Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UT oh! Pop up suggests Malware. Pic attached [Solved]


  • This topic is locked This topic is locked

#1
jbcteacher

jbcteacher

    Member

  • Member
  • PipPipPip
  • 197 posts
I haven't done the scans yet... Usually do and will. Wanted someone to look at this first...

Attached Thumbnails

  • image.jpg
  • image.jpg

Edited by jbcteacher, 27 September 2014 - 05:22 AM.

  • 0

Advertisements


#2
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

OTL logfile created on: 9/25/2014 2:43:37 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 73.42% Memory free
15.50 Gb Paging File | 13.30 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 1277.70 Gb Free Space | 91.45% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/25 14:43:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2014/09/25 10:10:33 | 001,416,016 | ---- | M] (BitTorrent Inc.) -- C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/23 13:43:17 | 000,150,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2013/01/23 13:43:15 | 000,772,712 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2012/12/31 10:23:10 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/12/31 10:23:10 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/12/19 13:05:18 | 000,101,376 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/12/19 13:05:16 | 000,008,704 | ---- | M] (Freemake) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/01/23 13:43:17 | 000,150,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2013/01/23 13:43:15 | 000,772,712 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/09/13 17:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2014/09/25 10:37:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/31 10:23:10 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/12/19 13:05:18 | 000,101,376 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/12/19 13:05:16 | 000,008,704 | ---- | M] (Freemake) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/23 01:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/07/23 01:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/07/23 00:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/05/24 17:29:05 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/26 14:02:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/10/28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/08 11:41:16 | 001,600,064 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/25 14:13:26 | 000,205,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 06:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2014/09/25 10:25:47 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/25 10:25:47 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/25 06:45:52 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140925.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/09/12 18:11:19 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/03 19:29:16 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140924.019\ex64.sys -- (NAVEX15)
DRV - [2014/09/03 19:29:16 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140924.019\eng64.sys -- (NAVENG)
DRV - [2012/12/31 10:23:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.n...id=tbid05242014
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 98 9D 52 0A 85 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{12FD6934-5A7E-4A0A-93E0-CFCFBD2775C6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS524
IE - HKCU\..\SearchScopes\{B9AC4EF3-B09B-4FE3-9D3F-52D8A193BBDF}: "URL" = http://search.xfinit...&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/05/24 17:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/09/25 13:49:20 | 000,000,000 | ---D | M]
 
[2012/06/12 19:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.condui...SearchSource=48
 
O1 HOSTS File: ([2012/08/27 17:03:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} https://wws2.mutualo.../TWDownload.cab (TWDownloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC31EA0-8ACE-41A1-A1A8-BF4D6FA797E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E92617A-81F3-4FEC-A37A-3D3946DF9241}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{722895E2-1B68-4C30-A110-A22DD1F53585}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2247A93-1417-450A-A28F-2D79EDDFD666}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/25 14:42:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2014/09/25 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\pride and patriotism emily
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/25 14:43:56 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/09/25 14:43:56 | 000,662,400 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/09/25 14:43:56 | 000,122,268 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/09/25 14:43:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2014/09/25 14:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/09/25 14:33:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/25 13:53:41 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 13:53:41 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 13:46:14 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/25 13:45:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/09/25 13:45:40 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/25 13:45:39 | 768,287,514 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/09/25 10:34:56 | 002,118,303 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/09/25 10:30:02 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2014/09/25 10:30:02 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2014/09/17 01:40:29 | 000,045,410 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1505000.013\VT20140916.019
[2014/09/05 11:13:23 | 000,221,048 | ---- | M] () -- C:\windows\SysNative\LexFiles.ulf
[2014/09/05 11:11:02 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2014/09/05 09:20:54 | 000,002,361 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/09/05 09:20:24 | 005,114,208 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/25 13:45:39 | 768,287,514 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/06/27 10:49:18 | 000,006,656 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/24 17:46:52 | 000,000,378 | ---- | C] () -- C:\Program Files (x86)\temp995.bat
[2014/04/19 15:30:09 | 000,774,632 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/07/16 14:19:12 | 000,002,239 | ---- | C] () -- C:\Users\Justin\AppData\Local\recently-used.xbel
[2012/09/03 18:56:28 | 000,007,602 | ---- | C] () -- C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
[2011/05/24 17:49:11 | 000,001,940 | ---- | C] () -- C:\Users\Justin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/21 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2013/12/12 19:49:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/09 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.jakks.spynet
[2010/07/18 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DriverFinder
[2011/10/15 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ImgBurn
[2010/08/19 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2011/11/29 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MusicNet
[2014/06/25 09:01:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\No Company Name
[2013/12/14 09:52:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PDAppFlex
[2012/04/15 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\pdf995
[2010/06/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Skinux
[2014/03/15 11:50:05 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TaxCut
[2014/02/17 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uPlayer
[2014/09/25 14:47:55 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#3
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

AdwScan.jpg?

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

  • 0

#4
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Here is the ADWCleaner log:

# AdwCleaner v3.311 - Report created 02/10/2014 at 15:50:21
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Justin - JUSTIN-PC
# Running from : C:\Users\Justin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Upromise
Folder Deleted : C:\Users\Justin\AppData\Local\Conduit
Folder Deleted : C:\Users\Justin\AppData\Local\ConduitEngine
Folder Deleted : C:\Users\Justin\AppData\Local\Elf_1.15
Folder Deleted : C:\Users\Justin\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Justin\AppData\Local\iLivid
Folder Deleted : C:\Users\Justin\AppData\Local\iMesh
Folder Deleted : C:\Users\Justin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Justin\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Justin\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Justin\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Justin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Justin\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Justin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Justin\AppData\LocalLow\wincoreimband
File Deleted : C:\END
File Deleted : C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v

[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=48

*************************

AdwCleaner[R0].txt - [13546 octets] - [02/10/2014 15:47:58]
AdwCleaner[S0].txt - [13432 octets] - [02/10/2014 15:50:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13493 octets] ##########


  • 0

#5
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Frst:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01
Ran by Justin (administrator) on JUSTIN-PC on 02-10-2014 16:01:52
Running from C:\Users\Justin\Desktop
Loaded Profile: Justin (Available profiles: Justin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Freemake) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
( ) C:\Windows\System32\lxeacoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\threatwork.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [150264 2013-01-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\S-1-5-21-3703835883-1511878293-526365159-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3703835883-1511878293-526365159-1001\...\Run: [uTorrent] => C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe [1416016 2014-09-25] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.n...id=tbid05242014
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D989D520A85CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKCU - {B9AC4EF3-B09B-4FE3-9D3F-52D8A193BBDF} URL = http://search.xfinit...&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKLM-x32 - No Name - !{4b9bcce8-a70b-402a-a7e1-db96831ee26f} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} -  No File
Toolbar: HKCU - No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {7B62F6EE-D046-11D3-9C5E-0060082627F7} https://wws2.mutualo.../TWDownload.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=48"
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noebaifjopccondbkcieccphcpijhdne [2012-08-26]
CHR HKCU\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Justin\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Justin\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx [2012-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101376 2012-12-19] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-12-19] (Freemake) [File not signed]
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2012-12-31] (Lavasoft Limited)
S2 lxeaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2011-06-08] (Ralink Technology Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140925.002\IDSvia64.sys [633560 2014-09-25] (Symantec Corporation)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-12-31] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140925.009\ENG64.SYS [129752 2014-09-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140925.009\EX64.SYS [2137304 2014-09-03] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 16:01 - 2014-10-02 16:02 - 00017199 _____ () C:\Users\Justin\Desktop\FRST.txt
2014-10-02 16:01 - 2014-10-02 16:01 - 02108928 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2014-10-02 16:01 - 2014-10-02 16:01 - 00000000 ____D () C:\FRST
2014-10-02 15:53 - 2014-10-02 15:54 - 00003620 _____ () C:\windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-10-02 15:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-02 15:47 - 2014-10-02 15:50 - 00000000 ____D () C:\AdwCleaner
2014-10-02 15:47 - 2014-10-02 15:47 - 01375089 _____ () C:\Users\Justin\Desktop\AdwCleaner.exe
2014-09-26 03:08 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-26 03:08 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-26 03:08 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-26 03:08 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-26 03:08 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-26 03:08 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-26 03:08 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-26 03:08 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-26 03:08 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-26 03:08 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-26 03:08 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-26 03:08 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-26 03:08 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-26 03:08 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-26 03:08 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-26 03:08 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-26 03:08 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-26 03:08 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-26 03:08 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-26 03:08 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-26 03:08 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-26 03:08 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-26 03:08 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-26 03:08 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-26 03:08 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-26 03:08 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-26 03:08 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-26 03:08 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-26 03:08 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-26 03:08 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-26 03:08 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-26 03:08 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-26 03:08 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-26 03:08 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-26 03:08 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-26 03:08 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-26 03:08 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-26 03:08 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-26 03:08 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-26 03:08 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-26 03:08 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-26 03:08 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-26 03:08 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-26 03:08 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-26 03:08 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-26 03:08 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-26 03:08 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-26 03:08 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-26 03:08 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-26 03:08 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-26 03:08 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-26 03:08 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-26 03:08 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-26 03:08 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-26 03:08 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-26 03:08 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-26 03:02 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-26 03:02 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-25 14:49 - 2014-09-25 14:49 - 00076944 _____ () C:\Users\Justin\Desktop\OTL.Txt
2014-09-25 14:42 - 2014-09-25 14:43 - 00602112 _____ (OldTimer Tools) C:\Users\Justin\Desktop\OTL.exe
2014-09-25 14:00 - 2014-09-25 14:00 - 00000000 ____D () C:\Users\Justin\Documents\pride and patriotism emily
2014-09-25 13:45 - 2014-09-25 13:45 - 768287514 _____ () C:\windows\MEMORY.DMP
2014-09-25 13:45 - 2014-09-25 13:45 - 00275096 _____ () C:\windows\Minidump\092514-34023-01.dmp
2014-09-25 10:36 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-25 10:36 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-25 10:36 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-25 10:36 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-25 10:35 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-25 10:35 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-25 10:35 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-25 10:35 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-25 10:35 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-25 10:35 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-25 10:35 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-25 10:33 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-25 10:33 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-05 11:07 - 2014-09-05 11:09 - 78567032 _____ () C:\Users\Justin\Downloads\LEXMARK_S400_wcr_64_en.exe
2014-09-05 09:27 - 2014-09-05 09:27 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2014-09-04 11:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-09-04 11:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-09-04 11:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-09-04 11:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-09-04 11:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-09-04 11:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-09-04 11:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-09-04 11:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-09-04 10:55 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-04 10:55 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-04 10:55 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-09-04 10:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-09-04 10:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-09-04 10:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-04 10:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-04 10:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-09-04 10:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-09-04 10:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-04 10:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-09-04 10:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-09-04 10:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-09-04 10:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-04 10:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 16:02 - 2011-10-01 17:09 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\uTorrent
2014-10-02 16:00 - 2012-09-01 08:57 - 01853183 _____ () C:\windows\WindowsUpdate.log
2014-10-02 15:59 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-02 15:58 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-02 15:54 - 2011-12-13 17:54 - 00000064 _____ () C:\windows\SysWOW64\rp_stats.dat
2014-10-02 15:54 - 2011-12-13 17:54 - 00000044 _____ () C:\windows\SysWOW64\rp_rules.dat
2014-10-02 15:52 - 2014-07-30 11:22 - 00004444 _____ () C:\windows\PFRO.log
2014-10-02 15:52 - 2014-06-25 10:10 - 00003104 _____ () C:\windows\setupact.log
2014-10-02 15:52 - 2013-07-15 19:50 - 00036922 _____ () C:\aaw7boot.log
2014-10-02 15:52 - 2013-02-24 22:21 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 15:52 - 2010-03-21 11:35 - 00153535 _____ () C:\ProgramData\lxeascan.log
2014-10-02 15:52 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-02 15:50 - 2009-07-14 00:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:50 - 2009-07-14 00:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:45 - 2013-02-24 22:21 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 15:45 - 2012-06-10 09:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 03:30 - 2014-05-10 11:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-26 03:06 - 2009-09-09 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-26 03:04 - 2014-04-19 15:30 - 00774632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-26 03:00 - 2011-11-03 09:12 - 00001936 _____ () C:\ProgramData\lxea.log
2014-09-25 16:15 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-25 15:45 - 2010-02-26 16:38 - 00000000 ____D () C:\Users\Justin
2014-09-25 13:45 - 2013-04-09 20:26 - 00000000 ____D () C:\windows\Minidump
2014-09-25 10:37 - 2012-06-10 09:38 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 10:37 - 2012-06-10 09:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 10:37 - 2011-08-15 18:24 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-05 14:31 - 2012-09-03 08:51 - 00000000 ____D () C:\Program Files (x86)\Lexmark S300-S400 Series
2014-09-05 11:13 - 2012-09-03 08:51 - 00221048 _____ () C:\windows\system32\LexFiles.ulf
2014-09-05 11:11 - 2012-09-03 08:52 - 00002003 _____ () C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
2014-09-05 11:10 - 2012-09-03 08:51 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-09-05 09:53 - 2011-11-26 15:04 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2014-09-05 09:46 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-05 09:21 - 2014-05-24 17:29 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-09-05 09:21 - 2014-05-24 17:27 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-09-05 09:20 - 2014-05-24 17:28 - 00002361 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-09-05 09:20 - 2014-05-24 17:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-09-05 09:20 - 2009-07-14 00:45 - 05114208 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-04 10:51 - 2014-04-12 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 03:01

==================== End Of Log ============================


  • 0

#6
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 01
Ran by Justin at 2014-10-02 16:03:03
Running from C:\Users\Justin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware (HKLM-x32\...\{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}) (Version: 9.6.0 - Lavasoft Limited)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)
Flash Renamer 6.53 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.4.2 - Ellora Assets Corporation)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6502 - HRB Technology, LLC.)
HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.6.10600 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12600.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18800.9.2 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10600.28.0 - Nero AG)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5945 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.8 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SpyNet Field Office (HKLM-x32\...\com.jakks.spynet) (Version: 1.05 - UNKNOWN)
SpyNet Field Office (x32 Version: 1.05 - UNKNOWN) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3703835883-1511878293-526365159-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3703835883-1511878293-526365159-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3703835883-1511878293-526365159-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3703835883-1511878293-526365159-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3703835883-1511878293-526365159-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-08-2014 11:18:12 Windows Update
04-09-2014 14:57:34 Windows Update
05-09-2014 13:26:23 Windows Update
05-09-2014 13:35:12 Installed Adblock Plus for IE (32-bit and 64-bit)
05-09-2014 17:46:23 Windows Update
25-09-2014 20:14:44 Scheduled Checkpoint
26-09-2014 07:01:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-08-27 17:03 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CF72786-A286-4564-8AB2-C0049EDE894E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {2FEBD200-BD85-41B6-A3EE-F6FA05AA64FF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {41E42291-266D-40FB-92A9-4638A6A7F30F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {57883644-5FAE-49D9-8271-FA66D835E14F} - System32\Tasks\AdobeAAMUpdater-1.0-Justin-PC-Justin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7D9D3B1A-C1EA-4E70-B07E-5355B229082C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {7DECEF99-8091-4C39-983A-33F836156B80} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28] (Lavasoft Limited                                                      )
Task: {85E80434-1B36-42D9-9CC9-437FFA931836} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {99B2B71C-57CE-45BE-A00E-BFB56D157CD3} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {99E3D155-A7EF-4FF9-BD2F-CAFFACCC49C2} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B231B011-BB5F-4040-A449-97B821F83655} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E95D533E-FDE1-40DB-B8B0-6BAB72268B68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {EA865DD3-EB23-4000-8505-F95AC5F6B684} - System32\Tasks\4818 => Wscript.exe C:\Users\Justin\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-21 11:36 - 2009-11-04 08:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-26 14:01 - 2011-12-07 19:31 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2012-09-03 08:52 - 2013-01-23 13:43 - 00772712 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2012-09-03 08:52 - 2013-01-23 13:43 - 00150264 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2012-11-26 14:01 - 2011-12-08 17:53 - 08364288 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-26 14:01 - 2011-10-25 15:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2012-09-03 08:52 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2012-09-03 08:52 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2012-09-03 08:52 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2012-09-03 08:52 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2010-03-21 11:25 - 2009-02-20 03:48 - 00381440 _____ () C:\windows\system32\lxeasm.dll
2010-03-21 11:25 - 2009-02-20 03:48 - 00023552 _____ () C:\windows\system32\lxeasmr.dll
2012-09-03 08:52 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2012-09-03 08:52 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2012-09-03 08:52 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2012-09-03 08:52 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2012-09-03 08:52 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2012-09-03 08:52 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2012-09-03 08:52 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2012-09-03 08:52 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2012-09-03 08:52 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2012-09-03 08:52 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2012-11-26 14:01 - 2011-09-13 17:57 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00591232 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2012-12-31 10:23 - 2014-06-20 06:08 - 00192376 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2012-12-31 10:23 - 2014-06-20 06:08 - 00180088 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2012-12-31 10:22 - 2012-12-31 10:22 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: uTorrent => "C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-3703835883-1511878293-526365159-500 - Administrator - Disabled)
Guest (S-1-5-21-3703835883-1511878293-526365159-501 - Limited - Disabled)
Justin (S-1-5-21-3703835883-1511878293-526365159-1001 - Administrator - Enabled) => C:\Users\Justin

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2014 03:54:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (09/25/2014 10:30:11 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3523313

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3523313

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2014 09:53:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdblockPlusEngine.exe, version: 1.1.0.0, time stamp: 0x52540631
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001e1b84b
Faulting process id: 0xddc
Faulting application start time: 0xAdblockPlusEngine.exe0
Faulting application path: AdblockPlusEngine.exe1
Faulting module path: AdblockPlusEngine.exe2
Report Id: AdblockPlusEngine.exe3

Error: (09/04/2014 10:59:13 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/04/2014 10:53:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e88

Start Time: 01cfc84b9a0101bc

Termination Time: 31

Application Path: C:\windows\Explorer.EXE

Report Id: 1e0b16a9-3443-11e4-afb6-4061865ac6d2

Error: (08/03/2014 03:06:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1354

Start Time: 01cfaf4dc4977f68

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/31/2014 06:25:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13073

System errors:
=============
Error: (10/02/2014 03:54:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/02/2014 03:52:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (10/02/2014 03:52:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (10/02/2014 03:50:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/26/2014 03:35:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/26/2014 03:35:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (09/26/2014 03:29:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/25/2014 01:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/25/2014 01:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (09/25/2014 01:45:57 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff8000328193c)C:\windows\MEMORY.DMP092514-34023-01

Microsoft Office Sessions:
=========================
Error: (10/02/2014 03:54:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (09/25/2014 10:30:11 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3523313

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3523313

Error: (09/05/2014 01:43:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2014 09:53:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdblockPlusEngine.exe1.1.0.052540631unknown0.0.0.000000000c00000050000000001e1b84bddc01cfc910547d2a1bC:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exeunknown08793586-3504-11e4-b000-4061865ac6d2

Error: (09/04/2014 10:59:13 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/04/2014 10:53:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567e8801cfc84b9a0101bc31C:\windows\Explorer.EXE1e0b16a9-3443-11e4-afb6-4061865ac6d2

Error: (08/03/2014 03:06:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17207135401cfaf4dc4977f6815C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/31/2014 06:25:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13073

CodeIntegrity Errors:
===================================
  Date: 2012-08-27 17:00:30.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-27 17:00:30.478
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 31%
Total physical RAM: 7935.18 MB
Available physical RAM: 5405.21 MB
Total Pagefile: 15868.54 MB
Available Pagefile: 13452.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1397.17 GB) (Free:1277.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#7
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Shortcut:

 

Users shortcut scan result (x64) Version: 01-10-2014 01
Ran by Justin at 2014-10-02 16:03:46
Running from C:\Users\Justin\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNet Field Office.lnk -> C:\Users\Justin\Desktop\SpyNet Field Office\SpyNet Field Office.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\New folder\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\New folder\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\New folder\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\New folder\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\Data Lifeguard Diagnostic for Windows.lnk -> C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\WinDlg.exe (Western Digital)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\Help Documentation.lnk -> C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\help.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\Uninstall Data Lifeguard Diagnostic for Windows.lnk -> C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel\Desktop 6\The Weather Channel Desktop.lnk -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel\Desktop 6\Uninstall.lnk -> C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite\Norton Security Suite.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Burning ROM.lnk -> C:\Windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_FF88F478D1E748AC86035D457D563142.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero ControlCenter.lnk -> C:\Windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Danish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_da-DK.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\English (UK).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_en-GB.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\English (US).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Finnish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_fi-FI.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Greek.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_el-GR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Hungarian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_hu-HU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Norwegian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_nb-NO.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Portuguese (Brazil).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_pt-BR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Portuguese (Portugal).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_pt-PT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Thai.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_th-TH.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero ControlCenter\Turkish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroControlCenter_tr-TR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Portuguese (Portugal).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_pt-PT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero BurnRights\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurnRights_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Chinese (Simplified).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_zh-CN.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Chinese (Traditional).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_zh-TW.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Czech.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_cs-CZ.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Dutch.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_nl-NL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\English.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_en-US.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\French.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_fr-FR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\German.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_de-DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Italian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_it-IT.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Japanese.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_ja-JP.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Korean.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_ko-KR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Polish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_pl-PL.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Portuguese (Brazil).lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_pt-BR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Russian.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_ru-RU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Spanish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_es-ES.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 10\Nero Help\Nero Burning ROM\Swedish.lnk -> C:\Program Files (x86)\Nero\Nero 10\Help\NeroBurningRom_sv-SE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Activation Assistant for Microsoft Office.lnk -> C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites\ota.hta ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark Printer Home.LNK -> C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\S400 Series\View User's Guide.LNK -> C:\Program Files (x86)\Lexmark S300-S400 Series\LXEAuser.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Ad-Aware Manual.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Lavasoft Ad-Aware Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Ad-Aware.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Lavasoft Homepage.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Lavasoft Homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Toolbox\ThreatWork.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\threatwork.exe (Lavasoft Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn Read Me.lnk -> C:\Program Files (x86)\ImgBurn\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\Uninstall.lnk -> C:\Program Files (x86)\ImgBurn\uninstall.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HRBlockDirect\HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block                            )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HRBlockDirect\Uninstall HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013\H&R Block 2013 ReadMe .lnk -> C:\Program Files (x86)\HRBlock2013\Program\readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013\Install PDF Printer.lnk -> C:\Program Files (x86)\HRBlock2013\PDF995\InstallPDFPrinter.exe (HRB Technology, LLC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\FreemakeYoutubeMP3Converter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer\Flash Renamer.lnk -> C:\Program Files (x86)\Flash Renamer\FlashRen.exe (RL Vision)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer\Help.lnk -> C:\Program Files (x86)\Flash Renamer\Help\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer\Homepage.lnk -> C:\Program Files (x86)\Flash Renamer\Homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer\Register.lnk -> C:\Program Files (x86)\Flash Renamer\Register.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer\Uninstall.lnk -> C:\Program Files (x86)\Flash Renamer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Print Creations.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\Start ArcSoft Connect.lnk -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe (ArcSoft Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk -> C:\Windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk -> C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Sprint0.chm ()
Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\Links\Desktop.lnk -> C:\Users\Justin\Desktop ()
Shortcut: C:\Users\Justin\Links\Downloads.lnk -> C:\Users\Justin\Downloads ()
Shortcut: C:\Users\Justin\Links\SkyDrive.lnk -> C:\Users\Justin\SkyDrive ()
Shortcut: C:\Users\Justin\Desktop\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{N360_SOS_21.1.0.18} ()
Shortcut: C:\Users\Justin\Desktop\uPlayer.lnk -> C:\Users\Justin\AppData\Roaming\Microsoft\Installer\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}\_9985D12C74E37AD5C3BA13.exe ()
Shortcut: C:\Users\Justin\Desktop\WBFS Manager 3.0.lnk -> C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe ()
Shortcut: C:\Users\Justin\Desktop\µTorrent.lnk -> C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\New folder\Rar.txt ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\New folder\WhatsNew.txt ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\New folder\WinRAR.chm ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\New folder\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager\WBFS Manager 3.0.lnk -> C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer\Uninstall.lnk -> C:\Users\Justin\AppData\Roaming\Microsoft\Installer\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}\_F3528F4E75D140A8DF3AF3.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer\uPlayer.lnk -> C:\Users\Justin\AppData\Roaming\Microsoft\Installer\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}\_043436154218992112396E.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{N360_SOS_21.1.0.18} ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\4Sync\Getting Started with 4Sync.lnk -> C:\Program Files (x86)\4Sync\Getting Started with 4Sync.pdf (No File)
Shortcut: C:\Users\Justin\4Sync\My Photo\Cover.lnk -> C:\Users\Justin\Downloads\Diary of a Wimpy Kid 2\Cover (No File)
Shortcut: C:\Users\Justin\4Sync\My Photo\GUI_BITMAPS.lnk -> C:\Program Files\Lexmark S300-S400 Series\Drivers\COMMON\GUI_BITMAPS ()
Shortcut: C:\Users\Justin\4Sync\My Photo\icons.lnk -> C:\Users\Justin\Desktop\SpyNet Field Office\icons ()
Shortcut: C:\Users\Justin\4Sync\My Photo\images(2).lnk -> C:\Program Files\Lexmark S300-S400 Series\Job Status\x64\Scripts\images ()
Shortcut: C:\Users\Justin\4Sync\My Photo\Images(3).lnk -> C:\Program Files\Lexmark S300-S400 Series\LexUpdt\Wireless\Images (No File)
Shortcut: C:\Users\Justin\4Sync\My Photo\images.lnk -> C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images ()
Shortcut: C:\Users\Justin\4Sync\My Photo\Pictures(2).lnk -> C:\Users\Public\Pictures ()
Shortcut: C:\Users\Justin\4Sync\My Photo\Pictures.lnk -> C:\Users\Justin\Pictures ()
Shortcut: C:\Users\Justin\4Sync\My Photo\WBFS Manager Covers.lnk -> C:\Users\Justin\Documents\WBFS Manager Covers ()
Shortcut: C:\Users\Justin\4Sync\My Photo\Wizard101.lnk -> C:\Users\Justin\Documents\Wizard101 ()
Shortcut: C:\Users\Justin\4Sync\My Music\Green Day.lnk -> C:\Users\Justin\Music\iMesh\Boulevard Of The Broken Dreams\Green Day ()
Shortcut: C:\Users\Justin\4Sync\My Music\Let It Shine (Original Soundtrack).lnk -> C:\Users\Justin\Music\iMesh\CoCo Jones\Let It Shine (Original Soundtrack) ()
Shortcut: C:\Users\Justin\4Sync\My Music\Music.lnk -> C:\Users\Justin\Music\iTunes\iTunes Media\Music ()
Shortcut: C:\Users\Justin\4Sync\My Music\Party Rock Anthem.lnk -> C:\Users\Justin\Music\iMesh\Party Rock Anthem\Party Rock Anthem ()
Shortcut: C:\Users\Justin\4Sync\My Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Justin\4Sync\My Media\Clock.lnk -> C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget ()
Shortcut: C:\Users\Justin\4Sync\My Media\common.lnk -> C:\Program Files\Lexmark S300-S400 Series\LexUpdt\drivers\win_xp2k\common (No File)
Shortcut: C:\Users\Justin\4Sync\My Media\DvdStyles.lnk -> C:\Program Files\DVD Maker\Shared\DvdStyles ()
Shortcut: C:\Users\Justin\4Sync\My Media\home.lnk -> C:\Users\Justin\Desktop\SpyNet Field Office\images\home ()
Shortcut: C:\Users\Justin\4Sync\My Media\Image(2).lnk -> C:\Program Files\Lexmark S300-S400 Series\Install\Config\Image ()
Shortcut: C:\Users\Justin\4Sync\My Media\image.lnk -> C:\Program Files\Lexmark S300-S400 Series\LexUpdt\install\config\image (No File)
Shortcut: C:\Users\Justin\4Sync\My Media\Mortgage.lnk -> C:\Users\Justin\Desktop\Mortgage (No File)
Shortcut: C:\Users\Justin\4Sync\My Media\Network Sharing.lnk -> C:\Program Files\Windows Media Player\Network Sharing ()
Shortcut: C:\Users\Justin\4Sync\My Media\PicturePuzzle.lnk -> C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget ()
Shortcut: C:\Users\Justin\4Sync\My Media\SlideShow.lnk -> C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget ()
Shortcut: C:\Users\Public\Desktop\Ad-Aware.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft Limited)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Flash Renamer.lnk -> C:\Program Files (x86)\Flash Renamer\FlashRen.exe (RL Vision)
Shortcut: C:\Users\Public\Desktop\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK -> C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe ()
Shortcut: C:\Users\Public\Desktop\Nero Burning ROM 10.lnk -> C:\Windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe (Acresso Software Inc.)
Shortcut: C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\Users\Public\Desktop\Norton Security Suite.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe (Symantec Corporation)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe ()

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Systems Incorporated) -> --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel\Desktop 6\Give Us Your Feedback.lnk -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) -> FeedBack
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel\Desktop 6\Help.lnk -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) -> Help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite\LiveUpdate.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe (Symantec Corporation) -> /lu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite\Support.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\symerr.exe (Symantec Corporation) -> /support
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite\Uninstall Norton Security Suite.lnk -> C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\70512b0b\21.5.0.19\inststub.exe (Symantec Corporation) -> /X /shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie\Uninstall NETGEAR WNA3100 Software.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe (Acresso Software Inc.                                        ) -> -z "-Remove"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe () ->  /design
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\S400 Series\Uninstall Lexmark S400 Series.LNK -> C:\Program Files\Lexmark S300-S400 Series\Install\x64\instgui.exe ( ) -> /u MODEL="S400 Series" PRODUCT_CODE="4443201"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Ad-Aware Update.lnk -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft Limited                                                      ) -> update all
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Ad-Aware\Uninstall Ad-Aware.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {E43196CF-182A-4D9E-9CE7-69616DBEE3B0} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013\H&R Block 2013 .lnk -> C:\Program Files (x86)\HRBlock2013\Program\HRBlock2013.exe (H&R Block) -> /N version.taxcut.com
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Album Page.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 85
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Funhouse.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 89
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Half-Fold Greeting Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 84
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Photo Book.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 91
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Photo Calendar.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 86
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Quarter-Fold Greeting Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 92
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Scrapbook.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 150
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Slimline Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 164
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\View My ArcSoft Info.lnk -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe (ArcSoft Inc.) -> ProductInfo.ac
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Adobe Application Manager.lnk -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Systems Incorporated) -> --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
ShortcutWithArgument: C:\Users\Public\Desktop\H&R Block 2013.lnk -> C:\Program Files (x86)\HRBlock2013\Program\HRBlock2013.exe (H&R Block) -> /N version.taxcut.com

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url -> hxxp://www.revouninstallerpro.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Try Online.url -> hxxp://printcreations.arcsoft.com/online/
InternetURL: C:\Users\Justin\Favorites\A Conversation with Sally Shaywitz, M.D., Author of Overcoming Dyslexia - Reading - GreatSchools.url -> hxxp://www.greatschools.org/special-education/LD-ADHD/836-a-conversation-with-sally-shaywitz-m-d-author-of-overcoming-dyslexia.gs?page=3
InternetURL: C:\Users\Justin\Favorites\Bank of America  Home  Personal.url -> https://www.bankofamerica.com/
InternetURL: C:\Users\Justin\Favorites\Bella Terra -.url -> hxxp://www.yourbellaterra.com/modules/wfchannel/
InternetURL: C:\Users\Justin\Favorites\Bing.url -> hxxp://www.bing.com/?pc=APPT
InternetURL: C:\Users\Justin\Favorites\Can't seem to do anything... - Geeks to Go Forums.url -> hxxp://www.geekstogo.com/forum/topic/321662-cant-seem-to-do-anything/page__p__2197512__fromsearch__1
InternetURL: C:\Users\Justin\Favorites\Comcast.net  Entertainment  News  Sports  Email  Watch TV Online  Comcast Deals  On Demand.url -> hxxp://www.comcast.net/
InternetURL: C:\Users\Justin\Favorites\Demonoid.url -> hxxp://www.demonoid.me/files/
InternetURL: C:\Users\Justin\Favorites\Doppler ZOOM - Interactive Street-Level Radar - NBC-2.com WBBH News for Fort Myers, Cape Coral & Naples, Florida.url -> hxxp://www.nbc-2.com/category/170788/interactive-radar
InternetURL: C:\Users\Justin\Favorites\emily's amazon ipod needs.url -> hxxp://www.amazon.com/gp/cart/view.html/ref=gno_cart
InternetURL: C:\Users\Justin\Favorites\FL Dept Rev - Property Tax Exemptions and Discounts.url -> hxxp://dor.myflorida.com/dor/property/taxpayers/exemptions.html
InternetURL: C:\Users\Justin\Favorites\gmail Email from Google.url -> https://www.google.c...lt&ltmplcache=2
InternetURL: C:\Users\Justin\Favorites\Google.url -> hxxp://www.google.com/
InternetURL: C:\Users\Justin\Favorites\Gulf Coast Swim Team.url -> hxxp://www.gcst.org/Home.jsp?team=fsgcst
InternetURL: C:\Users\Justin\Favorites\Healthy Kids KidCare.url -> https://www.healthykids.org/apply/
InternetURL: C:\Users\Justin\Favorites\http--dor.myflorida.com-dor-forms-2008-dr501tfillable.pdf.url -> hxxp://dor.myflorida.com/dor/forms/2008/dr501tfillable.pdf
InternetURL: C:\Users\Justin\Favorites\I Heart Publix.url -> hxxp://www.iheartpublix.com/
InternetURL: C:\Users\Justin\Favorites\Improve your Brain Health - Lumosity.url -> hxxp://www.lumosity.com/app/v4/personalization?gclid=CPfop8K5rrUCFQLznAodRA0AlQ
InternetURL: C:\Users\Justin\Favorites\Ladybug's Teacher Files- Updated CRAFT Board with Strategies.url -> hxxp://www.ladybugsteacherfiles.com/2012/08/updated-craft-board-with-strategies.html
InternetURL: C:\Users\Justin\Favorites\LENNAR - Holding our deposit.url -> hxxp://lennar.pissedconsumer.com/holding-our-deposit-20110904259872.html
InternetURL: C:\Users\Justin\Favorites\Login  Facebook.url -> hxxp://www.facebook.com/login.php
InternetURL: C:\Users\Justin\Favorites\Metro Swim Shop - Best Service with Lowest Prices.url -> hxxp://www.metroswimshop.com/
InternetURL: C:\Users\Justin\Favorites\Netflix.url -> hxxp://www.netflix.com/MemberHome
InternetURL: C:\Users\Justin\Favorites\Pampered Chef Mini Cheeseburgers Recipe - Food.com - 404472.url -> hxxp://www.food.com/recipe/pampered-chef-mini-cheeseburgers-404472
InternetURL: C:\Users\Justin\Favorites\PARCC Place Newsletter - PARCC.url -> hxxp://www.parcconline.org/parcc-place-newsletter
InternetURL: C:\Users\Justin\Favorites\Retirement Services - Dashboard.url -> https://retirementse...VzoxwVARMli8I!/
InternetURL: C:\Users\Justin\Favorites\SafeHouse.cc.url -> hxxp://stoneybrook.webguest.cc/
InternetURL: C:\Users\Justin\Favorites\SpyNet HQ Home.url -> hxxp://www.spynethq.com/
InternetURL: C:\Users\Justin\Favorites\Sunshine Elementary School.url -> hxxp://sun.leeschools.net/
InternetURL: C:\Users\Justin\Favorites\The Alternative Medicine Cabinet- Cetaphil for Lice - NYTimes.com.url -> hxxp://well.blogs.nytimes.com/2010/03/24/the-alternative-medicine-cabinet-cetaphil-for-lice/
InternetURL: C:\Users\Justin\Favorites\The Pirate Bay - The galaxy's most resilient bittorrent site.url -> hxxp://thepiratebay.se/search/pokepark/0/99/0
InternetURL: C:\Users\Justin\Favorites\Welcome to Gateway Soccer.url -> hxxp://recreationalsoccerinfortmyers.com/
InternetURL: C:\Users\Justin\Favorites\Welcome to Pinewoods!.url -> hxxp://pin.leeschools.net/
InternetURL: C:\Users\Justin\Favorites\Words with Friends Cheat - Words with Friends Helper.url -> hxxp://www.scrabblefinder.com/words-with-friends-cheat/
InternetURL: C:\Users\Justin\Favorites\Your Benefits Resources -- Greeting Page.url -> hxxp://resources.hewitt.com/pseg/
InternetURL: C:\Users\Justin\Favorites\Your Benefits Resources -- Log On.url -> https://beplb02.port...tt.com/web/pseg
InternetURL: C:\Users\Justin\Favorites\YouTube – Joanne's iPad\youtu.be-GMjmzhF5320.url -> hxxp://youtu.be/GMjmzhF5320
InternetURL: C:\Users\Justin\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Justin\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Justin\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Justin\Favorites\Links\Amazon.com- Sterling Silver Swarovski Crystal Bead Charm- Jewelry.url -> hxxp://www.amazon.com/Sterling-Silver-Swarovski-Crystal-Charm/dp/B004L2255Q/ref=sr_1_4?s=jewelry&ie=UTF8&qid=1387411458&sr=1-4&keywords=sterling+crystal+Swarovski+pandora+beads
InternetURL: C:\Users\Justin\Favorites\Links\Apple.url -> hxxp://www.apple.com/
InternetURL: C:\Users\Justin\Favorites\Links\BORGSJÖ Corner desk - brown - IKEA.url -> hxxp://www.ikea.com/us/en/catalog/products/20220968/
InternetURL: C:\Users\Justin\Favorites\Links\Corner Writing Desk, Multiple Finishes- Furniture - Walmart.com.url -> hxxp://www.walmart.com/ip/Corner-Writing-Desk-Cherry/23736211
InternetURL: C:\Users\Justin\Favorites\Links\Disney.url -> hxxp://www.disney.com/
InternetURL: C:\Users\Justin\Favorites\Links\ESPN.url -> hxxp://espn.go.com/
InternetURL: C:\Users\Justin\Favorites\Links\Sterling Silver Shamballa Inspired White Swarovski Crystal Bead Fits Pandora.url -> hxxp://www.blingjewelry.com/bling-jewelry-sterling-silver-shamballa-inspired-white-swarovski-crystal-bead-fits-pandora.html
InternetURL: C:\Users\Justin\Favorites\Links\TMS Bamboo Corner Desk- Furniture - Walmart.com.url -> hxxp://www.walmart.com/ip/TMS-Bamboo-Corner-Desk-in-Natural/17290513
InternetURL: C:\Users\Justin\Favorites\Links\Vanguard - Web registration.url -> https://personal.van...vityContent.jsf
InternetURL: C:\Users\Justin\Favorites\Links\Yahoo!.url -> hxxp://www.yahoo.com/
InternetURL: C:\Users\Justin\Favorites\Joanne\Manatee County Schools Core Curriculum.url -> hxxp://www.manatee.k12.fl.us/curriculum/mcc/mcc%20elementary.htm
InternetURL: C:\Users\Justin\Favorites\Joanne\Mrs. Lewis's Cyber Classroom.url -> hxxp://www.freidalewis.com/
InternetURL: C:\Users\Justin\Favorites\Joanne\my Pearson Training Scott Foresman Reading Street Common Core © 2013.url -> hxxp://www.mypearsontraining.com/products/readingstreet/2013/tutorials.asp
InternetURL: C:\Users\Justin\Favorites\Joanne\Reading Street Resources.url -> hxxp://www.myteacherpages.com/webpages/acartwright/readingstreetresourc.cfm
InternetURL: C:\Users\Justin\Favorites\Joanne\Resources - Montana Striving Reader's Project Kalispell.url -> hxxp://msrpkalispell.weebly.com/resources.html
InternetURL: C:\Users\Justin\Favorites\Joanne\Waltke'sWeb.url -> hxxp://classroom.jc-schools.net/waltkek/
InternetURL: C:\Users\Justin\Favorites\Joanne\When Charlie McButton Lost Power.url -> hxxp://www.myteacherpages.com/webpages/acartwright/readingstreetresourc.cfm?subpage=1401009
InternetURL: C:\Users\Justin\Favorites\Games\Club Penguin Cheats 2012  ClubPenguinCP.url -> hxxp://clubpenguincp.com/
InternetURL: C:\Users\Justin\Favorites\Games\Club Penguin.url -> hxxp://play.clubpenguin.com/
InternetURL: C:\Users\Justin\Favorites\Games\LEGO.com MyLEGO Network Public View.url -> hxxp://mln.lego.com/en-us/PublicView/jso7474.aspx
InternetURL: C:\Users\Justin\Favorites\Games\pilkey.com Dav's Books.url -> hxxp://www.pilkey.com/books.php
InternetURL: C:\Users\Justin\Favorites\Games\Pokemon  Full Episodes and Free Games from the TV Show  Cartoon Network.url -> hxxp://www.cartoonnetwork.com/tv_shows/pokemon/index.html
InternetURL: C:\Users\Justin\Favorites\Games\Poptropica.url -> hxxp://www.poptropica.com/
InternetURL: C:\Users\Justin\Favorites\Games\Signin - Animal Jam.url -> hxxp://www.animaljam.com/signin
InternetURL: C:\Users\Justin\Favorites\Games\YouTube - Poptropica WalkThrough SteamWorks Island Part 2.url -> hxxp://www.youtube.com/watch?v=i-7RZoknvYE&NR=1
InternetURL: C:\Users\Justin\Favorites\Financial\Bank of America  Home  Personal.url -> https://www.bankofam...ff&body=signoff
InternetURL: C:\Users\Justin\Favorites\Financial\Fifth Third Bank  Internet Banking Log In.url -> https://www.53.com/wps/portal/iblogin
InternetURL: C:\Users\Justin\Favorites\Financial\http--www.progressive.com-login.aspx.url -> hxxp://www.progressive.com/login.aspx
InternetURL: C:\Users\Justin\Favorites\Financial\My Account - Allegiant.url -> https://www.allegian...x.php/itinerary
InternetURL: C:\Users\Justin\Favorites\Financial\MyAccounts - Thrivent Financial for Lutherans.url -> https://service.thri...RFVerifyServlet
InternetURL: C:\Users\Justin\Favorites\Financial\Retirement Services - CustomizationWizard.url -> https://retirementse...OjHBUB3Hs0pg!!/
InternetURL: C:\Users\Justin\Favorites\Financial\TD AMERITRADE - ju77ja77ja77.url -> https://wwws.ameritr...i-bin/apps/Main
InternetURL: C:\Users\Justin\Favorites\Financial\TD Ameritrade.url -> https://wwws.ameritr...i-bin/apps/Main
InternetURL: C:\Users\Justin\Favorites\Financial\Upromise Home, Shop Online, eCoupons, Grocery, Restaurants, Upromise Credit Card, $ Finance, Auto, Home, & More.url -> https://lty.s.upromise.com/member/home
InternetURL: C:\Users\Justin\Favorites\Financial\Vanguard - Personal investors homepage.url -> https://personal.van...fromPage=portal
InternetURL: C:\Users\Justin\4Sync\100GB Storage.url -> hxxp://www.4sync.com

==================== End of log =============================


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
 
If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.
 
There are basically two types of these programs:

On-Access and On-Demand
 
On-Access Scanners

As the name implies, are scanners that run in the background all the time the PC is turned on and running.  The main function of an On-Access scanner is to monitor activity on your machine.
 
On-Demand Scanners

As the name implies, are scanners that only run when you ask them to, such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.
 
You have two antivirus programs, Norton and Adaware. You must remove one, although, I would recommend AVAST instead.
 

Many peer-to-peer networks are under constant attack by people with a variety of motives.
 
Examples include:

  • poisoning attacks (e.g. providing files whose contents are different than the description)
  • denial of service attacks (attacks that may make the network run very slowly or break completely)
  • defection attacks (users or software that make use of the network without contributing resources to it)
  • insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
  • malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
  • filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
  • identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  • spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

In your position I would remove utorrent from the computer.

 

Download the enclosed file. Attached File  Fixlist.txt   853bytes   44 downloads

 

Save it in the same location FRST is saved.

 

Run FRST, except that on this time around click on the Fix button and wait.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
bf_new.gif Please download Malwarebytes' Anti-Malware from Here
 
Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark is placed next to Enable the Free Trial and Launch
  • Malwarebytes' Anti-Malware, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quanrantee All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Right click on your next reply and select Paste.
  • Submit your reply.
 
 
Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

  • 0

#9
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Good Morning.

 

Per your advice, I uninstalled Utorrent, Adaware, and Norton.  Is the free version of AVAST enough?  After it installs I will complete your steps.


  • 0

#10
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
Ran by Justin at 2014-10-04 09:46:48 Run:1
Running from C:\Users\Justin\Desktop
Loaded Profile: Justin (Available profiles: Justin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
BHO-x32: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} ->  No File
Toolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKLM-x32 - No Name - !{4b9bcce8-a70b-402a-a7e1-db96831ee26f} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} -  No File
Toolbar: HKCU - No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} -  No File
C:\Users\Justin\AppData\Local\Temp\Quarantine.exe
Task: {B231B011-BB5F-4040-A449-97B821F83655} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {EA865DD3-EB23-4000-8505-F95AC5F6B684} - System32\Tasks\4818 => Wscript.exe C:\Users\Justin\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
End
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{4b9bcce8-a70b-402a-a7e1-db96831ee26f} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{4b9bcce8-a70b-402a-a7e1-db96831ee26f}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
"HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} => value deleted successfully.
"HKCR\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} => value deleted successfully.
"HKCR\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}" => Key not found.
"C:\Users\Justin\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B231B011-BB5F-4040-A449-97B821F83655}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B231B011-BB5F-4040-A449-97B821F83655}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA865DD3-EB23-4000-8505-F95AC5F6B684}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA865DD3-EB23-4000-8505-F95AC5F6B684}" => Key deleted successfully.
C:\Windows\System32\Tasks\4818 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4818" => Key deleted successfully.

==== End of Fixlog ====


  • 0

Advertisements


#11
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Prior to the last log, an AVAST warning box appeared and suggested deleting TWDownloader Class.  I did.


  • 0

#12
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/4/2014
Scan Time: 9:51:45 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.08
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Justin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316240
Time Elapsed: 9 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [aa0e64acec907abc13af057640c411ef],
PUP.Optional.4SharedTB, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\noebaifjopccondbkcieccphcpijhdne, Quarantined, [ebcd9e72dca0c076d6aacaad5fa5ff01],
PUP.Optional.4SharedTB, HKU\S-1-5-21-3703835883-1511878293-526365159-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\noebaifjopccondbkcieccphcpijhdne, Quarantined, [6355cc4483f91a1c730ef582907447b9],
PUP.Optional.InstallIQ, HKU\S-1-5-21-3703835883-1511878293-526365159-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\W3I\InstallIQUpdater, Quarantined, [02b6a36d344891a5e36d40d9e51e926e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.4SharedTB.A, C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noebaifjopccondbkcieccphcpijhdne, Quarantined, [1e9a7c948af27db978836c8810f25ea2],

Files: 1
PUP.Optional.4SharedTB, C:\Users\Justin\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx, Quarantined, [397f769a4b31ae886f101c5bab596d93],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#13
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 10/4/2014 9:51:13 AM, SYSTEM, JUSTIN-PC, Protection, Malware Protection, Starting,
Protection, 10/4/2014 9:51:13 AM, SYSTEM, JUSTIN-PC, Protection, Malware Protection, Started,
Protection, 10/4/2014 9:51:13 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/4/2014 9:51:16 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Started,
Update, 10/4/2014 9:51:18 AM, SYSTEM, JUSTIN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1,
Update, 10/4/2014 9:51:21 AM, SYSTEM, JUSTIN-PC, Manual, Malware Database, 2014.3.4.9, 2014.10.4.8,
Protection, 10/4/2014 9:51:22 AM, SYSTEM, JUSTIN-PC, Protection, Refresh, Starting,
Protection, 10/4/2014 9:51:22 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/4/2014 9:51:22 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/4/2014 9:51:26 AM, SYSTEM, JUSTIN-PC, Protection, Refresh, Success,
Protection, 10/4/2014 9:51:26 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/4/2014 9:51:26 AM, SYSTEM, JUSTIN-PC, Protection, Malicious Website Protection, Started,

(end)


  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Good Morning.

 

Per your advice, I uninstalled Utorrent, Adaware, and Norton.  Is the free version of AVAST enough?  After it installs I will complete your steps.

The Internet Security version is very effective, but most users keep the Free version. There is a tryout period.

 

How is the computer doing. Are you still receiving the original popups? 


  • 0

#15
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Those pop ups are gone. Thank you!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP