} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {A8B55957-F532-47FD-B511-E4453B0A906D} - System32\Tasks\{7A6DC94D-90E2-47DD-99B3-7059F319E435} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {BDB752F4-7480-46FE-B399-6707FBA81153} - System32\Tasks\{ED3536B7-C0ED-44E4-A3B4-50D421897871} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: {EFBF57F5-F1D1-4774-9ADF-540192FB9E92} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-24] () <==== ATTENTION
Task: {F560A03E-EC81-402F-9766-CA0D99362FBB} - System32\Tasks\{09861077-5A6A-42FB-BB46-D3E02569F2BB} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-12-03 11:34 - 2011-05-23 02:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-04-25 01:13 - 2014-04-25 01:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2014-05-23 12:54 - 2014-05-23 12:54 - 00706560 _____ () C:\Program Files\003\vxlsnyaiet64.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-10 06:16 - 2011-11-10 06:16 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2009-06-23 21:07 - 2009-06-23 21:07 - 00090112 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-23 12:45 - 2014-05-23 12:45 - 00043008 _____ () c:\users\edwards2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdrtww3.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\libcef.dll
2011-12-14 08:00 - 2011-10-29 12:39 - 00278016 _____ () C:\Program Files (x86)\FingerPrint\libcups2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/30/2013 07:12:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1276 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/15/2013 09:48:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 91 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 07:19:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2910 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2011 07:53:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2669 seconds with 180 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8096.96 MB
Available physical RAM: 5564.89 MB
Total Pagefile: 16192.1 MB
Available Pagefile: 13275.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Intel 160GB SSD Windows 7) (Fixed) (Total:148.95 GB) (Free:11.87 GB) NTFS
Drive d: (Seagate 3TB Media) (Fixed) (Total:2794.39 GB) (Free:624.46 GB) NTFS
Drive e: (PP14PRO) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive m: (FreeAgent GoFlex Drive) (Fixed) (Total:2794.51 GB) (Free:1162.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 77872333)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2795 GB) (Disk ID: D9416F89)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End Of Log ============================

 

 

 

 

 

Users shortcut scan result (x64) Version: 23-05-2014
Ran by Edwards2 at 2014-05-23 13:17:37
Running from D:\Documents\Dropbox\VIRUS
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk -> C:\Windows\Installer\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}\APUtil.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaX.lnk -> C:\Windows\Installer\{76D8175C-E1C0-40B8-8FE8-8F3C34FDB872}\_B47EEF2F65BEE753BDE1E7.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\Help.lnk -> C:\Program Files (x86)\Ultra Video Joiner\Help.CHM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\Readme.lnk -> C:\Program Files (x86)\Ultra Video Joiner\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\Ultra Video Joiner Homepage.lnk -> C:\Program Files (x86)\Ultra Video Joiner\Ultra Video Joiner.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\Ultra Video Joiner.lnk -> C:\Program Files (x86)\Ultra Video Joiner\Ultra Video Joiner.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\Uninstall Ultra Video Joiner.lnk -> C:\Program Files (x86)\Ultra Video Joiner\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner\What's New.lnk -> C:\Program Files (x86)\Ultra Video Joiner\New.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013\TurboTax 2013.lnk -> C:\Windows\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012\TurboTax 2012.lnk -> C:\Windows\Installer\{F014B696-28C5-4554-802F-A15380418F53}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011\TurboTax 2011.lnk -> C:\Windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Rental Property Manager\Quicken Rental Property Manager.lnk -> C:\Program Files (x86)\Quicken Rental Property Manager\QRental.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Quicken 2014.lnk -> C:\Program Files (x86)\Quicken\qw.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Quicken Online Backup.lnk -> C:\Program Files (x86)\Quicken\QuickenOLBackupLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero ControlCenter.lnk -> C:\Windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero CoverDesigner.lnk -> C:\Windows\Installer\{FCF00A6E-FB58-477A-ABE9-232907105521}\NeroCoverDesigner_EF89736D5D4B4006B5966729E642699E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero DiscSpeed.lnk -> C:\Windows\Installer\{34490F4E-48D0-492E-8249-B48BECF0537C}\NeroDiscSpeed.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Express.lnk -> C:\Windows\Installer\{70550193-1C22-445C-8FA4-564E155DB1A7}\NeroExpress.exe_81A8FD91A6494AD5B4998149EAAC7E7C.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero InfoTool.lnk -> C:\Windows\Installer\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}\NeroInfoTool.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero MediaHub.lnk -> C:\Windows\Installer\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}\NeroMediaHub._63C8A7B0BBE5459F9AC436392B2FF50D.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero StartSmart.lnk -> C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Portuguese (Brazil).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_pt-BR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero StartSmart\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroStartSmart_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero MediaHub\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroMediaHub_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero InfoTool\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroInfoTool_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Portuguese (Brazil).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_pt-BR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero Express\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroExpress_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero DiscSpeed\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroDiscSpeed_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero CoverDesigner\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroCoverDesigner_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Portuguese (Brazil).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_pt-BR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero ControlCenter\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Online Help\Nero BurnRights\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2\NAPS2.lnk -> C:\Program Files (x86)\NAPS2\NAPS2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logitech Unifying Software.lnk -> C:\Program Files\Common Files\logishrd\Unifying\DJCUHost.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\uninst.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk -> C:\Program Files (x86)\Handbrake\Handbrake.exe (HandBrake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Uninstall.lnk -> C:\Program Files (x86)\Handbrake\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FingerPrint\FingerPrint.lnk -> C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO Productivity Software\DYMO Label v.8.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO Productivity Software\DYMO QuickPrint.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper Platinum\Uninstall WinX DVD Ripper Platinum.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper Platinum\WinX DVD Ripper Platinum.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum\WinX_DVD_Ripper_Platinum.exe (Digiarty Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper\Uninstall WinX DVD Ripper.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper\WinX DVD Ripper.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper\WinX_DVD_Ripper.exe (Digiarty Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon\MF4360-4390\Fax Readme.lnk -> C:\Program Files\Canon\CanonMF\MF4360\Readme_Fax.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon\MF4360-4390\ScanGear Readme.lnk -> C:\Program Files\Canon\CanonMF\MF4360\Readme_SG.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon\MF4360-4390\UFRII LT Readme.lnk -> C:\Program Files\Canon\CanonMF\MF4360\Readme_UFRIILT.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon\MF4360-4390\Uninstall Drivers.lnk -> H:\Windows\System32\CanonMF Uninstaller Information\{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}\misc\DelDrv.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Bluetooth Devices.lnk -> C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\Uninstall Belkin USB Wireless Adapter Driver.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{549CE1BD-88E4-4C5E-BF75-B155624714CC}\setup.exe (Belkin                                                       )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\User Manual.lnk -> C:\Program Files (x86)\Belkin\F9L1002\v1\UserManual.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk -> C:\Program Files (x86)\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Disk Unlocker\Disk Unlocker.lnk -> C:\Windows\Installer\{E9275D69-7DEC-430B-BA1B-F74DFF9B0B43}\_695CD127CF6002633EF635.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Acronis True Image Home.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe (Acronis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Bootable Rescue Media Builder.lnk -> C:\Program Files (x86)\Common Files\Acronis\MediaBuilderHome\MediaBuilder.exe (Acronis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\Links\Desktop.lnk -> C:\Users\Edwards2\Desktop ()
Shortcut: C:\Users\Edwards2\Links\Downloads.lnk -> C:\Users\Edwards2\Downloads ()
Shortcut: C:\Users\Edwards2\Links\Dropbox.lnk -> D:\Documents\Dropbox ()
Shortcut: C:\Users\Edwards2\Downloads\redsn0w_win_0.9.6rc8 (2)\redsn0w_win_0.9.6rc8\boot-ipt4g.lnk -> C:\redsn0w.exe (No File)
Shortcut: C:\Users\Edwards2\Desktop\Handbrake.lnk -> C:\Program Files (x86)\Handbrake\Handbrake.exe (HandBrake)
Shortcut: C:\Users\Edwards2\Desktop\MetaX.lnk -> C:\Users\Edwards2\AppData\Roaming\Microsoft\Installer\{CA29AAB9-6C08-4ADE-8BFF-7F8D64568C9D}\_C8A4F44ED70B9962FDB98F.exe ()
Shortcut: C:\Users\Edwards2\Desktop\MyPublisher.lnk -> C:\Program Files (x86)\MyPublisher\MyPublisher\MyPublisher40.exe ()
Shortcut: C:\Users\Edwards2\Desktop\Smilebox.lnk -> C:\Users\Edwards2\AppData\Roaming\Smilebox\SmileboxStarter.exe (Smilebox, Inc.)
Shortcut: C:\Users\Edwards2\Desktop\µTorrent.lnk -> C:\Users\Edwards2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\G18B1EF1F_C542_4155_108D_7E19CE385452.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-124.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\G5AC834C5_F4B9_4F8A_9892_3CB2539E2C56.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-68.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\G5E8AE437_30E1_45A3_02A1_1D4975555834.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-45.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\G966BE57D_251F_4214_EDB8_F723C0BCC88F.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-47.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\GB81F463F_AB5D_496B_9A96_BB3BA454DF7E.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-5.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\GCB78BAC8_8F4A_42F8_CE87_38EC0A4ADE72.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-46.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\MyPublisher\MyPublisher\G00C1DD7F_881E_4232_ADB8_DA794012BDA8\GFD9AF30D_0B6E_4FC3_4F9D_9089B01720A1.lnk -> D:\Pictures\My Pictures\lindsay\Lindsey 7.22.12-127.jpg (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Edwards2\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaX.lnk -> C:\Users\Edwards2\AppData\Roaming\Microsoft\Installer\{CA29AAB9-6C08-4ADE-8BFF-7F8D64568C9D}\_A39F12648404D1165CE9DC.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk -> C:\Program Files (x86)\MyPublisher\MyPublisher\MyPublisher40.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk -> C:\Users\Edwards2\AppData\Roaming\Smilebox\SmileboxStarter.exe (Smilebox, Inc.)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk -> C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell\91xx driver\UnInstall.lnk -> C:\Program Files (x86)\Marvell\mv91xx\uninst-91xx.exe (Marvell)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Free by REFOG\ Keylogger Free by REFOG on the Web.lnk -> C:\Windows\SysWOW64\MPK\MPKView.exe (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Free by REFOG\Get discount!.lnk -> C:\Windows\SysWOW64\MPK\MPKView.exe (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Free by REFOG\Keylogger Free by REFOG.lnk -> C:\Windows\SysWOW64\MPK\MPK.exe (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Free by REFOG\Order now!.lnk -> C:\Windows\SysWOW64\MPK\MPKView.exe (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Uninstall.exe (No File)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk -> C:\Users\Edwards2\AppData\Roaming\Smilebox\SmileboxStarter.exe (Smilebox, Inc.)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper Platinum.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum\WinX_DVD_Ripper_Platinum.exe (Digiarty Software, Inc.)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe (Acronis)
Shortcut: C:\Users\Public\Desktop\AVG 2012.lnk -> C:\Program Files (x86)\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
Shortcut: C:\Users\Public\Desktop\Disk Unlocker.lnk -> C:\Program Files (x86)\ASUS\Disk Unlocker\Disk Unlocker.exe (ASUSTeK Computer Inc.)
Shortcut: C:\Users\Public\Desktop\DYMO Label v.8.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.)
Shortcut: C:\Users\Public\Desktop\FingerPrint.lnk -> C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\Users\Public\Desktop\NAPS2.lnk -> C:\Program Files (x86)\NAPS2\NAPS2.exe ()
Shortcut: C:\Users\Public\Desktop\Nero StartSmart 10.lnk -> C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe (Acresso Software Inc.)
Shortcut: C:\Users\Public\Desktop\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
Shortcut: C:\Users\Public\Desktop\Quicken Rental Property Manager 2014.lnk -> C:\Program Files (x86)\Quicken\qw.exe ()
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\TurboTax 2012.lnk -> C:\Windows\Installer\{F014B696-28C5-4554-802F-A15380418F53}\TurboTax.exe (Intuit)
Shortcut: C:\Users\Public\Desktop\TurboTax 2013.lnk -> C:\Windows\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\Users\Public\Desktop\Ultra Video Joiner.lnk -> C:\Program Files (x86)\Ultra Video Joiner\Ultra Video Joiner.exe ()
Shortcut: C:\Users\Public\Desktop\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk -> C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum\WinX_DVD_Ripper_Platinum.exe (Digiarty Software, Inc.)
Shortcut: C:\Users\test.EdwardsPC2\Links\Desktop.lnk -> C:\Users\Edwards2\Desktop ()
Shortcut: C:\Users\test.EdwardsPC2\Links\Downloads.lnk -> C:\Users\Edwards2\Downloads ()
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Rental Property Manager\Uninstall Quicken Rental Property Manager.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe (InstallShield Software Corporation) -> /M{5F2A8319-D8C7-4603-BB03-2B90794861B6} anything /z"remove"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk -> C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Harmony Remote\Logitech Harmony Remote Software 7.lnk -> C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe () -> /launchbrowser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Uninstall Bluetooth Suite.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {230D1595-57DA-4933-8C4E-375797EBB7E1}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Disk Unlocker\Uninstall.lnk -> C:\Windows\Installer\{E9275D69-7DEC-430B-BA1B-F74DFF9B0B43}\_D56300B98B4C89F9A57E30.exe () -> /i {E9275D69-7DEC-430B-BA1B-F74DFF9B0B43} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Check for updates.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe (Acronis) -> /check_updates
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Clone Disk.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /clone_disk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Convert Acronis backup.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /convert_tib_to_vhd
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Convert Windows backup.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /convert_vhd_to_tib
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\File Shredder.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /file_shredder
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Mount Image.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /mount_image
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\System Clean-up.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /system_cleanup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Tools and Utilities\Try&Decide.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis) -> /tnd_tool
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Edwards2\Desktop\Dropbox.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Edwards2\Desktop\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Show Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Edwards2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %systemRoot%\system32\shell32.dll,Options_RunDLL 1
ShortcutWithArgument: C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk -> C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe () -> /launchbrowser
ShortcutWithArgument: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\test.EdwardsPC2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url -> hxxp://www.revouninstallerpro.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper Platinum\WinX DVD Ripper Platinum on the Web.url -> hxxp://www.winxdvd.com/dvd-ripper-platinum/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty\WinX DVD Ripper\WinX DVD Ripper on the Web.url -> hxxp://www.winxdvd.com/dvd-ripper/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\Acronis Web Site.url -> hxxp://www.acronis.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\User's guide.url -> hxxp://download.acronis.com/pdf/ATIH2012_userguide_en-US.pdf
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\RPM\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Premier\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Hab\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Deluxe\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\Users\Edwards2\Favorites\Aloha Insight - Login.url -> hxxp://wildflowerbreadcompany.alohaenterprise.com:8080/login.do
InternetURL: C:\Users\Edwards2\Favorites\Ask FactCheck  FactCheck.org.url -> hxxp://factcheck.org/ask-factcheck/page/22/
InternetURL: C:\Users\Edwards2\Favorites\Beal Benefits.url -> https://www.bealonline.com/
InternetURL: C:\Users\Edwards2\Favorites\BenchCrafted.com - Home of the MAG-BLOK.url -> hxxp://benchcrafted.com/ordering.htm
InternetURL: C:\Users\Edwards2\Favorites\eBay Fee Calculator by Ryan Olbe.url -> hxxp://www.rolbe.com/ebay.htm
InternetURL: C:\Users\Edwards2\Favorites\Excel functions (by category) - Excel - Office.com.url -> hxxp://office.microsoft.com/en-us/excel-help/excel-functions-by-category-HP005204211.aspx
InternetURL: C:\Users\Edwards2\Favorites\Excel Functions and Formulas How to Unprotect an excel sheet without password.url -> hxxp://excel-formula.blogspot.com/2011/11/how-to-unprotect-excel-sheet-without.html
InternetURL: C:\Users\Edwards2\Favorites\Giveaway of the Day.url -> hxxp://www.giveawayoftheday.com/
InternetURL: C:\Users\Edwards2\Favorites\GOES - Global Online Enrollment System.url -> https://goes-app.cbp....gov/pkmslogout
InternetURL: C:\Users\Edwards2\Favorites\K&J Magnetics - Products.url -> hxxp://www.kjmagnetics.com/proddetail.asp?prod=MMR-A-ZX8
InternetURL: C:\Users\Edwards2\Favorites\Manual uninstall instructions for PaperPort 14.url -> hxxp://nuance.custhelp.com/app/answers/detail/a_id/6328
InternetURL: C:\Users\Edwards2\Favorites\NETGEAR Router R6300.url -> hxxp://www.routerlogin.net/start.htm
InternetURL: C:\Users\Edwards2\Favorites\Official Sony HX820 Owner's Thread (46HX820, 55HX820) - Page 5 - AVS Forum.url -> hxxp://www.avsforum.com/avs-vb/showthread.php?t=1345864&page=5
InternetURL: C:\Users\Edwards2\Favorites\Outlook Tips, Tricks and Secrets - About Email.url -> hxxp://email.about.com/od/outlooktips/Outlook_Tips_Tricks_and_Secrets.htm
InternetURL: C:\Users\Edwards2\Favorites\Power Management for Network Devices in Windows 7.url -> hxxp://technet.microsoft.com/en-us/library/ee617165(v=ws.10).aspx
InternetURL: C:\Users\Edwards2\Favorites\RC Forums How to take apart an 890 Pro, 890 or 880.url -> hxxp://www.remotecentral.com/cgi-bin/mboard/rc-harmony/thread.cgi?7392
InternetURL: C:\Users\Edwards2\Favorites\rc How to take apart an 890 Pro, 890 or 880.url -> hxxp://www.remotecentral.com/cgi-bin/mboard/rc-harmony/thread.cgi?7392
InternetURL: C:\Users\Edwards2\Favorites\ServSafe® Food Handler, Manager and Responsible Alcohol Training - ServSafe®.url -> hxxp://www.servsafe.com/home
InternetURL: C:\Users\Edwards2\Favorites\SignIn.url -> https://login2.peopl...11-15T14:19:21Z
InternetURL: C:\Users\Edwards2\Favorites\SIRIUS Satellite Radio - Subscriber Home Page.url -> https://home.sirius....asswordsetup.do
InternetURL: C:\Users\Edwards2\Favorites\Subtraction within 10.url -> hxxp://more.starfall.com/m/math/subtraction-content/load.htm?f&n=bowling&y=1
InternetURL: C:\Users\Edwards2\Favorites\UPC Coupon Code - How to Read a UPC Coupon Code.url -> hxxp://couponing.about.com/od/groceryzone/ss/couponcodeupc.htm
InternetURL: C:\Users\Edwards2\Favorites\USCIS Home Page.url -> hxxp://www.uscis.gov/portal/site/uscis
InternetURL: C:\Users\Edwards2\Favorites\YouTube - Making Cannoli (part 2).url -> hxxp://www.youtube.com/watch?v=veOD5hTi0D8
InternetURL: C:\Users\Edwards2\Favorites\Work\Beal Benefits.url -> https://www.bealonline.com/
InternetURL: C:\Users\Edwards2\Favorites\Work\Microsoft Exchange - Outlook Web Access.url -> https://owa.fullergr...ergroup.ca/owa/
InternetURL: C:\Users\Edwards2\Favorites\Work\myCigna - Log Out.url -> https://my.cigna.com/web/public/logout
InternetURL: C:\Users\Edwards2\Favorites\Work\MyGreatWest.com  Great-West Healthcare Member Site.url -> https://www.mygreatw...om/default.aspx
InternetURL: C:\Users\Edwards2\Favorites\Work\Point Financials login.url -> hxxp://www.pointfinancials.net/login.php
InternetURL: C:\Users\Edwards2\Favorites\Work\Sign in.url -> hxxp://sensusresearch.shopmetrics.com/login.asp
InternetURL: C:\Users\Edwards2\Favorites\Work\SMARTweb Order Entry.url -> hxxp://smartwebaz.shamrockfoods.com/
InternetURL: C:\Users\Edwards2\Favorites\Work\TAG UP by Rischard Marketing.url -> hxxp://www.tag-up.com/contact.htm
InternetURL: C:\Users\Edwards2\Favorites\Travel\Air Canada - Welcome!.url -> hxxp://www.aircanada.ca/e-home.html
InternetURL: C:\Users\Edwards2\Favorites\Travel\Alaska Airlines - Horizon Air.url -> hxxp://www.alaskaair.com/
InternetURL: C:\Users\Edwards2\Favorites\Travel\America West Home Page.url -> hxxp://www.americawest.com/default.asp
InternetURL: C:\Users\Edwards2\Favorites\Travel\Continental Airlines - Airline Tickets, Vacations Packages, Travel Deals, and Company Information on continental.com.url -> hxxp://www.continental.com/
InternetURL: C:\Users\Edwards2\Favorites\Travel\Itinerary and Price.url -> hxxp://dps1.travelocity.com/aircdisp.ctl?previous_page=aircdisp&mixed_gt=N&tkt_status=N&seg_for_sell=1%26YEG%26Edmonton,%20Canada%2620030813%261450%26AC%26Air%20Canada%264652%26L%260%26Canadair%20Regional%20Jet%26DEN%26Denver,%20CO%261735%2620030813%26Wednesday%26UA%26United%20Airlines%26CRJ%26Y|1%26DEN%26Denver,%20CO%2620030813%262010%26AC%26Air%20Canada%265545%26L%260%26Boeing%20737%20Jet%26PHX%26Phoenix,%20AZ%262055%2620030813%26Wednesday%26UA%26United%20Airlines%26737%26Y&sell_flight=Y&rotrp_flag=Y&opt_num=2&cat22_ind=&SEQ=105872509897977607202003&LANG=EN&last_pgd_page=aircdisp.pgd
InternetURL: C:\Users\Edwards2\Favorites\Travel\Southwest Airlines.url -> hxxp://www.southwest.com/
InternetURL: C:\Users\Edwards2\Favorites\Travel\usairways.com - dividend miles - program info - e-mail programs.url -> hxxp://www.usairways.com/dividendmiles/login.htm
InternetURL: C:\Users\Edwards2\Favorites\Travel\usairways.com.url -> hxxp://www.usairways.com/
InternetURL: C:\Users\Edwards2\Favorites\Travel\WestJet - Low Fare, Affordable Air Travel Throughout Canada..url -> hxxp://c2dsp.westjet.com/internet/sky/
InternetURL: C:\Users\Edwards2\Favorites\Travel\WestJet.com - fly the low-fare leader.url -> hxxp://www.westjet.com/
InternetURL: C:\Users\Edwards2\Favorites\SpywareFixes\ATTN [email protected], SpyAxe, SpyFalcon, SpywareQuake etc.  freedomlist.com.url -> hxxp://www.freedomlist.com/forum/viewtopic.php?t=23589
InternetURL: C:\Users\Edwards2\Favorites\SpywareFixes\Cyber Tech Help Support Forums - Help with Hijacked home page and popups etc.url -> hxxp://www.cybertechhelp.com/forums/showthread.php?p=382162#post382162
InternetURL: C:\Users\Edwards2\Favorites\SpywareFixes\Cyber Tech Help Support Forums - Please read before posting Hijack This logs..url -> hxxp://www.cybertechhelp.com/forums/showthread.php?t=37546
InternetURL: C:\Users\Edwards2\Favorites\SpywareFixes\Solved Please help! Hijack and 180 assistant issues - Tech Support Guy.url -> hxxp://forums.techguy.org/t359397.html
InternetURL: C:\Users\Edwards2\Favorites\Shopping\All Gift Cards  Staples®.url -> hxxp://www.staples.com/All-Gift-Cards-Gift-Cards/cat_CL166326
InternetURL: C:\Users\Edwards2\Favorites\Shopping\AnandTech -- Hot Deals.url -> hxxp://forums.anandtech.com/categories.aspx?catid=40&entercat=y
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Audio Adapters, Connectors, Quater Inch Plugs at Audioadapter.com.url -> hxxp://www.audiogear.com/Audio-Adapters-Phone-Plug.html
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Bush Corsa Collection.url -> hxxp://www.bush-furniture-online.com/index.php?&cn=Corsa Collection&userOrderBy=priceDesc
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Croft & Barrow Broadcloth Dress Shirt.url -> hxxp://www.kohls.com/kohlsStore/mens/dressshirts/pointcollar/PRD~34368/Croft++Barrow+Broadcloth+Dress+Shirt+.jsp
InternetURL: C:\Users\Edwards2\Favorites\Shopping\DORCO - Disposable Razors, Shaving Systems, Shavers, 6 Blade, Blades, Cartridges, Cartridge, Mens, Womens.url -> hxxp://www.dorcousa.com/
InternetURL: C:\Users\Edwards2\Favorites\Shopping\eBay Store - Antique white Bookshelfs Media storage, Bookcases.url -> hxxp://stores.ebay.com/Intermountain-Wholesalers_Bookshelfs_W0QQfsubZ9
InternetURL: C:\Users\Edwards2\Favorites\Shopping\FatWallet Forums - Hot Deals.url -> hxxp://www.fatwallet.com/forums/hot-deals?&ffv=0
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Gift Cards, Online Gift Certificates, and E Gift Cards  GiftCardMall.com.url -> https://www.giftcard...m/Activate.aspx
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Hot Deals - Slickdeals.net.url -> hxxp://slickdeals.net/forums/forumdisplay.php?f=9
InternetURL: C:\Users\Edwards2\Favorites\Shopping\MaxPerks  Home.url -> https://www.officema....com/Index.aspx
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Monoprice.com - CheckOut Final.url -> https://www.monopric...&user_id=952551
InternetURL: C:\Users\Edwards2\Favorites\Shopping\My Visa Gift Card  Login.url -> https://mygift.giftcardmall.com/Home/
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Office Supplies, Furniture, Copy Paper, Computers and Electronics.url -> hxxp://www.officemax.com/omax/?cm_mmc=Google-_-GS+Brand-_-GS+Brand+Exact-_-officemax&gclid=CKLKrOe5g5gCFQsMGgodIzdoBw
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Sign In.url -> hxxp://signin.ebay.com/ws2/eBayISAPI.dll?SignIn
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Staples coupons.url -> hxxp://www.staples-coupons.com/
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Staplesrewardscenter.com®.url -> https://www.staplesr...ogin/Login.aspx
InternetURL: C:\Users\Edwards2\Favorites\Shopping\Staples®- Office Supplies, Electronics, Furniture, Ink, Toner, Copy Paper.url -> hxxp://www.staples.com/office/supplies/home?storeId=10001&langId=-1&cm_mmc=online_google-_-adwords-_-staples_brand-_-staples
InternetURL: C:\Users\Edwards2\Favorites\Pool\- AutoPilot Salt Chlorine Generators.url -> hxxp://www.autopilot.com/
InternetURL: C:\Users\Edwards2\Favorites\Pool\8500N - EBM PAPST FAN 80MM SQ X 38MM 115VAC 36CFM 11W SLEEVE BEARING 3200RPM 34db CLOCKWISE ROTATION, WIRE LEADS.url -> hxxp://www.galco.com/scripts/cgiip.exe/WA/WCat/itemdtl.r?listtype=Catalog&pnum=8500N-EBM
InternetURL: C:\Users\Edwards2\Favorites\Pool\American Products Quantum RPM Replacement Parts, Cartridge Filter Parts.url -> hxxp://www.poolsinc.com/pd_ca8.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\BulbConnection.com - $25.22 H111 Replacement Lamp.url -> hxxp://www.bulbconnection.com/ViewItem/bcrw/itmid/2288/oc/H111/brand/GE/source/nexttag/item.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\Control X10 Modules using an iPhone - Hacked Gadgets - DIY Tech Blog.url -> hxxp://hackedgadgets.com/2009/04/06/control-x10-modules-using-an-iphone/
InternetURL: C:\Users\Edwards2\Favorites\Pool\Custom Brush Manufacturer Cosmetic, Industrial & Food Service Brushes.url -> hxxp://www.brush.com/cgi-bin/Brush.storefront/446f43141839cf642740d8968d6406f8/Home
InternetURL: C:\Users\Edwards2\Favorites\Pool\Home  Plastic Tanks  Plastic Buckets  Plastic Bottles  Labware  Plastic Tubing  PVC Pipe  U.S. Plastic Corp..url -> hxxp://www.usplastic.com/
InternetURL: C:\Users\Edwards2\Favorites\Pool\http--www.cooltimesinc.com-index.html.url -> hxxp://www.cooltimesinc.com/index.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\http--www.letsautomate.com-cgi-bin-PNSrch.cfm.url -> hxxp://www.letsautomate.com/cgi-bin/PNSrch.cfm?
InternetURL: C:\Users\Edwards2\Favorites\Pool\Leslie's Swimming Pool Supplies.url -> hxxp://www.lesliespool.com/Custom1/43_Anniversary/43_coupon_0409.htm
InternetURL: C:\Users\Edwards2\Favorites\Pool\Marko @ X10 - A web producer blog Disabling the local control feature.url -> hxxp://www.x10community.com/marko/2006/06/disabling_the_local_control_fe.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\OUTSIDE LIGHTING.url -> hxxp://phoenix.craigslist.org/nph/hsh/1122242667.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\Patriot Supply - FIBERSTARS Products.url -> hxxp://www.patriot-supply.com/products/manufacturer_detail.cfm?manu_id=252
InternetURL: C:\Users\Edwards2\Favorites\Pool\Pentair Quantum RPM Cartridge Filter Parts.url -> hxxp://www.epoolshop.com/pentairquantumrpmcartridgefilterparts.aspx
InternetURL: C:\Users\Edwards2\Favorites\Pool\Pool Genius  Fun Web Stuff For The Pool!.url -> hxxp://www.poolgenius.com/scripts/fun_stuff.asp
InternetURL: C:\Users\Edwards2\Favorites\Pool\Pool Genius  Welcome To The Smartest Place For Your Swimming Pool.url -> hxxp://www.poolgenius.com/Scripts/prodView.asp?idproduct=406
InternetURL: C:\Users\Edwards2\Favorites\Pool\pool parts, spa parts, pool parts online, spa parts online from Pool Parts Store.url -> https://www.poolpart...x?ProductID=740
InternetURL: C:\Users\Edwards2\Favorites\Pool\PoolFilters.Biz.url -> hxxp://poolfilters.biz/products.php
InternetURL: C:\Users\Edwards2\Favorites\Pool\Purchase Approved - Spa-Daddy.com.url -> https://spa-daddy.se...e=Daren Edwards
InternetURL: C:\Users\Edwards2\Favorites\Pool\Shopping Cart - Aqua-Man Aquatic Service.url -> https://www.aqua-man.../Cart/cart.aspx
InternetURL: C:\Users\Edwards2\Favorites\Pool\Store Checkout (324.00).url -> https://www.poolsupp...t_checkout.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\Superstition Waterblasting Service LLC.url -> hxxp://www.superstitionwater.com/contact.php
InternetURL: C:\Users\Edwards2\Favorites\Pool\X-10 Device Hints and Kinks.url -> hxxp://www.shed.com/x10stuff.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\X-10 Pro PA011 15A Single Control Outlet.url -> hxxp://www.iautomate.com/pao11.html
InternetURL: C:\Users\Edwards2\Favorites\Pool\X10 Interface Cable for Pool Timer - Smarthome.url -> hxxp://www.smarthome.com/82402C/X10-Interface-Cable-for-Pool-Timer/p.aspx
InternetURL: C:\Users\Edwards2\Favorites\Pool\Your premier pool cleaner for swimming pool drains, and a green swimming pool..url -> hxxp://www.arizonapooldrain.com/
InternetURL: C:\Users\Edwards2\Favorites\Pool\[How-To] Install an X-10 (Outdoor) Outlet - Home Automation Forum , Home Security and Home Theaters.url -> hxxp://www.cocoontech.com/forums/index.php?showtopic=1941
InternetURL: C:\Users\Edwards2\Favorites\Pool\~C & C POOL TILE CLEANING~ - Before and After Pictures.url -> hxxp://candcpooltilecleaning.com/BeforeandAfterPictures.html
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Edwards2\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Edwards2\Favorites\Misc\80s music shirts and classic music shirts by Junk Food and more.url -> hxxp://www.80stees.com/pages/t-shirts/1980s_Music_t-shirts.asp
InternetURL: C:\Users\Edwards2\Favorites\Misc\AmazingTones.com cool ringtones & more. Featuring 50 cent, B.url -> hxxp://www.amazingtones.com/help.asp?type=&tab=5
InternetURL: C:\Users\Edwards2\Favorites\Misc\AskMen.com - Fashion web sites.url -> hxxp://www.askmen.com/fashion/fashiontip_150/168_fashion_advice.html
InternetURL: C:\Users\Edwards2\Favorites\Misc\Basic HTML Creating Links to Other Pages.url -> hxxp://www.htmlgoodies.com/primers/primer_4.html
InternetURL: C:\Users\Edwards2\Favorites\Misc\Free Nokia Ringtones, Nokia Logos, Nokia Picture Messages, N.url -> hxxp://www.tones4free.com/home.php?cmd=6&country=USA
InternetURL: C:\Users\Edwards2\Favorites\Misc\Maps.com - Get Directions Show Route.url -> hxxp://mapsonus.switchboard.com/bin/maps-route/usr=~3e5988f1.b2267.1f0.6/c=1/refsrc=Maps.com/isredir=1/
InternetURL: C:\Users\Edwards2\Favorites\Misc\mechBgon's guide for first-time newbie PC builders... Case prep, page 2.url -> hxxp://www.omnicast.net/~tmcfadden/guides/build/caseprep2.html
InternetURL: C:\Users\Edwards2\Favorites\Misc\Oakley Square Wire 2.0 Spring Hinge (Polarized) - Purchase Oakley gear from the online Oakley store.url -> hxxp://oakley.com/o/o1129d
InternetURL: C:\Users\Edwards2\Favorites\Misc\Top Nokia Animation screen savers.url -> hxxp://www.freenokia-ringtones.com/top_nokia_animation_screen_savers.html
InternetURL: C:\Users\Edwards2\Favorites\Misc\Vintage T-Shirts, Tee Shirts, Tees at PalmerCash.com.url -> hxxp://www.palmercash.com/vintage-t-shirts.asp?dc=blg07
InternetURL: C:\Users\Edwards2\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Edwards2\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Edwards2\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Edwards2\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Edwards2\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Edwards2\Favorites\Links\212-12-841 Search Results - Maricopa County Assessor's Office.url -> hxxp://mcassessor.maricopa.gov/?s=212-12-841
InternetURL: C:\Users\Edwards2\Favorites\Links\25 FREE Landlord Forms and Tenancy Agreements.url -> hxxp://www.free-rental-property-investing-info.com/free-real-estate-forms.html
InternetURL: C:\Users\Edwards2\Favorites\Links\3 Sliding Closet Doors - White.url -> hxxp://phoenix.craigslist.org/nph/mat/4286299780.html
InternetURL: C:\Users\Edwards2\Favorites\Links\55” Class (54.6” diag) LED HX820-Series Internet TV - Discontinued Sony HDTVs Sony Store - Sony US.url -> hxxp://store.sony.com/55-class-54.6-diag-led-hx820-series-internet-tv-zid27-KDL55HX820/cat-27-catid-EOL-Sony-HDTVs
InternetURL: C:\Users\Edwards2\Favorites\Links\Access Panels  In Wall Access Panels  14 x 14 Access Panel.url -> hxxp://www.fluidmaster.com/our-products/access-panels/14-x-14-access-panel.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Any experts Painting metal front door. - Home Disasters Forum - GardenWeb.url -> hxxp://ths.gardenweb.com/forums/load/disaster/msg0810080920704.html?23
InternetURL: C:\Users\Edwards2\Favorites\Links\Banana Cream Pie Recipe.url -> hxxp://www.nibbledish.com/people/redwood5/recipes/banana-cream-pie
InternetURL: C:\Users\Edwards2\Favorites\Links\Ben Dodson iTunes Artwork Finder; TV Shows, Music Albums, Movies, Apps, and iBooks.url -> hxxp://bendodson.com/projects/itunes-artwork-finder/
InternetURL: C:\Users\Edwards2\Favorites\Links\Black & Decker® LDX120C 20V Lithium Drill-Driver  Staples®.url -> hxxp://www.staples.com/Black-Decker-LDX120C-20V-Lithium-Drill-Driver/product_210532
InternetURL: C:\Users\Edwards2\Favorites\Links\Cannot launch Paperport 14 . Archive (251) . PaperPort . Forum . Nuance Forums.url -> hxxp://nuance-community.custhelp.com/posts/37cf404345?page=2
InternetURL: C:\Users\Edwards2\Favorites\Links\CAT5 Stripping and Terminate - Ch 1.url -> hxxp://www.swhowto.com/CAT5_Ch1.htm
InternetURL: C:\Users\Edwards2\Favorites\Links\Cook the Book Butterscotch Pudding  Serious Eats  Recipes.url -> hxxp://www.seriouseats.com/recipes/2008/04/sweet-melissa-butterscotch-pudding-recipe.html
InternetURL: C:\Users\Edwards2\Favorites\Links\CPU Holders  Humanscale.url -> hxxp://www.humanscale.com/products/category_detail.cfm?category=cpu_holders
InternetURL: C:\Users\Edwards2\Favorites\Links\David R. Heffelfinger's Ensode.net - Free Excel Spreadsheet Unlock Online Utility (Beta).url -> hxxp://www.ensode.net/xls-crack.jsf
InternetURL: C:\Users\Edwards2\Favorites\Links\Directv remote programing Apple Support Communities.url -> https://discussions....essage/12386100
InternetURL: C:\Users\Edwards2\Favorites\Links\Duct Sealing  ENERGY STAR.url -> https://www.energyst...provement_ducts
InternetURL: C:\Users\Edwards2\Favorites\Links\Error code 0x80070422 Can't turn on firewall - Microsoft Community.url -> hxxp://answers.microsoft.com/en-us/windows/forum/windows_7-security/error-code-0x80070422-cant-turn-on-firewall/e5ee6823-98f8-4575-a254-00a038b17e34
InternetURL: C:\Users\Edwards2\Favorites\Links\Excel - give cells a ranking based on the value  Windows Secrets Lounge.url -> hxxp://windowssecrets.com/forums/showthread.php/125964-Excel-give-cells-a-ranking-based-on-the-value
InternetURL: C:\Users\Edwards2\Favorites\Links\Excel Online Calculators  Free Excel Calculators  Download Free Excel Calculators and Templates.url -> hxxp://www.spreadsheet123.com/ExcelCalculators/
InternetURL: C:\Users\Edwards2\Favorites\Links\Extended Shelf Life  DO or DIY.url -> hxxp://doordiy.wordpress.com/2012/02/14/extended-shelf-life/
InternetURL: C:\Users\Edwards2\Favorites\Links\Fluidmaster AP-1414 Plastic Wall Access Panel, 14-Inch - Amazon.url -> hxxp://www.amazon.com/Fluidmaster-AP-1414-Plastic-Access-14-Inch/dp/B000FK9SLC/ref=cm_cr_pr_product_top
InternetURL: C:\Users\Edwards2\Favorites\Links\formatting - In Excel format number with optional decimal places - Super User.url -> hxxp://superuser.com/questions/205759/in-excel-format-number-with-optional-decimal-places
InternetURL: C:\Users\Edwards2\Favorites\Links\forum.universal-devices.com • View topic - 2411R and Harmony Remote.url -> hxxp://forum.universal-devices.com/viewtopic.php?f=20&t=6350
InternetURL: C:\Users\Edwards2\Favorites\Links\Fund Analyzer – FINRA.url -> hxxp://apps.finra.org/fundanalyzer/1/fa.aspx
InternetURL: C:\Users\Edwards2\Favorites\Links\FŪZ Designs - Your Shopping Cart.url -> https://fuzdesigns.myshopify.com/cart
InternetURL: C:\Users\Edwards2\Favorites\Links\Hide error values and error indicators in cells - Excel - Office.url -> hxxp://office.microsoft.com/en-us/excel-help/hide-error-values-and-error-indicators-in-cells-HP003056121.aspx
InternetURL: C:\Users\Edwards2\Favorites\Links\How to Build a Pot Organizer - American Profile.url -> hxxp://americanprofile.com/articles/pot-organizer-handyman/
InternetURL: C:\Users\Edwards2\Favorites\Links\How To Rent Your House The Definitive Step by Step Guide.url -> hxxp://www.biggerpockets.com/renewsblog/2013/01/04/how-to-rent-your-house/
InternetURL: C:\Users\Edwards2\Favorites\Links\http--logitech-en-amr.custhelp.url -> hxxp://logitech-en-amr.custhelp.com/ci/fattach/get/325917/
InternetURL: C:\Users\Edwards2\Favorites\Links\http--tvapps.samsungrebate.url -> hxxp://tvapps.samsungrebate.com/
InternetURL: C:\Users\Edwards2\Favorites\Links\http--www.casfm.org-crs_committee-crs_link_to_the_elev_cert.url -> hxxp://www.casfm.org/crs_committee/crs_link_to_the_elev_cert.pdf
InternetURL: C:\Users\Edwards2\Favorites\Links\http--www.homephonewiring.com-images-USOC-RJ11.url -> hxxp://www.homephonewiring.com/images/USOC-RJ11.GIF
InternetURL: C:\Users\Edwards2\Favorites\Links\http--www.ksda.gov-includes-document_center-structures-Floodplain-310%20-%20EC%20Gig%20List%20(2013).url -> hxxp://www.ksda.gov/includes/document_center/structures/Floodplain/310%20-%20EC%20Gig%20List%20(2013).pdf
InternetURL: C:\Users\Edwards2\Favorites\Links\https--s3-us-gov-west-1.amazonaws.com-dam-production-uploads-20130726-1437-20490-0725-f_053_elevcertif_30nov12_fillable.url -> https://s3-us-gov-we...12_fillable.pdf
InternetURL: C:\Users\Edwards2\Favorites\Links\I have a black box with a white x that appear in the upper left corner - Microsoft Community.url -> hxxp://answers.microsoft.com/en-us/ie/forum/ie10-windows_7/i-have-a-black-box-with-a-white-x-that-appear-in/15f6966f-a8b7-43dd-91bc-ec6dcc6f9977?msgId=d934d9f3-8d1e-4563-93bf-d80ccc4d4eed
InternetURL: C:\Users\Edwards2\Favorites\Links\IA - CyberClient.url -> https://iac.securewe...ortal/server.pt
InternetURL: C:\Users\Edwards2\Favorites\Links\Intranetix Viewer [04013C1230H.url -> hxxp://map1.msc.fema.gov/idms/IntraView.cgi?ROT=0&O_X=4668&O_Y=4009&O_ZM=0.617872&O_SX=1049&O_SY=616&O_DPI=400&O_TH=84250921&O_EN=84745358&O_PG=1&O_MP=1&CT=0&DI=0&WD=14408&HT=10358&JX=1188&JY=676&MPT=0&MPS=1&ZOOM_FIT.x=1&ACT=0&KEY=84250242&ITEM=1
InternetURL: C:\Users\Edwards2\Favorites\Links\IRLinc Receiver - IR to INSTEON Converter - Smarthome.url -> hxxp://www.smarthome.com/2411R/IRLinc-Receiver-IR-to-INSTEON-Converter/p.aspx
InternetURL: C:\Users\Edwards2\Favorites\Links\iTunes, App Store, iBookstore, and Mac App Store Affiliate Resources - Search API.url -> hxxp://www.apple.com/itunes/affiliates/resources/documentation/itunes-store-web-service-search-api.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Make the most of your drawers.url -> hxxp://www.meandmydiy.com/2012/09/make-most-of-your-drawers_16.html
InternetURL: C:\Users\Edwards2\Favorites\Links\MARAZZI Montagna 12 in. x 12 in. Mixed Porcelain Mesh-Mounted Mosaic Tile-UF62 at The Home Depot.url -> hxxp://www.homedepot.com/p/MARAZZI-Montagna-12-in-x-12-in-Mixed-Porcelain-Mesh-Mounted-Mosaic-Tile-UF62/100646397
InternetURL: C:\Users\Edwards2\Favorites\Links\MisterPlexi - Enclosed Wall Frames and Wallmount Signholders.url -> hxxp://www.misterplexi.com/esignholders.html
InternetURL: C:\Users\Edwards2\Favorites\Links\MyCableMart.url -> hxxp://www.mycablemart.com/store/cart.php?m=product_detail&p=4119
InternetURL: C:\Users\Edwards2\Favorites\Links\National Flood Insurance Program Elevation Certificate and Instructions  FEMA.url -> hxxp://www.fema.gov/media-library/assets/documents/160?id=1383
InternetURL: C:\Users\Edwards2\Favorites\Links\Outlook Web App.url -> https://owa.earls.ca...a.earls.ca/owa/
InternetURL: C:\Users\Edwards2\Favorites\Links\Phoenix Pool Supplies, Pool Parts, Spa Parts, Spa Supplies, Pool and Spa Technicians, Pool and Spa Repair.url -> hxxp://www.swimpoolwarehouse.com/about-us.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Replacing a Harmony 880 with an Android Tablet + TouchSquid PRO - Viable.url -> hxxp://www.avsforum.com/t/1496177/replacing-a-harmony-880-with-an-android-tablet-touchsquid-pro-viable
InternetURL: C:\Users\Edwards2\Favorites\Links\Rev-A-Shelf - Double Bottom Mount Rev-A-Motion™ Wood Waste Containers.url -> hxxp://www.rev-a-shelf.com/p-371-double-bottom-mount-rev-a-motion-wood-waste-containers.aspx
InternetURL: C:\Users\Edwards2\Favorites\Links\Rev-A-Shelf - Double Top Mount 1.625 Face Frame Wood Waste Containers.url -> https://www.rev-a-sh...containers.aspx
InternetURL: C:\Users\Edwards2\Favorites\Links\Rev-A-Shelf 4WTCD-21SC-1 Natural Wood 4WTCD Series 21 Inch Two Tier Cutlery Drawer with Blum Soft-Close Slides - Build.url -> hxxp://www.build.com/rev-a-shelf-4wtcd-21sc-1-natural-wood-4wtcd-series-21-inch-two-tier-cutlery-drawer-with-blum-soft-close/p2224081?source=spg_2224081&baid=430005740001018234&CA_6C15C=430005740001018234
InternetURL: C:\Users\Edwards2\Favorites\Links\Rev-a-Shelf Rev-A-Shelf 35 Quart Double Waste Unit with Tandem Soft Close - Tools - Woodworking - Woodworking Plans & Kits.url -> hxxp://www.sears.com/rev-a-shelf-rev-a-shelf-35-quart/p-SPM8068901425?prdNo=20&blockNo=20&blockType=G20
InternetURL: C:\Users\Edwards2\Favorites\Links\Rev-a-Shelf RS4WCT.3 24 in. W x 2.88 in. H Wood Cutlery Tray Insert - For the Home - Kitchen Storage - Food Storage.url -> hxxp://www.sears.com/rev-a-shelf-rs4wct-3-24-in-w-x/p-SPM5175596901?prdNo=23
InternetURL: C:\Users\Edwards2\Favorites\Links\Santiago Andrade Landscaping - Phoenix, AZ.url -> hxxp://www.yelp.com/biz/santiago-andrade-landscaping-phoenix
InternetURL: C:\Users\Edwards2\Favorites\Links\Shelves That Slide Perfect Pantry Pack.url -> hxxp://www.shelvesthatslide.com/mm5/merchant.mvc?Store_Code=STS&Screen=PROD&Category_Code=SS&Product_Code=PPP5
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Gladiator 8-ft Adjustable Height Maple Workbench at Lowes.url -> hxxp://www.lowes.com/pd_462294-46-GAWB08MTZG_0__?productId=4461279&Ntt=workbench&pl=1&currentURL=%3FNtt%3Dworkbench%26page%3D1&facetInfo=&state=R
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Greenlite 11-Watt (65W Equivalent) Br30 Medium Base Bright White (3,000K) LED Bulb ENERGY STAR at Lowes.url -> hxxp://www.lowes.com/pd_538484-49550-11WLEDBR30D_2z8vj?AID=10926682&PID=4485850&SID=IDTA0H9-EeObMJpS-IhuZg0_gRGv3_0_0_0&cm_mmc=AFF_CJ-_-4485850-_-1122587-_-10926682
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop ReliaBilt 6-ft x 6-ft 8-in Full Lite Interior Sliding Door at Lowes.url -> hxxp://www.lowes.com/pd_550663-32998-8006068BK_4294937086__?productId=50081048&Ntt=reliabilt&Ns=p_product_price|1&pl=1&currentURL=%3FNs%3Dp_product_price%7C1%26Ntt%3Dreliabilt%26page%3D15&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Rev-A-Shelf 35-Quart Plastic Pull Out Trash Can at Lowes.url -> hxxp://www.lowes.com/pd_278250-1214-RV-18PBC-5_0__?productId=1078999&Ntt=rev+a+shelf&Ns=p_product_price|0&pl=1&currentURL=%3FNs%3Dp_product_price%7C0%26Ntt%3Drev%2Ba%2Bshelf%26page%3D6&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Rev-A-Shelf Large Cutlery Tray Insert at Lowes.url -> hxxp://www.lowes.com/pd_364304-1214-4WCT-3SH_0__?productId=3470517&Ntt=rev+a+shelf&Ns=p_product_price|0&pl=1&currentURL=%3FNs%3Dp_product_price%7C0%26Ntt%3Drev%2Ba%2Bshelf%26page%3D6&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Rev-A-Shelf Small Cutlery Tray Insert at Lowes (2).url -> hxxp://www.lowes.com/pd_364303-1214-4WCT-1SH_0__?productId=3470515&Ntt=rev+a+shelf&Ns=p_product_price|0&pl=1&currentURL=%3FNs%3Dp_product_price%7C0%26Ntt%3Drev%2Ba%2Bshelf%26page%3D5&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Rev-A-Shelf Small Cutlery Tray Insert at Lowes.url -> hxxp://www.lowes.com/pd_364303-1214-4WCT-1SH_0__?productId=3470515&Ntt=rev+a+shelf&Ns=p_product_price|0&pl=1&currentURL=%3FNs%3Dp_product_price%7C0%26Ntt%3Drev%2Ba%2Bshelf%26page%3D5&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Shop Rev-A-Shelf Wood Insert Knife Block at Lowes.url -> hxxp://www.lowes.com/pd_141991-1214-4W-KB-5_0__?productId=3434052&Ntt=rev+a+shelf&Ns=p_product_price|0&pl=1&currentURL=%3FNs%3Dp_product_price%7C0%26Ntt%3Drev%2Ba%2Bshelf%26page%3D3&facetInfo=
InternetURL: C:\Users\Edwards2\Favorites\Links\Smarthome Forum.url -> hxxp://www.smarthome.com/forum/default.asp
InternetURL: C:\Users\Edwards2\Favorites\Links\Step 1 - Residential Lease Agreement Wizard - ez Landlord Forms.url -> https://www.ezlandlo...ase_agreements/
InternetURL: C:\Users\Edwards2\Favorites\Links\TAP Plastics.url -> hxxp://www.tapplastics.com/
InternetURL: C:\Users\Edwards2\Favorites\Links\The Swimming Pool Warehouse Scottsdale, Swim Pool Warehouse Arizona, Swimming Pool Warehouse Phoenix.url -> hxxp://www.swimpoolwarehouse.com/visit-us.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Upload Photos, Create Photo Gifts and Photo Cards - Free Same Day Pickup  CVS Photo.url -> hxxp://www.cvsphoto.com/Upload-Photo
InternetURL: C:\Users\Edwards2\Favorites\Links\ViewSonic 27 Widescreen LCD Monitor (2).url -> hxxp://www.officemax.com/technology/monitors/product-prod3820178?history=tzie6lzh|categoryId~10004^categoryName~Technology^[email protected]|categoryId~288^categoryName~Monitors^[email protected]|prodPage~15^refine~1^[email protected]|prodPage~91^refine~1^position~1^[email protected]|prodPage~91^sort~Price+%28High-Low%29^refine~1^position~1^region~1
InternetURL: C:\Users\Edwards2\Favorites\Links\ViewSonic 27 Widescreen LED Monitor.url -> hxxp://www.officemax.com/technology/monitors/product-prod4100034
InternetURL: C:\Users\Edwards2\Favorites\Links\Wall Plate for Keystone, 4 Hole w- Built In VGA Coupler (Gold Plated) - Monoprice.url -> hxxp://www.monoprice.com/Product?c_id=104&cp_id=10425&cs_id=1042504&p_id=8731&seq=1&format=2
InternetURL: C:\Users\Edwards2\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Edwards2\Favorites\Links\Windows Firewall authorization driver is missing - mdsdrv.sys and - Microsoft Community.url -> hxxp://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-firewall-authorization-driver-is-missing/0fc25540-a2fb-4c7b-96ab-325802f1b4aa
InternetURL: C:\Users\Edwards2\Favorites\Links\Windows firewall authorization file missing Solved - Page 3 - Windows 7 Help Forums.url -> hxxp://www.sevenforums.com/system-security/314384-windows-firewall-authorization-file-missing-3.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Windows firewall can't change some of your settings Error code - Microsoft Community.url -> hxxp://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-firewall-cant-change-some-of-your-settings/2679690e-c375-4232-ae45-404374386635
InternetURL: C:\Users\Edwards2\Favorites\Links\Z-Wave 600W 3-Way-Single-Pole Dimmer Switch HA-14WD Wayne Dalton.url -> hxxp://www.thehomeautomationstore.com/ha14wd.html
InternetURL: C:\Users\Edwards2\Favorites\Links\Z-Wave World Forums - Z-Wave products and technology.url -> hxxp://zwaveworld.com/forum/index.php?showforum=2
InternetURL: C:\Users\Edwards2\Favorites\Links\Zodiac new cell broken • Salt Water Chlorine Generators (SWG) • Trouble Free Pool.url -> hxxp://www.troublefreepool.com/zodiac-new-cell-broken-t16876.html
InternetURL: C:\Users\Edwards2\Favorites\Links\ZWave Inline Modules.url -> hxxp://www.aartech.ca/zwave-inline-modules/
InternetURL: C:\Users\Edwards2\Favorites\Links\“0x80070422” error message when you try to enable Windows Firewall.url -> hxxp://support.microsoft.com/kb/2617842
InternetURL: C:\Users\Edwards2\Favorites\Links\▶ Sous Vide Crème Brûlée - YouTube.url -> hxxp://www.youtube.com/watch?v=nmHuXaJhRNY
InternetURL: C:\Users\Edwards2\Favorites\Home\5-Shelf Open Single Bookcase - Bush Office Furniture - WC72412 - Bush Series C - Corsa Medium Cherry Configuration 6 - Layout f.url -> hxxp://www.everythingofficefurniture.com/opsinbookbus.html
InternetURL: C:\Users\Edwards2\Favorites\Home\Clements Water Parts Page.url -> hxxp://www.clementswater.com/mainparts/mainparts.htm
InternetURL: C:\Users\Edwards2\Favorites\Home\Drywallschool.com How To Do A knockdown Texture.url -> hxxp://www.drywallschool.com/knockdown.htm
InternetURL: C:\Users\Edwards2\Favorites\Home\Garage floors, Cabinets and Organizers by PremierGarage.url -> hxxp://www.premiergarage.com/httpdocs/index.html
InternetURL: C:\Users\Edwards2\Favorites\Home\Gladiator® GarageWorks by Whirlpool Corporation - Garage Products - Garage Storage Solutions - Garage Improvement System.url -> hxxp://www.gladiatorgw.com/
InternetURL: C:\Users\Edwards2\Favorites\Home\How To Install & Fully Wire a New Electrical Outlet - Receptacle - Video @ RemodelingMySpace.com.url -> hxxp://www.remodelingmyspace.com/how-to-videos/electrical-videos/how-to-install-fully-wire-a-new-electrical-outlet-receptacle-video.htm
InternetURL: C:\Users\Edwards2\Favorites\Home\INCA Television Lifts, Automatic Lifts, Home Theater Automation.url -> hxxp://www.inca-tvlifts.com/
InternetURL: C:\Users\Edwards2\Favorites\Home\Innovative Solutions - Concepts by Design Inc. DBA.url -> hxxp://www.innovativesolutionsaz.com/index.html
InternetURL: C:\Users\Edwards2\Favorites\Home\Kitchen software increases efficiency for Fazoli's  Fast Casual.url -> hxxp://www.fastcasual.com/specialdownload.php?i=17
InternetURL: C:\Users\Edwards2\Favorites\Home\Luxury Housing Trends June 2005 Archives.url -> hxxp://www.luxuryhousingtrends.com/archives/2005/06/index.html
InternetURL: C:\Users\Edwards2\Favorites\Home\Luxury Replicas - The Lowest Price Rolex Oyster Perpetual Air King.url -> hxxp://121.real-watches.com/watchcollection.php?subcat=7
InternetURL: C:\Users\Edwards2\Favorites\Home\Phoenix Window Treatments - Custom window blinds, plantation shutters, wood blinds..url -> hxxp://www.newwestshutter.com/
InternetURL: C:\Users\Edwards2\Favorites\Home\SLIDE-LOK Stackable, Modular Cabinets.url -> hxxp://www.slide-lok.com/SLIDE-LOK_Systems.shtm
InternetURL: C:\Users\Edwards2\Favorites\Home\Welcome to 1st Choice Storage Solutions.url -> hxxp://www.1stchoicess.com/whyfloors.htm
InternetURL: C:\Users\Edwards2\Favorites\Hockey\1800FACEOFF.com - Product Display.url -> hxxp://www.1800faceoff.com/prod_selected.ihtml?shop_id=3&prod_id=1524&cat_id_on=31
InternetURL: C:\Users\Edwards2\Favorites\Hockey\700K Link.url -> hxxp://www.goaliestore.com/board/showthread.php?t=39134
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Accessories.url -> hxxp://www.mckenneysports.com/accessories.htm
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Battram Custom Goal Equipment.url -> hxxp://www.battram.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Beer League.url -> hxxp://www.zoomcom.ca/beerleague/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Brian's Custom Pro Manufacturing - Goalies are our business!.url -> hxxp://www.briansmfg.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\BROWN Hockey catalogue of goaltender equipment.url -> hxxp://www.brownhockey.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\calgary flames 1987 &quot;red hot&quot; video - Google Video.url -> hxxp://video.google.com/videoplay?docid=-6053863688509045791
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Don Simmons - Goalie Equipment Specialists - Goalie Equipmen.url -> hxxp://www.donsimmons.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Download.url -> hxxp://www.free-downloads.net/downloads/Alcohol_52__Free_Edition/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Duke's Sports Toronto's #1 discount hockey store!.url -> hxxp://www.dukes1hockey.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\E-mails from an [bleep].url -> hxxp://dontevenreply.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Glennmiller Custom Sporting Goods.url -> hxxp://www.glennmiller.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Goaler One - The Commitment to Excellence Begins Here!.url -> hxxp://goalerone.com/index.aspx
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Goalie Mask Custom made masks.url -> hxxp://www.sportmask.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Goalie Masks and Paint Jobs by Pro-Masque.url -> hxxp://www.cnh.mv.com/ipusers/mask/goaliemaskstyles.shtml
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Goalie Store Bulletin Board - Powered by vBulletin.url -> hxxp://www.goaliestore.com/board/index.php
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Goalie Stuff Online Tips And Techniques Forum.url -> hxxp://www.network54.com/Hide/Forum/116272
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Graf Canada - Contact Us.url -> hxxp://www.grafcanada.com/contact_us/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockey Check.com - Members Area.url -> hxxp://www.hockeycheck.com/members/index.php
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockey Fights.url -> hxxp://www.zen36114.zen.co.uk/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockey Giant #1 for ice, inline and roller hockey equipment.url -> hxxp://www.hockeygiant.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockey Services OnLine Pro Shop - Goalie Catch Gloves and Bl.url -> hxxp://www.hockeyservices.com/hockey/goal/blocker.html
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockey-Humor.com.url -> hxxp://www.hockey-humor.com/main
InternetURL: C:\Users\Edwards2\Favorites\Hockey\HockeyGeeks.com Specializing in Vaughn Goalie, KOHO Goalie, Goalie Equipment, Leg Pads, Eagle Goalie, Itech Goalie, Goalie Pad.url -> hxxp://www.hockeygeeks.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Hockeymonkey.com - ice, inline & roller hockey equipment..url -> hxxp://www.hockeymonkey.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Home Page.url -> hxxp://www.hackerhockeyclub.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\http--www.goaliemonkey.com-.url -> hxxp://www.goaliemonkey.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\http--www.warwickgoaliemasks.com-warwick2k2-.url -> hxxp://www.warwickgoaliemasks.com/warwick2k2/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Ice Hockey Equipment - Perani's Hockey World.url -> hxxp://www.peranis.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\index.url -> hxxp://www.ironheadmasks.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Jon Elkin's Goalie Schools.url -> hxxp://www.elkingoaltending.com/templates/flash/home.asp
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Kemps Hockey — Louisville Goal Body Pads.url -> hxxp://www.kempshockey.com/gbpads02_L.html
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Links Gallery.url -> hxxp://www.network54.com/Hide/Forum/message?forumid=209225&messageid=1027087566
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Maltese Hockey.url -> hxxp://www.maltesehockey.com/contact.html
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Nash Sports Hockey Repair Specialists RIVETS, EYELETS & FAST.url -> hxxp://www.pipcom.com/~nash/itm00009.htm
InternetURL: C:\Users\Edwards2\Favorites\Hockey\nhlnumbers.com » Nationalities.url -> hxxp://www.nhlnumbers.com/countries.php?type=capnumber&order=ASC
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Pointstreak.com - Hockey Stats - league home - Real-time Scoring and League Management System.url -> hxxp://www.pointstreak.com/players/players-leagues.html?leagueid=353
InternetURL: C:\Users\Edwards2\Favorites\Hockey\PRO-MASQUE, Inc. (Quistgard Goalie Training GOALTENDING...Yo.url -> hxxp://www.cnh.mv.com/ipusers/mask/Quistgard/fqsave.htm
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Protective Athletic Wear.url -> hxxp://protectiveathleticwear.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Sign in to Yahoo!.url -> https://login.yahoo....rc=spt&.intl=us
InternetURL: C:\Users\Edwards2\Favorites\Hockey\The Hockey Shop  Experts in Ice Hockey and Goalie Equipment.url -> hxxp://www.thehockeyshop.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\The Hockey Shop.url -> hxxp://www.thehockeyshop.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\The Internet Hockey Database -- Hockey Statistics, Logos, an.url -> hxxp://www.hockeydb.com/index.html
InternetURL: C:\Users\Edwards2\Favorites\Hockey\vortexhockey.url -> hxxp://www.vortekhockey.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Welcome to CycloneTaylor.com, YOUR ONLINE HOCKEY SUPERSTORE.url -> hxxp://cyclonetaylor.com/
InternetURL: C:\Users\Edwards2\Favorites\Hockey\Welcome to The Sports Exchange!.url -> hxxp://www.the-sports-exchange.com/
InternetURL: C:\Users\Edwards2\Favorites\Golf\Arizona Golf Association.url -> hxxp://www.azgolf.org/main/index.asp?CategoryID=0
InternetURL: C:\Users\Edwards2\Favorites\Golf\BEER CART GIRL   The Search is On.url -> hxxp://www.beercartgirl.com/show_girls_gallery.php?contestant_id=1&start=9
InternetURL: C:\Users\Edwards2\Favorites\Golf\BusFuller 2006.url -> hxxp://www.mediabutton.com/proofs/earles/videoindex.html
InternetURL: C:\Users\Edwards2\Favorites\Golf\Caddychicks.com - Golfers and Caddies Connect.url -> hxxp://www.caddychicks.com/
InternetURL: C:\Users\Edwards2\Favorites\Golf\EZLinks Golf - Tee Times.url -> https://bookteetimes...ountProfile.asp
InternetURL: C:\Users\Edwards2\Favorites\Golf\FreeGolfInfo.com - The World's Largest Golf Community.url -> hxxp://www.freegolfinfo.com/
InternetURL: C:\Users\Edwards2\Favorites\Golf\Golf Handicap  Post Scores  Online Golf Community.url -> hxxp://www.stracka.com/golf-handicap/scores.asp
InternetURL: C:\Users\Edwards2\Favorites\Golf\Golf Jokes.url -> hxxp://people.cornell.edu/pages/bs16/golf_jokes.htm
InternetURL: C:\Users\Edwards2\Favorites\Golf\Nk'Mip Canyon Desert Golf Course.url -> hxxp://www.inkameepcanyon.com/
InternetURL: C:\Users\Edwards2\Favorites\Golf\STL Ladies.url -> hxxp://insidestl.com/STLLadies/tabid/83/Default.aspx
InternetURL: C:\Users\Edwards2\Favorites\Golf\Things You Should Know About Divorce in Arizona.url -> hxxp://www.supreme.state.az.us/dr/Text/Divorce.htm
InternetURL: C:\Users\Edwards2\Favorites\Golf\Useful Golf Book  Cybergolf News.url -> hxxp://www.cybergolf.com/golf_news/useful_golf_book
InternetURL: C:\Users\Edwards2\Favorites\Food\!Anvil - Catering Equipment.url -> hxxp://www.anvilworld.com/products/products.asp
InternetURL: C:\Users\Edwards2\Favorites\Food\. sCIUE ..url -> hxxp://www.sciue.ca/pasticceria.php
InternetURL: C:\Users\Edwards2\Favorites\Food\addmecc.url -> hxxp://www.chefwork.com/jackets/addmecc.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\Amazon.com Parrish Oblong Cheesecake Pan with Removable Bottom 9x13 Kitchen & Housewares.url -> hxxp://www.amazon.com/Parrish-Oblong-Cheesecake/dp/B0000DE1WE/ref=e_deav_acc_1_2/102-3093975-2658534?ie=UTF8
InternetURL: C:\Users\Edwards2\Favorites\Food\Bagasse Soup Container Lid.url -> hxxp://www.biodegradablestore.com/pp/food_containers/bagasse_soup/pp_bagasse_soup_con_7_l.html
InternetURL: C:\Users\Edwards2\Favorites\Food\BREAD, TOMATO AND ONION SALAD - Panzanella I.url -> hxxp://www.e-rcps.com/pasta/rcp/salad/panzanella_1.shtml
InternetURL: C:\Users\Edwards2\Favorites\Food\Chef Uniforms, Restaurant Uniforms, Hotel Uniforms.url -> hxxp://www.crookedbrook.com/hotel-restaurant-chef-uniforms.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\CHEFCOAT 1-800-888-8216.url -> hxxp://chefcoat.com/ccdisct.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\Chefwear Short Sleeve Chef Jacket (Five-Star) - Chefwear.url -> hxxp://www.chefwear.com/store/item.asp?ITEM_ID=55&DEPARTMENT_ID=5
InternetURL: C:\Users\Edwards2\Favorites\Food\Chicago Dining at Tuscany Restaurant for Fine Northern Italian Dining.url -> hxxp://www.stefanirestaurants.com/tuscany.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\Copycat Restaurant Recipes The Cheesecake Factory's White Chocolate Raspberry Truffle Cheesecake.url -> hxxp://bestcopycatrestaurantrecipes.blogspot.com/2008/04/cheesecake-factorys-white-chocolate.html
InternetURL: C:\Users\Edwards2\Favorites\Food\Culinary and Chef Forums on Chef2Chef.url -> hxxp://forums.chef2chef.net/
InternetURL: C:\Users\Edwards2\Favorites\Food\Daydots Food Safety Solutions - food rotation labels, portion bags, color-coded systems, gloves, thermometers, hygiene, cleanin.url -> https://www.daydots....av=&ac=checkout
InternetURL: C:\Users\Edwards2\Favorites\Food\DOUGHPRO.url -> hxxp://www.doughpro.com/
InternetURL: C:\Users\Edwards2\Favorites\Food\doughXpress Economy Pizza Dough Press.url -> hxxp://www.doughxpress.com/economypress.html
InternetURL: C:\Users\Edwards2\Favorites\Food\Dynamic -- restaurant equipment.url -> hxxp://www.dynamicmixers.com/pages/products.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\EPICURIOUS THE WORLD'S GREATEST RECIPE COLLECTION.url -> hxxp://eat.epicurious.com/
InternetURL: C:\Users\Edwards2\Favorites\Food\Executive Black Pleated Chef Pants - Happy Chef Uniforms.url -> hxxp://www.happychefuniforms.com/800-347-0288/order.cfm?ProductID=605&Ref=Category
InternetURL: C:\Users\Edwards2\Favorites\Food\Frozen Gourmet Vegetables.url -> hxxp://www.whitetoque.com/products/vegies.htm
InternetURL: C:\Users\Edwards2\Favorites\Food\Harris Ranch Beef Company.url -> hxxp://www.harrisranchbeef.com/index_hrbc_flash.html
InternetURL: C:\Users\Edwards2\Favorites\Food\Kelley and Abide.url -> hxxp://www.cheffashions.com/store_product.cfm?Product_ID=52&SubCat_ID=19&Style=CF
InternetURL: C:\Users\Edwards2\Favorites\Food\Media Links - Quality Food, Systems and Training.url -> hxxp://www.qfst.com/media.html
InternetURL: C:\Users\Edwards2\Favorites\Food\mrtakeoutbags Checkout Payment.url -> https://www.mrtakeou...b84420fcb54cae0&
InternetURL: C:\Users\Edwards2\Favorites\Food\My Weigh Digital Scales- Manufacturer of quality digital scales and digital scale accessories.url -> hxxp://www.myweigh.com/buy-online/usa-locations
InternetURL: C:\Users\Edwards2\Favorites\Food\Pizza Magazine - Pizza Today - the top pizza trade magazine in the pizza industry.url -> hxxp://www.pizzatoday.com/
InternetURL: C:\Users\Edwards2\Favorites\Food\Product 1-2 Sleeve Chef Coat.url -> hxxp://www.netuniform.com/product.ASP?pfid=CCo%2DRED%2D0%2D0404&dept%5Fid=12100+&mode=&mscssid=60RJ7GMBWKF19PCSNBQGQM8U1T3A2TSE
InternetURL: C:\Users\Edwards2\Favorites\Food\Room Service of Scottsdale - Delivering Gourmet Dining to your Doorstep.url -> hxxp://www.scottsdaleroomservice.com/
InternetURL: C:\Users\Edwards2\Favorites\Food\Scottsdale Restaurants and Dining Guide.url -> hxxp://www.phoenix-arizona.com/dining/scottsdale.shtml
InternetURL: C:\Users\Edwards2\Favorites\Food\Stanislaus Food Products.url -> hxxp://stanislaus.com/home_pass.asp
InternetURL: C:\Users\Edwards2\Favorites\Food\Toss & Chop, salad utensils, salad chopper, salad scissors, kitchen utensils, kitchen gadgets.url -> hxxp://www.silvermk.com/recipes.cfm
InternetURL: C:\Users\Edwards2\Favorites\Food\Tuscan Recipes From appetizers to entrees, main dishes to desserts, from Tuscany, Italy.url -> hxxp://www.tuscanrecipes.com/recipes/
InternetURL: C:\Users\Edwards2\Favorites\Food\UNIFORMSDEPOT.COM.url -> hxxp://www.uniformsdepot.com/select.php?products_id=125
InternetURL: C:\Users\Edwards2\Favorites\Food\US Range Commercial Convection Oven Electric NSF SunFire ICO-E-10-M  ACityDiscount Restaurant Equipment.url -> hxxp://www.acitydiscount.com/US-Range-Commercial-Convection-Oven-Electric-NSF-SunFire-ICO-E-10-M.0.46738.1.1.htm?PPCID=7&link=Cooking---Warming-Equipment
InternetURL: C:\Users\Edwards2\Favorites\Food\Volnay Short Sleeve Chef Coat.url -> hxxp://www.chefsemporium.net/shslchco.html
InternetURL: C:\Users\Edwards2\Favorites\Food\Wood Stone Cooking Equipment. Fire-kissed flavor from the wo.url -> hxxp://www.woodstone-corp.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Biotest at Easypricematch.com - Match Any Price!.url -> hxxp://www.easypricematch.com/store/comersus_showbrand.asp?brand=39
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Dictionary.com-Translator.url -> hxxp://dictionary.reference.com/translate/text.html
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Free Translation Online.url -> hxxp://translation2.paralink.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\FreeTranslation.com - Your Free Translation.url -> hxxp://ets.freetranslation.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\John Berardi - The Massive Eating Calculator.url -> hxxp://www.johnberardi.com/updates/july262002/na_masscalculator.htm
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Johnny Crosslin Photography.url -> hxxp://www.johnnycrosslin.com/flashindex.htm
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Le PARKOUR.url -> hxxp://perso.wanadoo.fr/parkour/parkourenglish/page2.html
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Netrition.com - The Internet's Premier Nutrition Superstore!.url -> hxxp://www.netrition.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\New Home.url -> hxxp://www.westside-barbell.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\ronharrisMUSCLE.com  welcome.url -> hxxp://www.ronharrismuscle.com/welcome/default.asp
InternetURL: C:\Users\Edwards2\Favorites\Fitness\ScalpMed Secure Shopping Cart.url -> hxxp://secure.infomercial.tv/www_v2/cartContents.asp
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Scrawny To Brawny - Building Muscle Without Steroids.url -> hxxp://www.scrawnytobrawny.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\Scrawny To Brawny - Members Home.url -> hxxp://www.scrawnytobrawny.com/m/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\spam Magazine  Issue 164.url -> hxxp://www.t-mag.com/
InternetURL: C:\Users\Edwards2\Favorites\Fitness\The Underground Guide To Warrior Fitness.url -> hxxp://www.warriorforce.com/warriorfitness.html
InternetURL: C:\Users\Edwards2\Favorites\Fitness\The Warrior Wire - 3th Edition.url -> hxxp://www.warriorforce.com/newsletter/warriorwire3.htm
InternetURL: C:\Users\Edwards2\Favorites\Finance\All Savers Health Plans and Services.url -> https://www.myallsav...ne/default.aspx
InternetURL: C:\Users\Edwards2\Favorites\Finance\American Express  Online Services  Log in.url -> https://online.ameri...entry_point=lnk
InternetURL: C:\Users\Edwards2\Favorites\Finance\American Express-Logon to Account Access.url -> https://www99.americ...mary&Face=en_US
InternetURL: C:\Users\Edwards2\Favorites\Finance\APS - Electricity, Power, Energy Services for Arizona Homes and Businesses.url -> hxxp://www.aps.com/
InternetURL: C:\Users\Edwards2\Favorites\Finance\Bagasse Soup Container Lid.url -> hxxp://www.biodegradablestore.com/pp/food_containers/bagasse_soup/pp_bagasse_soup_con_7_l.html
InternetURL: C:\Users\Edwards2\Favorites\Finance\Bank of America  Online Banking  Sign In to Online Banking.url -> https://sitekey.bank...een.do?state=AZ
InternetURL: C:\Users\Edwards2\Favorites\Finance\BenchCrafted.com - Mag-Bloks.url -> hxxp://www.benchcrafted.com/magbloks.htm
InternetURL: C:\Users\Edwards2\Favorites\Finance\Bloomberg.com  Quotes.url -> hxxp://www.bloomberg.com/fgcgi.cgi?T=marketsquote99_news.ht&s=AO1TEyxVUUGFjaWZp
InternetURL: C:\Users\Edwards2\Favorites\Finance\Chase Personal Banking Investments Credit Cards Home Auto Commercial Small Business Insurance.url -> hxxp://www.chase.com/
InternetURL: C:\Users\Edwards2\Favorites\Finance\Check your Credit Report Online at Creditreport.com!.url -> https://secure.credi...viewreport.aspx
InternetURL: C:\Users\Edwards2\Favorites\Finance\Clerk of the Superior Court of Maricopa County.url -> hxxp://www.clerkofcourt.maricopa.gov/new_contacts.asp
InternetURL: C:\Users\Edwards2\Favorites\Finance\Compass Bank  Personal Services  Calculators.url -> hxxp://partners.leadfusion.com/tools/compassbank/creditline06/tool.fcs
InternetURL: C:\Users\Edwards2\Favorites\Finance\Contact Us.url -> hxxp://www.irs.treas.gov/localcontacts/display/0,,i1%3D53%26genericId%3D16536,00.html
InternetURL: C:\Users\Edwards2\Favorites\Finance\Cox Communications - Residential  View-Pay Bill.url -> https://idm.east.cox...countSummary.do
InternetURL: C:\Users\Edwards2\Favorites\Finance\Equifax Personal Solutions Credit Reports, Credit Scores, Protection Against Identity Theft and more.url -> hxxp://www.equifax.com/
InternetURL: C:\Users\Edwards2\Favorites\Finance\Farmers Insurance - Auto Insurance, Home Insurance, Life Insurance.url -> hxxp://www.farmers.com/index.html
InternetURL: C:\Users\Edwards2\Favorites\Finance\Farmers®.url -> https://css.farmersi...r=1&wintag=null
InternetURL: C:\Users\Edwards2\Favorites\Finance\Federal Trade Commission - Your National Resource for ID Theft.url -> hxxp://www.consumer.gov/idtheft/recovering_idt.html
InternetURL: C:\Users\Edwards2\Favorites\Finance\FreeCreditReport.com  Free Credit Report and Credit Score Online by Experian.url -> hxxp://www.freecreditreport.com/pm/default.aspx?PageTypeID=HomePage62&SiteVersionID=715&SiteID=100219&sc=669496&bcd=htBRcrdrpt_avg
InternetURL: C:\Users\Edwards2\Favorites\Finance\H&R Block - Online Tax Services.url -> https://taxes.hrbloc...erID=163=
InternetURL: C:\Users\Edwards2\Favorites\Finance\Homeowners Association (HOA) Banking and Financial Management Services.url -> hxxp://www.cabanc.com/enUS/ccpayment.jsp
InternetURL: C:\Users\Edwards2\Favorites\Finance\https--www.gmacmortgage.com-logon-index.htm.url -> https://www.gmacmort...logon/index.htm
InternetURL: C:\Users\Edwards2\Favorites\Finance\IAPacific - CyberClient.url -> https://iapc.securew...ortal/server.pt
InternetURL: C:\Users\Edwards2\Favorites\Finance\Login.url -> https://orders.cox.c...vices/login.asp
InternetURL: C:\Users\Edwards2\Favorites\Finance\MFS Mutual Fund, IRA & 529 Accounts (Access).url -> https://www.mfs.com/...RPMzVVMzFMTDc!/
InternetURL: C:\Users\Edwards2\Favorites\Finance\My Primerica.url -> https://my.primerica...portal/login.do
InternetURL: C:\Users\Edwards2\Favorites\Finance\Northwestern Mutual Secure Message Center Password Authorization.url -> https://northwestern...JpLDnrih6if4Y2F
InternetURL: C:\Users\Edwards2\Favorites\Finance\Ocwen Loan Servicing.url -> https://ocwen.mortga...logon/index.htm
InternetURL: C:\Users\Edwards2\Favorites\Finance\Payment Interface.url -> https://paynow5.spee...stgas/index.asp
InternetURL: C:\Users\Edwards2\Favorites\Finance\PayPal - Login.url -> https://www.paypal.c...?cmd=_login-run
InternetURL: C:\Users\Edwards2\Favorites\Finance\ReverseRecords.org - Reverse Lookup - Online Databases.url -> hxxp://www.reverserecords.org/confirmation/member_confirm.html?cbreceipt=56KMNVG8
InternetURL: C:\Users\Edwards2\Favorites\Finance\Sign In or Create an Account, Social Security.url -> https://secure.ssa.gov/RIL/SiView.do
InternetURL: C:\Users\Edwards2\Favorites\Finance\Sign In serving Arizona  Residential from Cox.url -> https://ww2.cox.com/...ial/sign-in.cox
InternetURL: C:\Users\Edwards2\Favorites\Finance\Southwest Gas - MyAccount Home.url -> https://myaccount.swgas.com/
InternetURL: C:\Users\Edwards2\Favorites\Finance\Tempe Schools Credit [email protected] -> https://www.tscu.org...00.cgi?MCWSTART
InternetURL: C:\Users\Edwards2\Favorites\Finance\The US Airways Dividend Miles Mastercard - Account Log In.url -> https://www.juniper....ite/action/home
InternetURL: C:\Users\Edwards2\Favorites\Finance\WATER BILL PAYMENT.url -> hxxp://phoenix.gov/APPINTRO/wtrintro.html
InternetURL: C:\Users\Edwards2\Favorites\Finance\Your Auto Policy.url -> https://onlineservic...e=PPRO&Brand=10
InternetURL: C:\Users\Edwards2\Favorites\CDBurning\AfterDawn.com Message boards.url -> hxxp://forums.afterdawn.com/
InternetURL: C:\Users\Edwards2\Favorites\CDBurning\Club CD Freaks - Knowledge is Power - Search Results.url -> hxxp://club.cdfreaks.com/search.php?s=64adeac208a6f0d8beb3511eb004084c&action=showresults&searchid=241155&sortby=lastpost&sortorder=descending
InternetURL: C:\Users\Edwards2\Favorites\CDBurning\How to show burned VCD on screen completely.url -> hxxp://forums.afterdawn.com/thread_view.cfm/6189
InternetURL: C:\Users\Edwards2\Favorites\CDBurning\http--www.vcdhelp.com-play.htm.url -> hxxp://www.vcdhelp.com/play.htm
InternetURL: C:\Users\Edwards2\Favorites\CDBurning\VH1.com  Shows  The Greatest  100 Greatest Artists of Hard Rock (100 - 81)  Episode.url -> hxxp://www.vh1.com/shows/dyn/the_greatest/62184/episode_wildcard.jhtml?wildcard=/shows/dynamic/includes/wildcards/the_greatest/hardrock_list_full.jhtml&event_id=862711&start=1
InternetURL: C:\Users\Edwards2\Favorites\Automotive\2006 M35 OEM Body (Front, Roof, & Floor) (HOOD PANEL,HINGE & FITTI) Replacement Parts.url -> hxxp://infiniti.sewellparts.com/oem-catalog/650A01-BodyFrontRoofFloor-M35-2006.html
InternetURL: C:\Users\Edwards2\Favorites\Automotive\AutoTrader.com - Used Cars For Sale Car Details.url -> hxxp://www.autotrader.com/findacar/vdetail.jtmpl?car_id=122262144&dealer_id=&search_type=used&make=NISSAN&model=XTERRA&transmission=&distance=100&address=85050&advanced=n&certified=n&max_mileage=&max_price=22000&min_price=&first_record=51&end_year=2004&start_year=1983&body_style=&advcd_on=n&=&color=&car_year=2000
InternetURL: C:\Users\Edwards2\Favorites\Apple\Apple - Support - Discussions - Forum Home.url -> hxxp://discussions.info.apple.com/index.jspa?categoryID=1
InternetURL: C:\Users\Edwards2\Favorites\Apple\Apple TV Hacks — Get more from your shiny box of joy.url -> hxxp://www.appletvhacks.net/
InternetURL: C:\Users\Edwards2\Favorites\Apple\Featured IPhone Application Air Sharing Transfers Files Between iPhones and Any System.url -> hxxp://lifehacker.com/5047136/air-sharing-transfers-files-between-iphones-and-any-system
InternetURL: C:\Users\Edwards2\Favorites\Apple\How to create iPhone icons and separate page icons.url -> hxxp://herselfswebtools.com/2008/03/how-to-create-iphone-icons-and-separate-page-icons.html
InternetURL: C:\Users\Edwards2\Favorites\Apple\Springlets for iPhone - Ready-made Speed Dial & Other Home Screen Shortcuts  Just Another iPhone Blog.url -> hxxp://justanotheriphoneblog.com/wordpress/2008/02/25/springlets-for-iphone-ready-made-speed-dial-other-home-screen-shortcuts/
InternetURL: C:\Users\Edwards2\Favorites\Apple\T-mobile.url -> hxxp://modmyi.com/forums/t-mobile/
InternetURL: C:\Users\Edwards2\Favorites\Apple\tip Springboard Shortcut to Local Files.url -> hxxp://www.modmyi.com/forums/general-iphone-chat/28642-tip-springboard-shortcut-local-files.html
InternetURL: C:\Users\Edwards2\Favorites\Apple\Transferring your iTunes Library  iLounge Article.url -> hxxp://www.ilounge.com/index.php/articles/comments/moving-your-itunes-library-to-a-new-hard-drive
InternetURL: C:\Users\Edwards2\Desktop\Shadow Shenanigans  Disney Junior.url -> hxxp://disney.go.com/disneyjunior/jake-and-the-never-land-pirates/jake-and-the-never-land-pirates-games/shadow-shenanigans-1987670
InternetURL: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\test.EdwardsPC2\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\test.EdwardsPC2\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\test.EdwardsPC2\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Users\test.EdwardsPC2\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================

 

 

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
() C:\Program Files\pcreg\pcreg.exe
() C:\Program Files\003\vxlsnyaiet64.exe
(© 2014 ClientConnect Ltd.) D:\Documents\Dropbox\VIRUS\AdwCleaner_TSV39DL56.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-06-23] (Sanford, L.P.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1882360 2009-06-23] (Sanford, L.P.)
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Edwards2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Edwards2\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID 0913a
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CrashDumps] => rundll32 "C:\Users\Edwards2\AppData\Local\Diagnostics\CrashDumps\kdfgepcf.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CvmuPack Update] => regsvr32.exe C:\Users\Edwards2\AppData\Local\CvmuPack\NPPDF32.DLL
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [OfficeDrop] => rundll32 "C:\Users\Edwards2\AppData\Local\VirtualStore\OfficeDrop\ekmdejdljh.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CvmuPack Auto] => regsvr32.exe C:\Users\Edwards2\AppData\Local\CvmuPack\ASMct217I.dll
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [gekxttxc] => regsvr32.exe /s "C:\ProgramData\gekxttxc.dat"
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\MountPoints2: {b38d4f6b-1eb2-11e1-b404-806e6f6e6963} - E:\AUTORUN.EXE
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk
ShortcutTarget: My Program.lnk -> C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49507;https=127.0.0.1:49507
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x63650CF1746CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-07] (AVG Secure Search)
R2 vxlsnyaiet64; C:\Program Files\003\vxlsnyaiet64.exe [706560 2014-05-23] ()

==================== Drivers (Whitelisted) ====================

R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-07] (AVG Technologies)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsl0f43984a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0099CCC-A779-4ABA-AF1C-640125F083F1}\MpKsl0f43984a.sys [45352 2014-05-23] (Microsoft Corporation)
S1 MpKsl5c7f28c2; C:\Windows\system32\MpEngineStore\MpKsl5c7f28c2.sys [45352 2014-05-05] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-11-24] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-11-22] (Realtek Semiconductor Corporation                           )
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2011-12-06] (Acronis)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-23 13:08 - 2014-05-23 13:17 - 00000000 ____D () C:\FRST
2014-05-23 13:03 - 2014-05-23 13:03 - 00005404 _____ () C:\Users\Edwards2\Desktop\JRT.txt
2014-05-23 12:59 - 2014-05-23 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 12:57 - 2014-05-23 12:57 - 00000000 ____D () C:\Users\Edwards2\Documents\PC Speed Maximizer
2014-05-23 12:56 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-05-23 12:56 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-05-23 12:53 - 2014-05-23 12:54 - 00000000 ____D () C:\Program Files\003
2014-05-23 12:52 - 2014-05-23 12:52 - 00004398 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-23 12:52 - 2014-05-23 12:52 - 00003700 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-23 12:52 - 2014-05-23 12:52 - 00000000 ____D () C:\Program Files\pcreg
2014-05-23 12:45 - 2014-05-23 12:45 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-23 06:56 - 2014-05-23 06:56 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-23 06:07 - 2014-05-23 06:07 - 00001266 _____ () C:\Users\Edwards2\Desktop\Windows Update.lnk
2014-05-23 05:48 - 2014-05-23 05:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-22 21:09 - 2014-01-19 00:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-22 21:08 - 2014-05-22 21:08 - 00002142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-22 21:08 - 2014-05-22 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-22 05:40 - 2014-05-22 05:40 - 00000200 _____ () C:\Users\Edwards2\Desktop\Repair.bat
2014-05-21 06:12 - 2014-05-21 06:14 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-21 06:12 - 2014-05-21 06:14 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-20 05:50 - 2014-05-20 05:50 - 00001808 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iPod
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-19 15:36 - 2014-05-19 15:53 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-19 15:36 - 2014-05-19 15:53 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-05-19 05:22 - 2014-05-19 05:27 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00936907 _____ (Ben Olden-Cooligan ) C:\Users\Edwards2\Downloads\naps2-2.6.3-setup.exe
2014-05-19 05:22 - 2014-05-19 05:22 - 00000988 _____ () C:\Users\Public\Desktop\NAPS2.lnk
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\Program Files (x86)\NAPS2
2014-05-19 05:19 - 2014-05-19 05:19 - 03940568 _____ () C:\Users\Edwards2\Downloads\REGSERVO_Installer.exe
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieUserList
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieSiteList
2014-05-18 07:10 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-18 07:10 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-18 07:10 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-18 07:10 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-18 07:10 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-18 07:10 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 17:24 - 2014-05-17 17:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 17:19 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 17:19 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 17:19 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 17:19 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 17:19 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 17:19 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 17:19 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 17:19 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 17:19 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 17:19 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 17:19 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 17:19 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 17:19 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 17:19 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 17:19 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 17:19 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 17:19 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 17:19 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 17:19 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 17:19 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 17:19 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 17:19 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 17:19 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 17:19 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 17:19 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 17:19 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 17:19 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 17:19 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 17:19 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 17:19 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 17:19 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 17:19 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 17:19 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 17:19 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 17:19 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 17:19 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 17:19 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 17:19 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 17:19 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 17:19 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 17:19 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 17:19 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 17:19 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 17:19 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-13 17:34 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 17:34 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 17:34 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 17:34 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-05 20:47 - 2014-05-05 20:47 - 00262144 _____ () C:\Windows\Minidump\050514-98811-01.dmp
2014-05-05 20:38 - 2014-05-17 17:27 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-05 20:25 - 2014-05-05 20:25 - 00262144 _____ () C:\Windows\Minidump\050514-79763-01.dmp
2014-05-05 20:06 - 2014-05-05 20:06 - 00262144 _____ () C:\Windows\Minidump\050514-101322-01.dmp
2014-05-03 12:50 - 2014-05-03 12:50 - 00262144 _____ () C:\Windows\Minidump\050314-85441-01.dmp
2014-04-29 15:50 - 2014-05-23 12:45 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\DropboxMaster
2014-04-27 23:12 - 2014-04-27 23:13 - 00262144 _____ () C:\Windows\Minidump\042714-104146-01.dmp
2014-04-25 22:49 - 2014-04-25 22:49 - 00262144 _____ () C:\Windows\Minidump\042514-89450-01.dmp
2014-04-25 22:34 - 2014-04-25 22:34 - 00262144 _____ () C:\Windows\Minidump\042514-89903-01.dmp
2014-04-25 17:20 - 2014-04-25 17:20 - 00262144 _____ () C:\Windows\Minidump\042514-98187-01.dmp
2014-04-24 08:53 - 2014-04-24 08:53 - 00262144 _____ () C:\Windows\Minidump\042414-89560-01.dmp
2014-04-23 20:02 - 2014-04-23 20:02 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 20:02 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 20:02 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 20:02 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 20:02 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 19:58 - 2014-04-23 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One Month Modified Files and Folders =======

2014-05-23 13:17 - 2014-05-23 13:08 - 00000000 ____D () C:\FRST
2014-05-23 13:17 - 2012-01-30 21:06 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Dropbox
2014-05-23 13:03 - 2014-05-23 13:03 - 00005404 _____ () C:\Users\Edwards2\Desktop\JRT.txt
2014-05-23 13:00 - 2012-04-03 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 13:00 - 2011-12-04 11:36 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\CrashDumps
2014-05-23 12:59 - 2014-05-23 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 12:57 - 2014-05-23 12:57 - 00000000 ____D () C:\Users\Edwards2\Documents\PC Speed Maximizer
2014-05-23 12:54 - 2014-05-23 12:53 - 00000000 ____D () C:\Program Files\003
2014-05-23 12:52 - 2014-05-23 12:52 - 00004398 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-23 12:52 - 2014-05-23 12:52 - 00003700 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-23 12:52 - 2014-05-23 12:52 - 00000000 ____D () C:\Program Files\pcreg
2014-05-23 12:51 - 2009-07-13 21:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 12:51 - 2009-07-13 21:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 12:48 - 2011-12-04 09:32 - 00696184 _____ () C:\Windows\system32\perfh00E.dat
2014-05-23 12:48 - 2011-12-04 09:32 - 00175568 _____ () C:\Windows\system32\perfc00E.dat
2014-05-23 12:48 - 2011-12-04 09:28 - 00493932 _____ () C:\Windows\system32\perfh00B.dat
2014-05-23 12:48 - 2011-12-04 09:28 - 00105814 _____ () C:\Windows\system32\perfc00B.dat
2014-05-23 12:48 - 2009-07-13 22:13 - 02252672 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 12:47 - 2011-12-03 10:53 - 02090582 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 12:45 - 2014-05-23 12:45 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-23 12:45 - 2014-04-29 15:50 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\DropboxMaster
2014-05-23 12:45 - 2013-12-30 12:36 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\CvmuPack
2014-05-23 12:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 12:44 - 2009-07-13 21:51 - 00016459 _____ () C:\Windows\setupact.log
2014-05-23 09:06 - 2011-12-04 12:47 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-05-23 06:56 - 2014-05-23 06:56 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-23 06:07 - 2014-05-23 06:07 - 00001266 _____ () C:\Users\Edwards2\Desktop\Windows Update.lnk
2014-05-23 05:52 - 2011-12-03 11:00 - 00111840 _____ () C:\Users\Edwards2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 05:52 - 2009-07-13 21:45 - 00422328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-23 05:49 - 2011-12-03 12:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-23 05:48 - 2014-05-23 05:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-23 05:48 - 2011-12-03 12:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-05-23 05:47 - 2009-07-13 19:34 - 00000553 _____ () C:\Windows\win.ini
2014-05-22 21:08 - 2014-05-22 21:08 - 00002142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-22 21:08 - 2014-05-22 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-22 20:14 - 2011-12-03 16:43 - 00378040 _____ () C:\Windows\PFRO.log
2014-05-22 20:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 20:05 - 2012-01-30 21:08 - 00001052 _____ () C:\Users\Edwards2\Desktop\Dropbox.lnk
2014-05-22 20:05 - 2012-01-30 21:06 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 20:05 - 2011-12-03 10:53 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 06:20 - 2012-11-24 15:55 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\NETGEARGenie
2014-05-22 05:40 - 2014-05-22 05:40 - 00000200 _____ () C:\Users\Edwards2\Desktop\Repair.bat
2014-05-21 06:14 - 2014-05-21 06:12 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-21 06:14 - 2014-05-21 06:12 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-21 06:12 - 2009-07-13 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 05:50 - 2014-05-20 05:50 - 00001808 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iPod
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-19 21:56 - 2011-12-23 22:05 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\uTorrent
2014-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-19 15:53 - 2014-05-19 15:36 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-19 15:53 - 2014-05-19 15:36 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-05-19 15:53 - 2012-11-06 16:39 - 00002170 _____ () C:\Windows\SysWOW64\pp.log
2014-05-19 15:53 - 2011-12-06 20:20 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-05-19 15:38 - 2011-12-06 20:20 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\.oit
2014-05-19 05:27 - 2014-05-19 05:22 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\NAPS2
2014-05-19 05:27 - 2013-09-18 20:11 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\63883F46-D8A8-4499-A69C-4F34FC6720C8.aplzod
2014-05-19 05:22 - 2014-05-19 05:22 - 00936907 _____ (Ben Olden-Cooligan ) C:\Users\Edwards2\Downloads\naps2-2.6.3-setup.exe
2014-05-19 05:22 - 2014-05-19 05:22 - 00000988 _____ () C:\Users\Public\Desktop\NAPS2.lnk
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\Program Files (x86)\NAPS2
2014-05-19 05:19 - 2014-05-19 05:19 - 03940568 _____ () C:\Users\Edwards2\Downloads\REGSERVO_Installer.exe
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieUserList
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieSiteList
2014-05-18 07:32 - 2011-12-06 20:20 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Zeon
2014-05-17 18:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-17 17:27 - 2014-05-05 20:38 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-17 17:27 - 2011-12-03 10:53 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 17:24 - 2014-05-17 17:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 17:18 - 2011-12-06 20:15 - 02221084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-17 17:17 - 2013-09-06 19:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 17:17 - 2011-12-04 08:38 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 17:15 - 2013-09-23 19:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 17:00 - 2012-04-03 18:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 17:00 - 2012-04-03 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 17:00 - 2011-12-03 11:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-10 16:03 - 2011-12-08 09:45 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\HandBrake
2014-05-08 23:14 - 2014-05-13 17:34 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-08 23:11 - 2014-05-13 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-07 08:47 - 2013-09-09 10:21 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-07 08:47 - 2013-09-09 10:21 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-05 21:40 - 2014-05-18 07:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-18 07:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:47 - 2014-05-05 20:47 - 00262144 _____ () C:\Windows\Minidump\050514-98811-01.dmp
2014-05-05 20:47 - 2011-12-24 18:22 - 00000000 ____D () C:\Windows\Minidump
2014-05-05 20:30 - 2011-12-03 11:57 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Adobe
2014-05-05 20:25 - 2014-05-18 07:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:25 - 2014-05-05 20:25 - 00262144 _____ () C:\Windows\Minidump\050514-79763-01.dmp
2014-05-05 20:07 - 2014-05-18 07:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:06 - 2014-05-05 20:06 - 00262144 _____ () C:\Windows\Minidump\050514-101322-01.dmp
2014-05-05 20:00 - 2014-05-18 07:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-18 07:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 08:34 - 2013-05-05 20:18 - 00000000 ____D () C:\Users\test.EdwardsPC2
2014-05-03 12:50 - 2014-05-03 12:50 - 00262144 _____ () C:\Windows\Minidump\050314-85441-01.dmp
2014-04-27 23:13 - 2014-04-27 23:12 - 00262144 _____ () C:\Windows\Minidump\042714-104146-01.dmp
2014-04-27 06:12 - 2011-12-03 17:00 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Skype
2014-04-26 13:56 - 2011-12-04 12:06 - 00000727 _____ () C:\Users\Edwards2\Sti_Trace.log
2014-04-25 22:49 - 2014-04-25 22:49 - 00262144 _____ () C:\Windows\Minidump\042514-89450-01.dmp
2014-04-25 22:34 - 2014-04-25 22:34 - 00262144 _____ () C:\Windows\Minidump\042514-89903-01.dmp
2014-04-25 17:20 - 2014-04-25 17:20 - 00262144 _____ () C:\Windows\Minidump\042514-98187-01.dmp
2014-04-24 18:07 - 2011-12-30 08:36 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\dvdcss
2014-04-24 08:53 - 2014-04-24 08:53 - 00262144 _____ () C:\Windows\Minidump\042414-89560-01.dmp
2014-04-23 20:09 - 2014-02-05 20:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 20:02 - 2014-04-23 20:02 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 20:02 - 2012-06-25 10:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 20:00 - 2011-12-03 11:59 - 00000000 ____D () C:\ProgramData\Apple
2014-04-23 19:58 - 2014-04-23 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-04-23 19:55 - 2011-12-04 14:30 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\Adobe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535

Files to move or delete:
====================
C:\Users\Edwards2\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\Edwards2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdrtww3.dll
C:\Users\Edwards2\AppData\Local\Temp\helper.exe
C:\Users\Edwards2\AppData\Local\Temp\nsuBF4A.tmp.exe
C:\Users\Edwards2\AppData\Local\Temp\speedmax_25301.exe
C:\Users\Edwards2\AppData\Local\Temp\SpOrder.dll
C:\Users\Edwards2\AppData\Local\Temp\sqlite3.exe
C:\Users\Edwards2\AppData\Local\Temp\updater_156387.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

LastRegBack: 2014-05-19 21:29

==================== End Of Log ============================ 

 

 

 


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Please remove the following programs:
 
BrowserSafeguard with RocketTab
Search Protection
 
Download the enclosed file. Attached File  fixlist.txt   2.25KB   67 downloads
 
Save it in the same location FRST is saved.
 
Run FRST and click on the Fix button.
 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
Please retry AdwCleaner after a restart.
 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here
 
Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark is placed next to Enable the Free Trial and Launch
  • Malwarebytes' Anti-Malware, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quanrantee All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Right click on your next reply and select Paste.
  • Submit your reply.
Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#5
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

FIXLIST REPORT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014
Ran by Edwards2 at 2014-05-24 06:31:56 Run:1
Running from D:\Documents\Dropbox\VIRUS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Edwards2\AppData\Roaming\skype.ini
C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535
C:\Users\Edwards2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdrtww3.dll
C:\Users\Edwards2\AppData\Local\Temp\helper.exe
C:\Users\Edwards2\AppData\Local\Temp\nsuBF4A.tmp.exe
C:\Users\Edwards2\AppData\Local\Temp\speedmax_25301.exe
C:\Users\Edwards2\AppData\Local\Temp\SpOrder.dll
C:\Users\Edwards2\AppData\Local\Temp\sqlite3.exe
C:\Users\Edwards2\AppData\Local\Temp\updater_156387.exe
C:\Program Files\pcreg
C:\Program Files\003
C:\Windows\System32\Tasks\pcreg
TDL4: custom:26000022 <===== ATTENTION!
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [OfficeDrop] => rundll32 "C:\Users\Edwards2\AppData\Local\VirtualStore\OfficeDrop\ekmdejdljh.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CrashDumps] => rundll32 "C:\Users\Edwards2\AppData\Local\Diagnostics\CrashDumps\kdfgepcf.dll",DllRegisterServer <===== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$1d971c5f0863b1bceccc3309741d2535\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-24] ()
Task: {EFBF57F5-F1D1-4774-9ADF-540192FB9E92} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-24] () <==== ATTENTION
Task: {7C95ED18-33F4-4D28-9CF2-74CFA6C9AF6A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
R2 vxlsnyaiet64; C:\Program Files\003\vxlsnyaiet64.exe [706560 2014-05-23] ()
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
End
*****************

C:\Users\Edwards2\AppData\Roaming\skype.ini => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-42534202-2903975066-3733773402-1000\$1d971c5f0863b1bceccc3309741d2535 => Moved successfully.
"C:\Users\Edwards2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdrtww3.dll" => File/Directory not found.
C:\Users\Edwards2\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\Edwards2\AppData\Local\Temp\nsuBF4A.tmp.exe => Moved successfully.
C:\Users\Edwards2\AppData\Local\Temp\speedmax_25301.exe => Moved successfully.
C:\Users\Edwards2\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Edwards2\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Edwards2\AppData\Local\Temp\updater_156387.exe => Moved successfully.
C:\Program Files\pcreg => Moved successfully.
C:\Program Files\003 => Moved successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.

The operation completed successfully.
The operation completed successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeDrop => Value deleted successfully.
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CrashDumps => Value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFBF57F5-F1D1-4774-9ADF-540192FB9E92} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFBF57F5-F1D1-4774-9ADF-540192FB9E92} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C95ED18-33F4-4D28-9CF2-74CFA6C9AF6A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C95ED18-33F4-4D28-9CF2-74CFA6C9AF6A} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
vxlsnyaiet64 => Unable to stop service
vxlsnyaiet64 => Service deleted successfully.
pcregservice => Service stopped successfully.
pcregservice => Service deleted successfully.

==== End of Fixlog ====

 

 

ADWCleaner worked after I disabled AVG. Here is the report.

# AdwCleaner v3.210 - Report created 24/05/2014 at 06:59:57
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Edwards2 - EDWARDSPC2
# Running from : C:\Users\Edwards2\AppData\Local\Temp\Rar$EX47.472\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Edwards2\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Edwards2\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Edwards2\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Edwards2\Documents\Optimizer Pro
Folder Deleted : C:\Users\Edwards2\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\test.EdwardsPC2\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\test.EdwardsPC2\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\Windows\SysWOW64\SecureAssist.dll
File Deleted : C:\Windows\System32\SecureAssist64.dll

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\Edwards2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5681 octets] - [24/05/2014 06:54:51]
AdwCleaner[S0].txt - [5396 octets] - [24/05/2014 06:59:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5456 octets] ##########

 

 

MALWAREbytes Report

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/24/2014
Scan Time: 7:06:50 AM
Logfile: malware bytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.04
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Edwards2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326301
Time Elapsed: 4 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Wajam.A, HKU\S-1-5-21-42534202-2903975066-3733773402-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [0d276de8304bef47531dee42e2209868],
PUP.Optional.Wajam.A, HKU\S-1-5-21-42534202-2903975066-3733773402-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [0d276de8304bef47531dee42e2209868],
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}, Quarantined, [e054dc79bac18aac726a8e9ec73ba759],
Refog.Keylogger, HKLM\SOFTWARE\Refog Software, Quarantined, [c66e0e47e299cc6a2c5b84b3fa0947b9],
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [d26256fffb807bbb604b58691fe4659b],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [132157fef08b1323abcf2498d2313fc1],

Registry Values: 2
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_softarmory.com|google_znes-display-us-728x90-29152045943, Quarantined, [d26256fffb807bbb604b58691fe4659b]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1523565850476169458, Quarantined, [132157fef08b1323abcf2498d2313fc1]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Users\Edwards2\AppData\Local\Temp\CT3325809, Quarantined, [7cb887ced1aa93a30876e88e16ec7987],

Files: 3
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [320293c295e6c670165cc97423dd9c64],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [250f0a4baccfcb6b4bc84df88c7820e0],
PUP.Optional.Conduit.A, C:\Users\Edwards2\AppData\Local\Temp\CT3325809\ddt.csf, Quarantined, [7cb887ced1aa93a30876e88e16ec7987],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
How is the computer doing?
  • 0

#7
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Still running the same as before. No luck in being able to use windows update or turn on windows firewall. Should I be able to do that now?

 

Thanks,

 

Daren


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

The main issue was removed. Lets check the services.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Other Services

Press "Scan".


It will create a log (FSS.txt) in the same directory the tool is run.


Please copy and paste the log to your reply.


  • 0

#9
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Alright, here is the FSS log. Thanks

 

 

 

Farbar Service Scanner Version: 21-05-2014
Ran by Edwards2 (administrator) on 24-05-2014 at 12:34:34
Running from "D:\Documents\Dropbox\VIRUS"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Download Services Repair tool, available here,  and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

After rebooting, run the Farbar Service Scanner once again and post its report.


  • 0

Advertisements


#11
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Farbar Service Scanner Version: 21-05-2014
Ran by Edwards2 (administrator) on 24-05-2014 at 12:34:34
Running from "D:\Documents\Dropbox\VIRUS"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

 

When it rebooted Windows Firewall was up and running. Im still getting the code FFFFFFFFFFE when running windows update.


  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

The report still shows issues.
 
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous. As a precaution,  we will make a backup of the registry first.
 
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing. Please follow the steps that are listed below EXACTLY. If you cannot preform some of these steps, or if you have ANY questions please ask BEFORE proceeding.
 
Backing Up Your Registry

  • Go Here and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

  • Install ERUNT by following the prompts 

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

  • Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

  • Choose a location for the backup 

(the default location is C:\WINDOWS\ERDNT which is acceptable).

  • Make sure that at least the first two check boxes are ticked 
  • Press OK
  • Press YES to create the folder.

Registry Modifications
 
 
Download the enclosed file. Attached File  RegistryFix.txt   344.84KB   50 downloads
 
Save it on the Desktop.
 
Open this file with Notepad. Select File from the menu, then Save as. Name the file as fix.reg Change the Save as Type to All Files and Save it on the desktop. It will change from a text file to a Registry entries file.
 
Once saved, click on the fix.reg file and merge it into the Registry.
 
Restart the computer. After the restart, run the Farbar Service Scanner and post its report.


  • 0

#13
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

When I install Erunt it says it can be used to backup any windows nt/2000/xp.  Is it still the version I want, I am using Windows 7 Ultimate.

 

Thanks,

 

Daren


  • 0

#14
azdaren

azdaren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here is the Farbar scan after running the registry fix. Thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by Edwards2 (administrator) on EDWARDSPC2 on 25-05-2014 07:37:17
Running from D:\Documents\Dropbox\VIRUS
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-06-23] (Sanford, L.P.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1882360 2009-06-23] (Sanford, L.P.)
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Edwards2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Edwards2\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 632b233410b247d18136854de0ce9fd5-6639bc2cbe08bee7ebb9f52727253c4f04028738 --CMPID 0913a
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CvmuPack Update] => regsvr32.exe C:\Users\Edwards2\AppData\Local\CvmuPack\NPPDF32.DLL
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [CvmuPack Auto] => regsvr32.exe C:\Users\Edwards2\AppData\Local\CvmuPack\ASMct217I.dll
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Run: [gekxttxc] => regsvr32.exe /s "C:\ProgramData\gekxttxc.dat"
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-42534202-2903975066-3733773402-1000\...\MountPoints2: {b38d4f6b-1eb2-11e1-b404-806e6f6e6963} - E:\AUTORUN.EXE
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Edwards2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk
ShortcutTarget: My Program.lnk -> C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software)
Startup: C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49507;https=127.0.0.1:49507
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x63650CF1746CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-07] (AVG Technologies)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsl451517e7; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3583C0F4-A0D6-41D3-8792-30CB53FC2DDD}\MpKsl451517e7.sys [45352 2014-05-25] (Microsoft Corporation)
S1 MpKsl5c7f28c2; C:\Windows\system32\MpEngineStore\MpKsl5c7f28c2.sys [45352 2014-05-05] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-11-24] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-11-22] (Realtek Semiconductor Corporation                           )
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2011-12-06] (Acronis)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-25 07:35 - 2014-05-25 07:35 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-25 07:31 - 2014-05-25 07:31 - 00353112 _____ () C:\Users\Edwards2\Desktop\Fix.reg
2014-05-25 07:30 - 2014-05-25 07:30 - 00000000 ____D () C:\Windows\ERDNT
2014-05-25 07:28 - 2014-05-25 07:28 - 00000949 _____ () C:\Users\test.EdwardsPC2\Desktop\NTREGOPT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000949 _____ () C:\Users\Edwards2\Desktop\NTREGOPT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000930 _____ () C:\Users\test.EdwardsPC2\Desktop\ERUNT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000930 _____ () C:\Users\Edwards2\Desktop\ERUNT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-05-25 07:28 - 2014-05-25 07:28 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-05-25 07:13 - 2014-05-25 07:13 - 00886288 _____ (Microsoft Corporation) C:\Users\Edwards2\Downloads\mssstool64.exe
2014-05-24 19:47 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files (x86)\Pandora Recovery
2014-05-24 19:47 - 2014-05-24 19:47 - 00002031 _____ () C:\Users\Public\Desktop\Pandora Recovery.lnk
2014-05-24 19:47 - 2014-05-24 19:47 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\PandoraRecovery
2014-05-24 19:47 - 2014-05-24 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2014-05-24 19:45 - 2014-05-24 19:44 - 00929416 _____ (CNET Download.com) C:\Users\Edwards2\Downloads\cbsidlm-cbsi188-Pandora_Recovery-BP-10694796.exe
2014-05-24 14:17 - 2014-05-24 14:17 - 04009167 _____ () C:\Users\Edwards2\Desktop\ServicesRepair.exe
2014-05-24 14:17 - 2014-05-24 14:17 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-24 08:37 - 2014-05-24 08:37 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-05-24 08:37 - 2014-05-24 08:37 - 00000000 ____D () C:\Program Files\Nuance
2014-05-24 08:30 - 2014-05-24 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-05-24 08:30 - 2014-05-24 08:30 - 00002097 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-05-24 08:30 - 2014-05-24 08:30 - 00001891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-05-24 08:28 - 2014-05-24 08:28 - 00000000 ____D () C:\Windows\PIXTRAN
2014-05-24 08:28 - 2014-05-24 08:28 - 00000000 ____D () C:\Users\Edwards2\Documents\MyWebPages
2014-05-24 07:06 - 2014-05-25 07:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 07:06 - 2014-05-24 07:06 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 07:06 - 2014-05-24 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 07:06 - 2014-05-24 07:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-24 07:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 07:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 07:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 06:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-24 06:46 - 2014-05-24 07:00 - 00000000 ____D () C:\AdwCleaner
2014-05-23 13:08 - 2014-05-25 07:37 - 00000000 ____D () C:\FRST
2014-05-23 13:03 - 2014-05-23 13:03 - 00005404 _____ () C:\Users\Edwards2\Desktop\JRT.txt
2014-05-23 12:59 - 2014-05-23 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 06:56 - 2014-05-23 06:56 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-23 06:07 - 2014-05-23 06:07 - 00001266 _____ () C:\Users\Edwards2\Desktop\Windows Update.lnk
2014-05-23 05:48 - 2014-05-23 05:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-22 21:09 - 2014-01-19 00:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-22 21:08 - 2014-05-22 21:08 - 00002142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-22 21:08 - 2014-05-22 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-22 05:40 - 2014-05-22 05:40 - 00000200 _____ () C:\Users\Edwards2\Desktop\Repair.bat
2014-05-21 06:12 - 2014-05-21 06:14 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-21 06:12 - 2014-05-21 06:14 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-20 05:50 - 2014-05-20 05:50 - 00001808 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iPod
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-19 15:36 - 2014-05-24 08:38 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-19 15:36 - 2014-05-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-05-19 05:22 - 2014-05-19 05:27 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00936907 _____ (Ben Olden-Cooligan ) C:\Users\Edwards2\Downloads\naps2-2.6.3-setup.exe
2014-05-19 05:22 - 2014-05-19 05:22 - 00000988 _____ () C:\Users\Public\Desktop\NAPS2.lnk
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\Program Files (x86)\NAPS2
2014-05-19 05:19 - 2014-05-19 05:19 - 03940568 _____ () C:\Users\Edwards2\Downloads\REGSERVO_Installer.exe
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieUserList
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieSiteList
2014-05-18 07:10 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-18 07:10 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-18 07:10 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-18 07:10 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-18 07:10 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-18 07:10 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 17:24 - 2014-05-17 17:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 17:19 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 17:19 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 17:19 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 17:19 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 17:19 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 17:19 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 17:19 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 17:19 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 17:19 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 17:19 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 17:19 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 17:19 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 17:19 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 17:19 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 17:19 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 17:19 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 17:19 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 17:19 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 17:19 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 17:19 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 17:19 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 17:19 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 17:19 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 17:19 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 17:19 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 17:19 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 17:19 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 17:19 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 17:19 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 17:19 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 17:19 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 17:19 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 17:19 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 17:19 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 17:19 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 17:19 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 17:19 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 17:19 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 17:19 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 17:19 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 17:19 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 17:19 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 17:19 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 17:19 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-13 17:34 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 17:34 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 17:34 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 17:34 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-05 20:47 - 2014-05-05 20:47 - 00262144 _____ () C:\Windows\Minidump\050514-98811-01.dmp
2014-05-05 20:38 - 2014-05-17 17:27 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-05 20:25 - 2014-05-05 20:25 - 00262144 _____ () C:\Windows\Minidump\050514-79763-01.dmp
2014-05-05 20:06 - 2014-05-05 20:06 - 00262144 _____ () C:\Windows\Minidump\050514-101322-01.dmp
2014-05-03 12:50 - 2014-05-03 12:50 - 00262144 _____ () C:\Windows\Minidump\050314-85441-01.dmp
2014-04-29 15:50 - 2014-05-25 07:35 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\DropboxMaster
2014-04-27 23:12 - 2014-04-27 23:13 - 00262144 _____ () C:\Windows\Minidump\042714-104146-01.dmp
2014-04-25 22:49 - 2014-04-25 22:49 - 00262144 _____ () C:\Windows\Minidump\042514-89450-01.dmp
2014-04-25 22:34 - 2014-04-25 22:34 - 00262144 _____ () C:\Windows\Minidump\042514-89903-01.dmp
2014-04-25 17:20 - 2014-04-25 17:20 - 00262144 _____ () C:\Windows\Minidump\042514-98187-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-25 07:37 - 2014-05-23 13:08 - 00000000 ____D () C:\FRST
2014-05-25 07:37 - 2012-01-30 21:06 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Dropbox
2014-05-25 07:35 - 2014-05-25 07:35 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-25 07:35 - 2014-05-24 07:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 07:35 - 2014-04-29 15:50 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\DropboxMaster
2014-05-25 07:35 - 2013-12-30 12:36 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\CvmuPack
2014-05-25 07:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 07:35 - 2009-07-13 21:51 - 00029171 _____ () C:\Windows\setupact.log
2014-05-25 07:32 - 2011-12-03 10:53 - 01062891 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 07:31 - 2014-05-25 07:31 - 00353112 _____ () C:\Users\Edwards2\Desktop\Fix.reg
2014-05-25 07:30 - 2014-05-25 07:30 - 00000000 ____D () C:\Windows\ERDNT
2014-05-25 07:28 - 2014-05-25 07:28 - 00000949 _____ () C:\Users\test.EdwardsPC2\Desktop\NTREGOPT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000949 _____ () C:\Users\Edwards2\Desktop\NTREGOPT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000930 _____ () C:\Users\test.EdwardsPC2\Desktop\ERUNT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000930 _____ () C:\Users\Edwards2\Desktop\ERUNT.lnk
2014-05-25 07:28 - 2014-05-25 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-05-25 07:28 - 2014-05-25 07:28 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-05-25 07:28 - 2011-12-03 10:53 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 07:18 - 2011-12-04 09:32 - 00696184 _____ () C:\Windows\system32\perfh00E.dat
2014-05-25 07:18 - 2011-12-04 09:32 - 00175568 _____ () C:\Windows\system32\perfc00E.dat
2014-05-25 07:18 - 2011-12-04 09:28 - 00493932 _____ () C:\Windows\system32\perfh00B.dat
2014-05-25 07:18 - 2011-12-04 09:28 - 00105814 _____ () C:\Windows\system32\perfc00B.dat
2014-05-25 07:18 - 2009-07-13 22:13 - 02252672 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 07:18 - 2009-07-13 21:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 07:18 - 2009-07-13 21:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 07:13 - 2014-05-25 07:13 - 00886288 _____ (Microsoft Corporation) C:\Users\Edwards2\Downloads\mssstool64.exe
2014-05-25 07:11 - 2011-12-03 16:43 - 00381422 _____ () C:\Windows\PFRO.log
2014-05-25 07:00 - 2012-04-03 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 20:41 - 2014-05-24 19:47 - 00000000 ____D () C:\Program Files (x86)\Pandora Recovery
2014-05-24 19:47 - 2014-05-24 19:47 - 00002031 _____ () C:\Users\Public\Desktop\Pandora Recovery.lnk
2014-05-24 19:47 - 2014-05-24 19:47 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\PandoraRecovery
2014-05-24 19:47 - 2014-05-24 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2014-05-24 19:44 - 2014-05-24 19:45 - 00929416 _____ (CNET Download.com) C:\Users\Edwards2\Downloads\cbsidlm-cbsi188-Pandora_Recovery-BP-10694796.exe
2014-05-24 16:24 - 2011-12-03 12:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-24 14:26 - 2011-12-04 12:47 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-05-24 14:20 - 2009-07-13 21:45 - 00422360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 14:17 - 2014-05-24 14:17 - 04009167 _____ () C:\Users\Edwards2\Desktop\ServicesRepair.exe
2014-05-24 14:17 - 2014-05-24 14:17 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-24 12:34 - 2011-12-03 11:00 - 00112320 _____ () C:\Users\Edwards2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-24 08:39 - 2011-12-06 20:20 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\.oit
2014-05-24 08:38 - 2014-05-19 15:36 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-24 08:37 - 2014-05-24 08:37 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-05-24 08:37 - 2014-05-24 08:37 - 00000000 ____D () C:\Program Files\Nuance
2014-05-24 08:37 - 2014-05-24 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-05-24 08:37 - 2014-05-19 15:36 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-05-24 08:37 - 2011-12-06 20:20 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Zeon
2014-05-24 08:30 - 2014-05-24 08:30 - 00002097 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-05-24 08:30 - 2014-05-24 08:30 - 00001891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-05-24 08:30 - 2011-12-06 20:20 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-05-24 08:28 - 2014-05-24 08:28 - 00000000 ____D () C:\Windows\PIXTRAN
2014-05-24 08:28 - 2014-05-24 08:28 - 00000000 ____D () C:\Users\Edwards2\Documents\MyWebPages
2014-05-24 07:32 - 2011-12-03 12:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-24 07:29 - 2009-07-13 19:34 - 00000553 _____ () C:\Windows\win.ini
2014-05-24 07:06 - 2014-05-24 07:06 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 07:06 - 2014-05-24 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 07:06 - 2014-05-24 07:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-24 07:06 - 2014-01-18 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 07:02 - 2013-09-09 10:21 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\AVG SafeGuard toolbar
2014-05-24 07:00 - 2014-05-24 06:46 - 00000000 ____D () C:\AdwCleaner
2014-05-24 06:44 - 2011-12-04 11:36 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\CrashDumps
2014-05-23 13:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-23 13:03 - 2014-05-23 13:03 - 00005404 _____ () C:\Users\Edwards2\Desktop\JRT.txt
2014-05-23 12:59 - 2014-05-23 12:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 06:56 - 2014-05-23 06:56 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-23 06:07 - 2014-05-23 06:07 - 00001266 _____ () C:\Users\Edwards2\Desktop\Windows Update.lnk
2014-05-23 05:48 - 2014-05-23 05:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-23 05:48 - 2011-12-03 12:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-05-22 21:08 - 2014-05-22 21:08 - 00002142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-22 21:08 - 2014-05-22 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-22 20:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 20:05 - 2012-01-30 21:08 - 00001052 _____ () C:\Users\Edwards2\Desktop\Dropbox.lnk
2014-05-22 20:05 - 2012-01-30 21:06 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 06:20 - 2012-11-24 15:55 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\NETGEARGenie
2014-05-22 05:40 - 2014-05-22 05:40 - 00000200 _____ () C:\Users\Edwards2\Desktop\Repair.bat
2014-05-21 06:14 - 2014-05-21 06:12 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-21 06:14 - 2014-05-21 06:12 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-21 06:12 - 2009-07-13 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 05:50 - 2014-05-20 05:50 - 00001808 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files\iPod
2014-05-20 05:50 - 2014-05-20 05:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-19 21:56 - 2011-12-23 22:05 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\uTorrent
2014-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-19 15:53 - 2012-11-06 16:39 - 00002170 _____ () C:\Windows\SysWOW64\pp.log
2014-05-19 05:27 - 2014-05-19 05:22 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\NAPS2
2014-05-19 05:27 - 2013-09-18 20:11 - 00000000 ____D () C:\Users\Edwards2\AppData\Local\63883F46-D8A8-4499-A69C-4F34FC6720C8.aplzod
2014-05-19 05:22 - 2014-05-19 05:22 - 00936907 _____ (Ben Olden-Cooligan ) C:\Users\Edwards2\Downloads\naps2-2.6.3-setup.exe
2014-05-19 05:22 - 2014-05-19 05:22 - 00000988 _____ () C:\Users\Public\Desktop\NAPS2.lnk
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2014-05-19 05:22 - 2014-05-19 05:22 - 00000000 ____D () C:\Program Files (x86)\NAPS2
2014-05-19 05:19 - 2014-05-19 05:19 - 03940568 _____ () C:\Users\Edwards2\Downloads\REGSERVO_Installer.exe
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieUserList
2014-05-18 08:06 - 2014-05-18 08:06 - 00000000 __SHD () C:\Users\Edwards2\AppData\Local\EmieSiteList
2014-05-17 18:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-17 17:27 - 2014-05-05 20:38 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-17 17:27 - 2011-12-03 10:53 - 00000000 ___RD () C:\Users\Edwards2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 17:24 - 2014-05-17 17:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-05-17 17:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 17:18 - 2011-12-06 20:15 - 02221084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-17 17:17 - 2013-09-06 19:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 17:17 - 2011-12-04 08:38 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 17:15 - 2013-09-23 19:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 17:00 - 2012-04-03 18:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 17:00 - 2012-04-03 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 17:00 - 2011-12-03 11:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-24 07:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 07:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 07:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 16:03 - 2011-12-08 09:45 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\HandBrake
2014-05-08 23:14 - 2014-05-13 17:34 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-08 23:11 - 2014-05-13 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 08:47 - 2013-09-09 10:21 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-05 21:40 - 2014-05-18 07:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-18 07:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:47 - 2014-05-05 20:47 - 00262144 _____ () C:\Windows\Minidump\050514-98811-01.dmp
2014-05-05 20:47 - 2011-12-24 18:22 - 00000000 ____D () C:\Windows\Minidump
2014-05-05 20:30 - 2011-12-03 11:57 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Adobe
2014-05-05 20:25 - 2014-05-18 07:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:25 - 2014-05-05 20:25 - 00262144 _____ () C:\Windows\Minidump\050514-79763-01.dmp
2014-05-05 20:07 - 2014-05-18 07:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:06 - 2014-05-05 20:06 - 00262144 _____ () C:\Windows\Minidump\050514-101322-01.dmp
2014-05-05 20:00 - 2014-05-18 07:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-18 07:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 08:34 - 2013-05-05 20:18 - 00000000 ____D () C:\Users\test.EdwardsPC2
2014-05-03 12:50 - 2014-05-03 12:50 - 00262144 _____ () C:\Windows\Minidump\050314-85441-01.dmp
2014-04-27 23:13 - 2014-04-27 23:12 - 00262144 _____ () C:\Windows\Minidump\042714-104146-01.dmp
2014-04-27 06:12 - 2011-12-03 17:00 - 00000000 ____D () C:\Users\Edwards2\AppData\Roaming\Skype
2014-04-26 13:56 - 2011-12-04 12:06 - 00000727 _____ () C:\Users\Edwards2\Sti_Trace.log
2014-04-25 22:49 - 2014-04-25 22:49 - 00262144 _____ () C:\Windows\Minidump\042514-89450-01.dmp
2014-04-25 22:34 - 2014-04-25 22:34 - 00262144 _____ () C:\Windows\Minidump\042514-89903-01.dmp
2014-04-25 17:20 - 2014-04-25 17:20 - 00262144 _____ () C:\Windows\Minidump\042514-98187-01.dmp

Some content of TEMP:
====================
C:\Users\Edwards2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphd2u1n.dll
C:\Users\Edwards2\AppData\Local\Temp\nsa96D6.exe
C:\Users\Edwards2\AppData\Local\Temp\nsm8440.exe
C:\Users\Edwards2\AppData\Local\Temp\nsr9B3B.exe
C:\Users\Edwards2\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

LastRegBack: 2014-05-19 21:29

==================== End Of Log ============================


  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

The scan I needed is the Farbar Service Scanner (FSS).

Lets take the opportunity to fix the TLD4 infection shown in FRST:

Download the enclosed file. Attached File  fixlist.txt   364bytes   75 downloads
 
Save it in the same location FRST is saved.
 
Run FRST and click on the Fix button.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Please also run the Farbar Service (FSS) Scanner and post its report.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP