[zgwninja]

Hello,

 

Thanks in advance for taking your time to help. 

 

My computer seems to be infected by some sort of virus and/or malware.

 

Syptoms (Not sure if all of these are related, but are all ways my computer has started acting funny.

 

1) Avast webshield pop-up constantly indicating that it's blocking a harmful file. This happens frequently regardless of the activity I'm engaged in.

 

Most commonly it shows this:

Object: http:/

Infection: URL:Mal

Process: C:\ProgramFile\...\iexplore.exe

 

Sometimes the object is different, usually a file name ending in .png. For example: ajax_movie_pic_back.png

This morning one of the pop ups had a different infection name for the first time: HTML:Framer-inf[trj]

Sometimes the process is: AvastSvc.exe This morning I got a process of C:\Windows\System32\dllhost.exe.

 

2) I regularly get windows alert messages.

The most common one is titled Adobe PDF Document and says "There is a problem With Adobe Acrobat/Reader. Please exit Adobe Acrobat/Reader and try again. I've also been getting one that says "Microsoft Windows Powershell has stopped working" and has a "Close Program" button. I also get a message saying my display driver has stopped but recovered. The last two are less frequent, but still occurr pretty regularly.

 

3) When I tried downloading some of the anti-malware programs that seem commonly recomended I would get a security alert window that would say my security settings don't allow for this file to be downloaded. When I go to internet options I find that my security is set to "Custom." I don't believe I did this, so I'd reset it to "default" which would allow me to download the programs. However, if I restarted the computer, the security would be back to "custom."

 

4)The computer is running incredibly slow. Programs often say they are not responding. I have noticed that in task manager under processes there are a lot of individual items of dllhost.exe COM Surrogate running. Not sure if that's related, but seems like it to me.

 

5) I tried to boot my computer in safemode several times. It list some files that its loaded but it just gets stuck at the "Loading windows files" "please wait" screen.

 

Removal Tools I've Tried

1) SpyHunter: Ran it twice. first time got over 200 items. second time got 49. didn't help comp either time.

2) Avast: No virus found

3) Malwarebytes: No infection found

4) ComboFix: Not sure what it did, and it didn't provide me with a log.

5) adwcleaner: Did find some stuff but didn't help.

6) tdsskiller: no infection found

 

*Unfortuanaly I didn't keep these logs. I can get them again, but some of these programs take many many hours to scan because of how my computer is running. 

 

OTL Log:

 

OTL logfile created on: 11/1/2014 6:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.12% Memory free
11.80 Gb Paging File | 10.08 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): c:\pagefile.sys 9216 9216 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 42.80 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
 
Computer Name: Z-BOT | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/01 18:47:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
PRC - [2014/10/29 22:49:22 | 000,770,944 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2014/09/12 17:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/07 16:05:44 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/03 16:05:29 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/19 12:50:02 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/05/22 09:37:06 | 005,013,000 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2013/05/22 09:37:06 | 001,066,504 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/05/31 13:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/28 12:35:32 | 001,011,200 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC\update\SST.exe
PRC - [2007/02/20 13:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/01 18:35:03 | 000,043,008 | ---- | M] () -- c:\Users\Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpapgqle.dll
MOD - [2014/09/12 17:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/05/03 16:05:30 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/10/29 22:49:22 | 000,770,944 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2014/10/18 19:44:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 17:52:00 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/03 16:05:29 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/05/22 09:37:06 | 005,013,000 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/05/31 13:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2014/10/29 22:49:25 | 000,016,432 | ---- | M] (Enigma Software Group USA, LLC.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2014/10/29 22:49:23 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2014/05/12 04:05:45 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/05/12 04:05:44 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/12 04:05:44 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/05/03 16:05:32 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/03 16:05:32 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/03 16:05:31 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/03 16:05:31 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/03 16:05:31 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/10 19:14:42 | 000,023,192 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2008/08/10 19:14:34 | 000,020,632 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2008/08/10 19:14:28 | 000,077,464 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2008/08/10 19:13:04 | 000,025,240 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nglog.sys -- (NgLog)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 11:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/04 01:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKLM\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ourceid=ie7=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKCU\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 168.94.74.68:8080
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP:  File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 16:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/10/18 19:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/18 19:44:12 | 000,000,000 | ---D | M]
 
[2012/08/10 20:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2014/10/28 20:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions
[2010/05/12 10:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/10/28 20:00:56 | 000,394,370 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/10/18 18:43:25 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/25 20:21:08 | 000,009,405 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\searchplugins\yahoo-avast.xml
[2014/10/18 19:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/18 19:44:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/03 16:05:33 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/13 14:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 14:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java™ Platform SE 6 U39 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Terry\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/08/10 20:13:23 | 000,443,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15252 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 4.2.2.2,4.2.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Terry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Terry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/25 12:12:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0928093f-84bd-11e0-913f-415645000030}\Shell - "" = AutoRun
O33 - MountPoints2\{a0a89396-82fa-11df-9969-415645000030}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/01 18:47:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2014/11/01 16:38:31 | 004,184,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Terry\Desktop\tdsskiller.exe
[2014/11/01 15:04:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/01 14:33:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/01 14:32:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/11/01 14:32:33 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/11/01 14:32:17 | 005,591,672 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
[2014/10/29 23:04:06 | 000,000,000 | -HSD | C] -- C:\found.006
[2014/10/29 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Enigma Software Group
[2014/10/29 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
[2014/10/18 19:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/19 12:47:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Terry\AppData\Roaming\pcouffin.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/01 18:51:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/01 18:47:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2014/11/01 18:32:28 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/11/01 18:32:23 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/11/01 18:32:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 18:32:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 18:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/01 16:38:32 | 004,184,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Terry\Desktop\tdsskiller.exe
[2014/11/01 16:18:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job
[2014/11/01 15:18:19 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job
[2014/11/01 15:01:28 | 001,998,336 | ---- | M] () -- C:\Users\Terry\Desktop\adwcleaner_4.002.exe
[2014/11/01 14:32:17 | 005,591,672 | R--- | M] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
[2014/10/29 22:51:29 | 000,001,072 | ---- | M] () -- C:\Users\Terry\Desktop\RegHunter.lnk
[2014/10/29 22:49:30 | 000,001,077 | ---- | M] () -- C:\Users\Terry\Desktop\SpyHunter.lnk
[2014/10/29 22:49:23 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2014/10/28 20:22:46 | 000,002,046 | ---- | M] () -- C:\Users\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/22 22:52:12 | 000,033,970 | ---- | M] () -- C:\Users\Terry\Desktop\4060-bile-10x-3.jpg
[2014/10/22 22:51:54 | 000,038,353 | ---- | M] () -- C:\Users\Terry\Desktop\4060-bile-20x-3.jpg
[2014/10/21 17:35:52 | 008,686,380 | ---- | M] () -- C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
[2014/10/16 12:53:35 | 299,889,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/16 03:47:57 | 000,379,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/08 17:11:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerry.job
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/01 15:01:05 | 001,998,336 | ---- | C] () -- C:\Users\Terry\Desktop\adwcleaner_4.002.exe
[2014/10/29 22:51:29 | 000,001,072 | ---- | C] () -- C:\Users\Terry\Desktop\RegHunter.lnk
[2014/10/29 22:49:23 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2014/10/27 22:59:42 | 008,686,380 | ---- | C] () -- C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
[2014/10/22 22:52:11 | 000,033,970 | ---- | C] () -- C:\Users\Terry\Desktop\4060-bile-10x-3.jpg
[2014/10/22 22:51:53 | 000,038,353 | ---- | C] () -- C:\Users\Terry\Desktop\4060-bile-20x-3.jpg
[2014/05/03 16:05:36 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/03/02 16:32:25 | 000,000,286 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/14 15:49:58 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2013/05/19 12:47:44 | 000,087,608 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\inst.exe
[2013/05/19 12:47:44 | 000,007,887 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\pcouffin.cat
[2013/05/19 12:47:44 | 000,001,144 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\pcouffin.inf
[2013/05/17 09:27:40 | 000,176,996 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/05/16 20:59:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/05/16 20:28:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/02 11:44:56 | 000,379,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/03 09:41:11 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/03 09:41:11 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/04/21 22:54:09 | 000,000,045 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
[2012/04/21 22:44:53 | 000,000,045 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
[2011/12/27 01:34:25 | 000,001,356 | ---- | C] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2011/12/16 00:24:01 | 000,042,228 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2011/10/29 17:43:52 | 000,000,032 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE.dat
[2010/09/07 20:43:55 | 000,000,024 | ---- | C] () -- C:\Users\Terry\jagexappletviewer.preferences
[2010/08/20 12:46:04 | 000,000,600 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\AutoGK.ini
[2010/06/03 01:24:38 | 000,000,129 | ---- | C] () -- C:\Users\Terry\jagex_runescape_preferences2.dat
[2010/06/03 01:24:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\jagex__preferences3.dat
[2010/06/03 01:23:31 | 000,000,046 | ---- | C] () -- C:\Users\Terry\jagex_runescape_preferences.dat
[2010/05/14 15:18:19 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/14 14:55:33 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/07 17:58:54 | 000,060,744 | ---- | C] () -- C:\Users\Terry\g2mdlhlpx.exe
[2008/09/12 13:06:36 | 000,001,144 | ---- | C] () -- C:\Users\Terry\HP Solution Center.lnk
[2008/01/26 14:36:05 | 000,025,088 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/25 12:42:35 | 000,001,630 | ---- | C] () -- C:\Users\Terry\Windows Media Center.lnk
[2007/04/25 12:22:30 | 000,002,017 | ---- | C] () -- C:\Users\Terry\HP Total Care Advisor.lnk
[2007/04/25 12:18:16 | 000,002,132 | ---- | C] () -- C:\Users\Terry\Microsoft Office – 60 Day Trial..lnk
[2007/04/25 12:00:36 | 000,001,993 | ---- | C] () -- C:\Users\Terry\My HP Games.lnk
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/07/21 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\acccore
[2014/05/03 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\AVAST Software
[2008/12/31 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Aventail
[2013/05/08 22:02:11 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Azureus
[2010/08/20 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\BackTalk
[2014/11/01 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Dropbox
[2014/10/29 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Enigma Software Group
[2009/01/13 20:20:58 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GetRightToGo
[2012/12/05 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GMATPrep
[2013/03/27 18:08:34 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\JCP
[2013/10/12 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Leica Microsystems
[2009/02/07 11:54:07 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\LimeWire
[2012/08/10 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\MusicNet
[2009/01/09 20:26:16 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\muvee Technologies
[2007/08/18 14:10:26 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Snapfish
[2014/04/05 01:05:52 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Spotify
[2010/01/20 21:17:22 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\UB
[2013/05/19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Vso
[2008/03/27 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB40626$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

 

OTL Exras:

 

OTL Extras logfile created on: 11/1/2014 6:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.12% Memory free
11.80 Gb Paging File | 10.08 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): c:\pagefile.sys 9216 9216 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 42.80 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
 
Computer Name: Z-BOT | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037D36E9-3E17-40A9-A16F-022F1CABCD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13FD987B-43FC-486F-9998-6076C3C3E50F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{23EF6883-062E-47C1-9873-1AA0DA9491A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{264BABD8-DCE2-48C7-8439-F01AC0EC2326}" = rport=445 | protocol=6 | dir=out | app=system |
"{32284360-5F28-4418-A4F8-BA3251BE26C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{34393987-0D07-4617-9A41-DC1B9EBE106B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43C80109-3035-41BB-A53F-A345FCA51E6D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47BD29AF-73FD-4089-B7AE-34F3CA451430}" = lport=445 | protocol=6 | dir=in | app=system |
"{5E96F608-35AE-4C03-909F-1625CE6EAAC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{78B9BA2D-02FA-47D7-8BBF-D68839533C68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8BA30EC7-51D9-416F-8582-62C83D6B260C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2BB0482-AFD8-427E-96CC-600EDC2B2BA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5EC2666-DA73-46FB-A8B8-479677D31F2E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D81264C1-1664-4F88-8213-297CBD9F9958}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA97A6C2-0323-4E2D-88F6-88020FC86A0D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E4C66B2E-2E0A-4C6D-81F5-99F4F2414471}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{EBDF1557-9037-4A8C-9331-26C3BB6682B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0329DE5-52E1-4FE7-85A1-A6DA173D2895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5AB358F-3F8E-45FC-A328-5DD7D51C071A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FAC37CF9-EACD-462A-B1F2-E2BAF7924B2B}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DE4B25-B122-49C7-932A-AA436512E713}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0B02C3C8-21F9-41E0-90CC-8328B951B3AB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{14B99250-80E3-4468-9B7F-7ED7341B8D6E}" = protocol=1 | dir=out | [email protected],-28544 |
"{1A72A3A4-D07A-46D6-814D-A89A11A4EE1D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{1BDD95D6-A10A-4512-9E71-B8081B1F6517}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{35C5308C-DB4A-408D-9431-8A41CA109EC7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{38C7D160-E8EB-4303-8135-68D229C0B369}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69B6C844-FC81-4DB2-8B6A-4991154B5E85}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8B077D5C-E878-46A7-9BE8-1A0EA22C466B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C967314-4CD4-4D44-8D0D-BB2B8FA1C305}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{8ECF90C6-02E4-4E1A-BCCE-B53CF0DB3139}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{95C2165C-6939-4B7F-B410-BDBCF433DCB1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{A3A1A269-DE39-4746-94CD-37CF6820083C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{A6A46008-1AB1-4FFA-A215-75B86A4784BF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{B351C3CE-FCF7-4046-9D3D-10947E8817D2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BF1A2201-5736-4DDB-973C-F39C8A3970B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C23D1CD3-8C1B-4EFF-B9D8-E06A1E2E703A}" = protocol=1 | dir=in | [email protected],-28543 |
"{CA20AA4D-C568-450F-8BF6-B8CA532082BB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CE46AE9E-0B90-445E-BDF5-1B531D5599FB}" = protocol=58 | dir=in | [email protected],-28545 |
"{D471DFA4-CC48-407B-9CBC-87536A21C3EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{DD9C871B-FF30-4418-8CC9-2ADF4CE20976}" = protocol=58 | dir=out | [email protected],-28546 |
"{EBB4DA51-873A-425C-A6B5-2F0C00C853C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1159572-1878-4231-91F6-06DC7F0BAB17}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{F6D72760-4DEB-4F10-B6A9-B1DDB11AB475}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F92B45C5-4D16-402C-9C66-4B488C4EA557}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{C16C2B04-58B1-4804-BDE4-88FC2025BA73}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{46A59E98-5AB5-49EF-9DBA-F50ECCAE8507}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8F0C7F4E-62F3-4EA7-944E-237C24FB5F3A}" = LAS EZ 3.0.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-AACE" = ATT-AACE
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Carbonite Backup" = Carbonite
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink 2010_is1" = DVD Shrink 2010
"GMATPrep 2.1.279" = GMATPrep
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HyperCam 2" = HyperCam 2
"ImageJ_is1" = ImageJ 1.47v
"Just BASIC v1.01" = Just BASIC v1.01
"Leica EZ Camera" = Leica EZ Camera 2.6.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RegHunter" = RegHunter
"RuneScape Toolbar" = RuneScape Toolbar
"SpyHunter" = SpyHunter 4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2013" = TurboTax 2013
"VLC media player" = VLC media player 2.1.3
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/1/2014 5:33:25 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
 exception code 0xc0000005, fault offset 0x00014066,  process id 0x1bf8, application
 start time 0x01cff61a1ad9776e.
 
Error - 11/1/2014 5:48:28 PM | Computer Name = Z-BOT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16584 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 1278  Start Time: 01cff61d159fea67  Termination Time: 62
 
Error - 11/1/2014 6:30:00 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
 exception code 0xc0000005, fault offset 0x00014066,  process id 0x166c, application
 start time 0x01cff6222f398ee7.
 
Error - 11/1/2014 7:16:33 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
 exception code 0xc0000005, fault offset 0x00014066,  process id 0x4d4, application
 start time 0x01cff6289de01858.
 
Error - 11/1/2014 7:59:37 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
 exception code 0xc0000005, fault offset 0x00014066,  process id 0x1d18, application
 start time 0x01cff62f18d1ab26.
 
Error - 11/1/2014 11:38:16 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
 exception code 0xc0000005, fault offset 0x00014066,  process id 0x172c, application
 start time 0x01cff64e347b7fa3.
 
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = VSS | ID = 12305
Description =
 
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = VSS | ID = 12293
Description =
 
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = System Restore | ID = 8193
Description =
 
Error - 11/2/2014 2:57:05 AM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
 0x4549b14e, faulting module Flash32_15_0_0_167.ocx, version 15.0.0.167, time stamp
 0x541384c0, exception code 0xc0000005, fault offset 0x00647997,  process id 0x2748,
 application start time 0x01cff669ac6aedcb.
 
[ Media Center Events ]
Error - 5/19/2013 5:24:31 PM | Computer Name = Z-BOT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide
 
Error - 5/20/2014 9:59:18 PM | Computer Name = Z-BOT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide
 
[ System Events ]
Error - 11/1/2014 7:22:53 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11/1/2014 7:24:41 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
 
Error - 11/1/2014 7:40:45 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7011
Description =
 
Error - 11/1/2014 9:32:52 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7023
Description =
 
Error - 11/1/2014 9:33:08 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
 
Error - 11/1/2014 9:34:29 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7022
Description =
 
Error - 11/1/2014 9:34:32 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11/1/2014 9:35:52 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
 
Error - 11/1/2014 9:40:10 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7011
Description =
 
Error - 11/2/2014 2:44:25 AM | Computer Name = Z-BOT | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
 
< End of report >
 

 

 

 

 

 

[Advertisements]

Hi zgwninja,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 
 

4) ComboFix: Not sure what it did, and it didn't provide me with a log.

Never do that unless an expert asks you to. Post the log located in C:\Combofix.txt.

 

• Step #1 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
    

    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 168.94.74.68:8080
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
    
    :Commands
    [Resethosts]
    [Emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

• Step #2 Upload File(s) to Virus-Total
  I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
  • Please go to www.virustotal.com
  • Click on Choose File
  • Go to C:\Users\Terry\g2mdlhlpx.exe
  • Click on Open;
  • Click on Scan it;
  • Copy and Paste the link of the result page in your reply;

 

• Step #3 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

• Required Log(s):
  • OTL Fix Log
  • Combofix log
  • Virustotal Link
  • FRST Logs --
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

[Valinorum]

Hi zgwninja,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 
 

4) ComboFix: Not sure what it did, and it didn't provide me with a log.

Never do that unless an expert asks you to. Post the log located in C:\Combofix.txt.

 

• Step #1 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
    

    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 168.94.74.68:8080
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
    
    :Commands
    [Resethosts]
    [Emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

• Step #2 Upload File(s) to Virus-Total
  I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
  • Please go to www.virustotal.com
  • Click on Choose File
  • Go to C:\Users\Terry\g2mdlhlpx.exe
  • Click on Open;
  • Click on Scan it;
  • Copy and Paste the link of the result page in your reply;

 

• Step #3 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

• Required Log(s):
  • OTL Fix Log
  • Combofix log
  • Virustotal Link
  • FRST Logs --
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

[zgwninja]

Hi Valinorum,

 

Thanks for your time!

 

I started step one, and it seems to have fritzed out my comp. My desktop icons have disapeared as well as my task bar. OTL shows [Emptytemp] in the custom scan/fixes box and doesn't look like its doing anything. Should I continue to let it run like this or try reboting my system and starting again?

 

Thanks,

 

zgwninja

[Valinorum]

OTL kills explorer.exe ergo you lose your Desktop for the time being. Please allow OTL to continue. Ask me for an alternative should OTL stalls for more than thirty minutes.

[zgwninja]

I'm not really sure how to tell if OTL is stalled or not, but to me it still doesn't look like it's doing anything. Still says [Emptytemp] in the custom scans/fixes box and no other indication that anything is happening. Let me know what you recommend. Thanks. Z

[Valinorum]

Proceed to the next step and onwards.

[zgwninja]

Combofix log: I searched my comp and did not find combofix.txt

 

Step 2: Link from virustotal.com - https://www.virustot...sis/1414965948/

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Terry (administrator) on Z-BOT on 02-11-2014 14:23:14
Running from C:\Users\Terry\Desktop
Loaded Profile: Terry (Available profiles: Terry)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Motive Communications, Inc.) C:\Program Files\SBC\update\SST.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
(Spotify Ltd) C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Dropbox, Inc.) C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [SBC_McciTrayApp] => C:\Program Files\SBC\update\SST.exe [1011200 2007-02-28] (Motive Communications, Inc.)
HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-05-22] (Carbonite, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [Google Update] => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-09-25] (Google Inc.)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [Spotify Web Helper] => C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
SearchScopes: HKLM - {09DFB3C9-D563-4D42-AABF-D6796B3B92DC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {3FAF579A-33CB-4FAB-9A78-037CB0FF797E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM - {FC41E59C-37C4-4AEE-A1D4-55148888F8F5} URL = http://search.live.c...#38;FORM=HVDUS7
SearchScopes: HKCU - {09DFB3C9-D563-4D42-AABF-D6796B3B92DC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {3FAF579A-33CB-4FAB-9A78-037CB0FF797E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKCU - {FC41E59C-37C4-4AEE-A1D4-55148888F8F5} URL = http://search.live.c...#38;FORM=HVDUS7
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: [NameServer] 4.2.2.2,4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\searchplugins\yahoo-avast.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-12]
FF Extension: FlashGot - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-07]
FF Extension: Adblock Plus - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-26]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java™ Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Terry\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (Google Search) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5013000 2013-05-22] (Carbonite, Inc. (www.carbonite.com))
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [66560 2012-05-31] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2014-10-29] (Enigma Software Group USA, LLC.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-03] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2014-10-29] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-10-29] ()
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [20632 2008-08-10] (Aventail Corporation)
S3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [25240 2008-08-10] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [77464 2008-08-10] (Aventail Corporation)
S3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [23192 2008-08-10] (Aventail Corporation)
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S4 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 4D6C6E0505A8E5A0656DCB223497D37C
C:\Windows\system32\drivers\aswMonFlt.sys 1A2CC93BBD77C2D95A7567938D7D7239
C:\Windows\system32\drivers\aswRdr.sys FFB1BDC9CAF255019D678DB5BEDAF0F0
C:\Windows\system32\Drivers\aswRvrt.sys 24B3BDA01DB3A704E33A5266C7B52DAF
C:\Windows\system32\drivers\aswSnx.sys D13182758BAC9B4996D592E7684C9267
C:\Windows\system32\drivers\aswSP.sys D1A68A33B082FA1C7087CE54A7923D90
C:\Windows\system32\drivers\aswTdi.sys AF01CD260A9EF60B09029C9F5EF99040
C:\Windows\system32\Drivers\aswVmm.sys B2D7EE52633CA8831DDAFCA81C2D46C3
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 9264DD96883E5769EE79CB43E712BE9E
C:\Windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DP.sys 88749FBF8BEB18C90E7D6626C8C1910B
C:\Windows\System32\DRIVERS\HSXHWBS2.sys FE440536BD98AF772130DC3A6FE1915F
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys EDC37B918E583A5A813C53D4F5588255
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\MarvinBus.sys A3E700D78EEC390F1208098CDCA5C6B6
C:\Windows\System32\DRIVERS\mcdbus.sys 8FD868E32459ECE2A1BB0169F513D31E
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ngfilter.sys 1DBB2ECFAE8B660189530A52ABCE274E
C:\Windows\System32\DRIVERS\nglog.sys 62AA8B8D788A0F0831435B4892E9501F
C:\Windows\System32\DRIVERS\ngvpn.sys D5FC4D1E8AA00C083EDEA918D10232D8
C:\Windows\System32\DRIVERS\ngwfp.sys D8DAB970838723CF68C499538B288EC9
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvmfdx32.sys 74C825C573AA6E115590D94E7BF86901
C:\Windows\System32\DRIVERS\nvlddmkm.sys E0434DCCF91A47D9D8A785AF83865D7D
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\System32\drivers\nvstor32.sys 7EBA6C9A0A295B1559EFB9062E701218
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 14:23 - 2014-11-02 14:24 - 00039420 _____ () C:\Users\Terry\Desktop\FRST.txt
2014-11-02 14:22 - 2014-11-02 14:23 - 00000000 ____D () C:\FRST
2014-11-02 14:22 - 2014-11-02 14:22 - 01106432 _____ (Farbar) C:\Users\Terry\Desktop\FRST.exe
2014-11-02 14:19 - 2014-11-02 14:19 - 00000000 _____ () C:\Users\Terry\Downloads\FRST.exe.55qvqxh.partial
2014-11-02 11:54 - 2014-11-02 11:54 - 00000000 ____D () C:\_OTL
2014-11-01 23:16 - 2014-11-01 23:16 - 00056106 _____ () C:\Users\Terry\Desktop\Extras.Txt
2014-11-01 23:00 - 2014-11-01 23:00 - 00080420 _____ () C:\Users\Terry\Desktop\OTL.Txt
2014-11-01 17:47 - 2014-11-01 17:47 - 00602112 _____ (OldTimer Tools) C:\Users\Terry\Desktop\OTL.exe
2014-11-01 15:38 - 2014-11-01 15:38 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Terry\Desktop\tdsskiller.exe
2014-11-01 14:04 - 2014-11-01 15:18 - 00000000 ____D () C:\AdwCleaner
2014-11-01 14:01 - 2014-11-01 14:01 - 01998336 _____ () C:\Users\Terry\Desktop\adwcleaner_4.002.exe
2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\Qoobox
2014-11-01 13:32 - 2014-11-01 16:04 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-01 13:32 - 2014-11-01 13:32 - 05591672 ____R (Swearware) C:\Users\Terry\Desktop\ComboFix.exe
2014-11-01 13:32 - 2014-11-01 13:32 - 00000000 ____D () C:\Windows\erdnt
2014-10-29 22:04 - 2014-10-29 22:04 - 00000000 __SHD () C:\found.006
2014-10-29 21:51 - 2014-10-29 21:51 - 00001072 _____ () C:\Users\Terry\Desktop\RegHunter.lnk
2014-10-29 21:51 - 2014-10-29 21:51 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-10-29 21:51 - 2014-10-29 21:51 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Enigma Software Group
2014-10-29 21:49 - 2014-10-29 21:49 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-27 22:05 - 2014-10-27 22:05 - 00293967 _____ () C:\Users\Terry\Downloads\Project Respiration & Digestion.pptx
2014-10-27 21:59 - 2014-10-21 16:35 - 08686380 _____ () C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
2014-10-22 22:54 - 2014-10-22 22:54 - 00006164 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2014-10-22 19:14 - 2014-10-27 20:46 - 01075887 _____ () C:\Users\Terry\Downloads\Verhoeff Von Gieson Stain.pptx
2014-10-22 19:14 - 2014-10-22 21:54 - 00410240 _____ () C:\Users\Terry\Downloads\Hall - Fouchet Stain Presentation - Jennifer Heimbach.pptx
2014-10-19 19:21 - 2014-10-19 19:38 - 02195639 _____ () C:\Users\Terry\Downloads\jennifer heimbach spleen and lymph vessel  Project Blood Vessels, Skin, & Lymphatics.pptx
2014-10-18 19:06 - 2014-10-18 19:06 - 00098664 _____ () C:\Users\Terry\Downloads\Project Blood Vessels, Skin, & Lymphatics.pptx
2014-10-18 18:44 - 2014-10-18 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-16 11:54 - 2014-10-16 11:54 - 00160896 _____ () C:\Windows\Minidump\Mini101614-01.dmp
2014-10-16 02:19 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:19 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:19 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:16 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:03 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 02:00 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:08 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:08 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:08 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:08 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:08 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:08 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:08 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 13:08 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:08 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:08 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 13:08 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 13:08 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 21:17 - 2014-10-11 21:17 - 00000128 _____ () C:\Users\Terry\Downloads\calendar.ics
2014-10-11 19:46 - 2014-10-11 21:00 - 01034185 _____ () C:\Users\Terry\Downloads\Project Endocrine.pptx
2014-10-06 20:59 - 2014-10-06 20:59 - 00490496 _____ () C:\Users\Terry\Downloads\TS010286212.pot
2014-10-06 20:54 - 2014-10-06 20:54 - 01010227 _____ () C:\Users\Terry\Downloads\free_powerpoint_templates.zip
2014-10-05 17:51 - 2014-10-05 17:51 - 00801841 _____ () C:\Users\Terry\Downloads\Jennifer Heimbach Project Excitable.pptx
2014-10-05 15:44 - 2014-10-05 15:44 - 00125651 _____ () C:\Users\Terry\Downloads\Project Excitable.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 14:20 - 2010-05-14 14:18 - 00031871 _____ () C:\ProgramData\nvModes.001
2014-11-02 14:20 - 2010-05-14 13:55 - 00031871 _____ () C:\ProgramData\nvModes.dat
2014-11-02 14:19 - 2012-01-17 16:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job
2014-11-02 14:05 - 2013-04-02 10:50 - 01155522 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 14:02 - 2006-11-02 02:33 - 00811276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 13:57 - 2014-03-05 18:38 - 00000000 ___RD () C:\Users\Terry\Dropbox
2014-11-02 13:57 - 2014-03-05 18:36 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Dropbox
2014-11-02 13:54 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 13:54 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 13:54 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 13:52 - 2006-11-02 05:01 - 00032736 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 13:51 - 2012-07-12 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 15:20 - 2013-09-13 15:02 - 00240122 _____ () C:\Windows\PFRO.log
2014-11-01 15:10 - 2010-05-14 13:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-01 14:18 - 2012-01-17 16:34 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job
2014-11-01 12:17 - 2013-04-02 10:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-29 21:51 - 2013-05-09 06:38 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-29 21:51 - 2011-12-27 21:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-29 21:49 - 2011-12-27 21:52 - 00001077 _____ () C:\Users\Terry\Desktop\SpyHunter.lnk
2014-10-29 17:36 - 2008-02-03 10:27 - 00000000 ____D () C:\Users\Terry\Desktop\Jenna
2014-10-29 15:45 - 2013-02-07 16:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-28 05:35 - 2009-10-02 08:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-18 18:05 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 11:54 - 2007-12-10 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-16 11:53 - 2013-10-12 19:53 - 299889822 _____ () C:\Windows\MEMORY.DMP
2014-10-16 02:47 - 2013-04-02 10:44 - 00379336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:19 - 2007-04-25 11:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:14 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:04 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-08 16:11 - 2008-04-02 18:37 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForTerry.job

Files to move or delete:
====================
C:\Users\Terry\jagex_cl_runescape_LIVE.dat
C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
C:\Users\Terry\jagex_runescape_preferences.dat
C:\Users\Terry\jagex_runescape_preferences2.dat
C:\Users\Terry\jagex__preferences3.dat

Some content of TEMP:
====================
C:\Users\Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6qgbzq.dll
C:\Users\Terry\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Terry\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Terry\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Terry\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Terry\AppData\Local\Temp\Quarantine.exe
C:\Users\Terry\AppData\Local\Temp\RHSetup.exe
C:\Users\Terry\AppData\Local\Temp\sqlite3.dll
C:\Users\Terry\AppData\Local\Temp\uninstaller.exe
C:\Users\Terry\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e93ad22d-f362-11db-81a4-001bb9508be8}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e93ad22d-f362-11db-81a4-001bb9508be8}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {e93ad22d-f362-11db-81a4-001bb9508be8}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

 

LastRegBack: 2014-11-02 14:06

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Terry at 2014-11-02 14:24:45
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-AACE (HKLM\...\ATT-AACE) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Aventail Access Manager (HKCU\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 9.1.33 - Aventail Corporation)
Aventail Access Manager (Version: 9.1.33 - Aventail Corporation) Hidden
Aventail Connect (HKLM\...\{A2A78788-2792-49BF-AF22-5E9296E568F3}) (Version: 9.1.33 - Aventail)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C4400 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C4400_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.4.6 build 3121 (May-22-2013) - Carbonite)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 2010 (HKLM\...\DVD Shrink 2010_is1) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GMATPrep (HKLM\...\GMATPrep 2.1.279) (Version: 2.1.279 - Graduate Management Admission Council (GMAC))
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}) (Version: 10.0 - HP)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version:  - )
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 12 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150120}) (Version: 1.5.0.120 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Just BASIC v1.01 (HKLM\...\Just BASIC v1.01) (Version:  - )
LAS EZ 3.0.0 (HKLM\...\{8F0C7F4E-62F3-4EA7-944E-237C24FB5F3A}) (Version: 3.0.0.629 - Leica Microsystems)
Leica EZ Camera 2.6.0 (HKLM\...\Leica EZ Camera) (Version: 2.6.0 - Leica Microsystems)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nero 7 Ultra Edition (HKLM\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PS_AIO_03_C4400_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RegHunter (HKLM\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)
RuneScape Toolbar (HKLM\...\RuneScape Toolbar) (Version:  - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2A1BE1E7-C550-4D67-A553-7F2D3A39233D}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{43090D0D-E309-4D12-B3E8-0165D520BA4C}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{88FC690D-93F7-4A46-B920-4F611E7BE891}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\EPIVER~1.DLL (Aventail)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{A7BC4157-A8EC-488F-9808-C63E2ACB0996}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2014-11-02 11:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2E9FF072-E3C7-44D5-84DA-7C6E73953647} - System32\Tasks\wrSpySweeper_L9C45C3EE578D4DC8B0BA4E13A94872E9 => C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Task: {35952BB2-CDC4-4B73-B28D-EE0B1A021A5A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe [2014-11-02] (Carbonite, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {64214F3C-7499-4EA5-A9E1-156A0249FE31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {75541089-08B6-447C-8B39-A39430347AA9} - System32\Tasks\HPCeeScheduleForTerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard)
Task: {7E4431C1-1C68-4B99-BFAE-8848FDA504D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {9E150536-C247-4F3E-8F5E-017F30096D4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB900A37-164E-4212-9D65-27BA0C4FFAFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {C790ABEC-2A85-40E1-9B3B-836788A81131} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E01A1B54-7B3E-4A84-B404-E09717419A86} - \{8776849C-D5EB-42CC-B709-6FF46804D045} No Task File <==== ATTENTION
Task: {EE51F583-7952-4D6E-92BD-E210AE3783BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-02 10:24 - 2014-11-02 10:24 - 02898944 _____ () C:\Program Files\AVAST Software\Avast\defs\14110201\algo.dll
2014-05-03 15:05 - 2014-05-03 15:05 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-02 13:56 - 2014-11-02 13:56 - 00043008 _____ () c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6qgbzq.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
2009-04-05 22:51 - 2009-04-05 22:51 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-08 18:12 - 2009-04-08 18:12 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1477731906-2416044131-2405930326-500 - Administrator - Disabled)
Guest (S-1-5-21-1477731906-2416044131-2405930326-501 - Limited - Disabled)
Terry (S-1-5-21-1477731906-2416044131-2405930326-1000 - Administrator - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 02:21:40 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({00647691-8d7f-4b97-b24f-9d8e2513b6e6},{531b88da-eccc-47d0-a3fa-f1d8d1c6433a},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:21:40 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {531b88da-eccc-47d0-a3fa-f1d8d1c6433a}

Error: (11/02/2014 02:18:47 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({12741619-7f63-4a14-accf-272f16466739},{fe98a93d-ee9e-4330-b131-479d15859500},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:18:47 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {fe98a93d-ee9e-4330-b131-479d15859500}

Error: (11/02/2014 02:17:04 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({83ad5001-70ae-435d-8974-d40c3e22861b},{e66d5a29-4164-4bf1-8f79-7f05d4a6d542},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:17:04 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {e66d5a29-4164-4bf1-8f79-7f05d4a6d542}

Error: (11/02/2014 01:51:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4d38
Start Time: 01cff6d6a10b5367
Termination Time: 5

Error: (11/02/2014 11:54:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = OTL Restore Point - 11/2/2014 11:54:19 AM; Hr = 0x8004230f).

Error: (11/02/2014 11:54:41 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({665564e0-cbd2-42b0-b12a-86ae19477bd7},{bd1a7b73-946c-4aea-ab89-a477e96b4f14},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 11:54:41 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {bd1a7b73-946c-4aea-ab89-a477e96b4f14}

System errors:
=============
Error: (11/02/2014 02:04:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/02/2014 01:59:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 01:57:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (11/02/2014 01:56:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/02/2014 01:55:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (11/02/2014 01:55:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (11/02/2014 11:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SpyHunter 4 Service1

Error: (11/02/2014 08:57:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/02/2014 08:56:31 AM) (Source: Schannel) (EventID: 4106) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/02/2014 08:54:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-01 12:06:33.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:31.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:28.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:26.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:22.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:20.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:18.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:13.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:10.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 51%
Total physical RAM: 2941.76 MB
Available physical RAM: 1429.79 MB
Total Pagefile: 12074.3 MB
Available Pagefile: 10376.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.12 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:363.82 GB) (Free:38.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.79 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Shortcut.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Terry at 2014-11-02 14:24:45
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-AACE (HKLM\...\ATT-AACE) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Aventail Access Manager (HKCU\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 9.1.33 - Aventail Corporation)
Aventail Access Manager (Version: 9.1.33 - Aventail Corporation) Hidden
Aventail Connect (HKLM\...\{A2A78788-2792-49BF-AF22-5E9296E568F3}) (Version: 9.1.33 - Aventail)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C4400 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C4400_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.4.6 build 3121 (May-22-2013) - Carbonite)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 2010 (HKLM\...\DVD Shrink 2010_is1) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GMATPrep (HKLM\...\GMATPrep 2.1.279) (Version: 2.1.279 - Graduate Management Admission Council (GMAC))
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}) (Version: 10.0 - HP)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version:  - )
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 12 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150120}) (Version: 1.5.0.120 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Just BASIC v1.01 (HKLM\...\Just BASIC v1.01) (Version:  - )
LAS EZ 3.0.0 (HKLM\...\{8F0C7F4E-62F3-4EA7-944E-237C24FB5F3A}) (Version: 3.0.0.629 - Leica Microsystems)
Leica EZ Camera 2.6.0 (HKLM\...\Leica EZ Camera) (Version: 2.6.0 - Leica Microsystems)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nero 7 Ultra Edition (HKLM\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PS_AIO_03_C4400_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RegHunter (HKLM\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)
RuneScape Toolbar (HKLM\...\RuneScape Toolbar) (Version:  - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2A1BE1E7-C550-4D67-A553-7F2D3A39233D}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{43090D0D-E309-4D12-B3E8-0165D520BA4C}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{88FC690D-93F7-4A46-B920-4F611E7BE891}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\EPIVER~1.DLL (Aventail)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{A7BC4157-A8EC-488F-9808-C63E2ACB0996}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2014-11-02 11:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2E9FF072-E3C7-44D5-84DA-7C6E73953647} - System32\Tasks\wrSpySweeper_L9C45C3EE578D4DC8B0BA4E13A94872E9 => C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Task: {35952BB2-CDC4-4B73-B28D-EE0B1A021A5A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe [2014-11-02] (Carbonite, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {64214F3C-7499-4EA5-A9E1-156A0249FE31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {75541089-08B6-447C-8B39-A39430347AA9} - System32\Tasks\HPCeeScheduleForTerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard)
Task: {7E4431C1-1C68-4B99-BFAE-8848FDA504D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {9E150536-C247-4F3E-8F5E-017F30096D4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB900A37-164E-4212-9D65-27BA0C4FFAFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {C790ABEC-2A85-40E1-9B3B-836788A81131} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E01A1B54-7B3E-4A84-B404-E09717419A86} - \{8776849C-D5EB-42CC-B709-6FF46804D045} No Task File <==== ATTENTION
Task: {EE51F583-7952-4D6E-92BD-E210AE3783BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-02 10:24 - 2014-11-02 10:24 - 02898944 _____ () C:\Program Files\AVAST Software\Avast\defs\14110201\algo.dll
2014-05-03 15:05 - 2014-05-03 15:05 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-02 13:56 - 2014-11-02 13:56 - 00043008 _____ () c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6qgbzq.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
2009-04-05 22:51 - 2009-04-05 22:51 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-08 18:12 - 2009-04-08 18:12 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1477731906-2416044131-2405930326-500 - Administrator - Disabled)
Guest (S-1-5-21-1477731906-2416044131-2405930326-501 - Limited - Disabled)
Terry (S-1-5-21-1477731906-2416044131-2405930326-1000 - Administrator - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 02:21:40 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({00647691-8d7f-4b97-b24f-9d8e2513b6e6},{531b88da-eccc-47d0-a3fa-f1d8d1c6433a},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:21:40 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {531b88da-eccc-47d0-a3fa-f1d8d1c6433a}

Error: (11/02/2014 02:18:47 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({12741619-7f63-4a14-accf-272f16466739},{fe98a93d-ee9e-4330-b131-479d15859500},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:18:47 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {fe98a93d-ee9e-4330-b131-479d15859500}

Error: (11/02/2014 02:17:04 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({83ad5001-70ae-435d-8974-d40c3e22861b},{e66d5a29-4164-4bf1-8f79-7f05d4a6d542},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 02:17:04 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {e66d5a29-4164-4bf1-8f79-7f05d4a6d542}

Error: (11/02/2014 01:51:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4d38
Start Time: 01cff6d6a10b5367
Termination Time: 5

Error: (11/02/2014 11:54:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = OTL Restore Point - 11/2/2014 11:54:19 AM; Hr = 0x8004230f).

Error: (11/02/2014 11:54:41 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({665564e0-cbd2-42b0-b12a-86ae19477bd7},{bd1a7b73-946c-4aea-ab89-a477e96b4f14},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/02/2014 11:54:41 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {bd1a7b73-946c-4aea-ab89-a477e96b4f14}

System errors:
=============
Error: (11/02/2014 02:04:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/02/2014 01:59:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 01:57:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (11/02/2014 01:56:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/02/2014 01:55:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (11/02/2014 01:55:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (11/02/2014 11:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SpyHunter 4 Service1

Error: (11/02/2014 08:57:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/02/2014 08:56:31 AM) (Source: Schannel) (EventID: 4106) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/02/2014 08:54:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-01 12:06:33.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:31.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:28.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:26.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:22.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:20.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:18.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:13.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:10.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 51%
Total physical RAM: 2941.76 MB
Available physical RAM: 1429.79 MB
Total Pagefile: 12074.3 MB
Available Pagefile: 10376.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.12 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:363.82 GB) (Free:38.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.79 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Valinorum]

• Step #4 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    Closeprocesses:
    Emptytemp:
    CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    Task: {E01A1B54-7B3E-4A84-B404-E09717419A86} - \{8776849C-D5EB-42CC-B709-6FF46804D045} No Task File <==== ATTENTION
    HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
    C:\Users\Terry\jagex_cl_runescape_LIVE.dat
    C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
    C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
    C:\Users\Terry\jagex_runescape_preferences.dat
    C:\Users\Terry\jagex_runescape_preferences2.dat
    C:\Users\Terry\jagex__preferences3.dat
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Required Log(s):
  • FRST Fix Log

Regards,
Valinorum

[zgwninja]

Good Evening Valinorum,

 

I started running the fix this morning and it was still going after a couple hours so I had to leave for work. I just got home and it is still going, so its been running for over 8 hours now. It doesn't look stalled tough, as the activity bar still has the green moving accross it.  

 

Also, I noticed that there is a fixlog on my desktop (pasted below). Is it possible that the program finished, but didn't close itself? Please advise if I should close it or let it keep running.

 

Also, I haven't seen the avast pop up or the adobe alert messages since starting the program.

 

Start
Closeprocesses:
Emptytemp:
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {E01A1B54-7B3E-4A84-B404-E09717419A86} - \{8776849C-D5EB-42CC-B709-6FF46804D045} No Task File <==== ATTENTION
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
C:\Users\Terry\jagex_cl_runescape_LIVE.dat
C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
C:\Users\Terry\jagex_runescape_preferences.dat
C:\Users\Terry\jagex_runescape_preferences2.dat
C:\Users\Terry\jagex__preferences3.dat
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
End

[zgwninja]

Sorry, posted the wrong log. Here's the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by Terry at 2014-11-03 07:45:34 Run:1
Running from C:\Users\Terry\Desktop
Loaded Profile: Terry (Available profiles: Terry)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Closeprocesses:
Emptytemp:
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {E01A1B54-7B3E-4A84-B404-E09717419A86} - \{8776849C-D5EB-42CC-B709-6FF46804D045} No Task File <==== ATTENTION
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
C:\Users\Terry\jagex_cl_runescape_LIVE.dat
C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
C:\Users\Terry\jagex_runescape_preferences.dat
C:\Users\Terry\jagex_runescape_preferences2.dat
C:\Users\Terry\jagex__preferences3.dat
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E01A1B54-7B3E-4A84-B404-E09717419A86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E01A1B54-7B3E-4A84-B404-E09717419A86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8776849C-D5EB-42CC-B709-6FF46804D045}" => Key deleted successfully.
"HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\.exe" => Key deleted successfully.
C:\Users\Terry\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Terry\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Terry\jagex_cl_runescape_LIVE2.dat => Moved successfully.
C:\Users\Terry\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Terry\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Terry\jagex__preferences3.dat => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

[Valinorum]

Hi,
Looks good.

• Step #5 Scan with Malwarebytes' Anti-Malware
  • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Download Link #1
    • Download Link #2
    • Download Link #3
  • Double-click mbam-setup.exe to install the application.
  • Before clicking Finish perform the following actions --
    • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    • Check the box beside Launch Malwarebytes Anti-Malware
  • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
  • Click on Setting--
    • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
  • From the Dashboard click on Scan Now;
  • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
  • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #6 ESET Online Scanner
  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
    • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
    • Uncheck the box beside Remove Found Threats;
    • Check the box beside Scan archives
    • Check the box beside Scan for potentially unsafe applications
    • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
    • If no threats were found:
      • Put a checkmark in Uninstall application on close.
      • Close the program and report that nothing was found
    • If threats were found:
      • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.
  Note: Enable your security programs afterwards.

 

• Required Log(s):
  • Malwarebytes' Anti-Malware Log
  • ESET Log

Regards,
Valinorum

[zgwninja]

The FRST program finally stopped running and asked to restart my computer. I said OK, and upon rebot got the following alert messages:

 

1.

RegSvr32

The module

"C:\ProgramData\BesoMimce\BesoMimce.dat" failed to load.

 

Make sure the binary is stored at the specified path or debug it to check for problems with binary or dependent .DLL files.

 

The specified module could not be found.

 

2.

RegSvr32

The module

"C:\ProgramData\MocxoNicku\MocxoNicku.dat" failed to load.

 

Make sure the binary is stored at the specified path or debug it to check for problems with binary or dependent .DLL files.

 

The specified module could not be found.

 

3.

RunDLL

Error loading C:\Users\Terry\AppData\Local\movziuz.dll

 

The specified module could not be found.

 

Furthermore, I already have Malewarebytes on my computer, but when I attempt to open it I get the following message:

 

C:\Program Files\Malewarebytes'Anti-Malware\mbam.exe

The program is blocked by group policy. For more information contact your system administrator.

 

I was able to download a new version of the exe file, but I cannot get thru the install because I have it on my computer already. I attempted to uninstall the program from my computer and get the following message:

 

Installed Updates

You do not have sufficient access to unistall Malewarebytes Anti-Malware version 1.70.0.1100.

Please contact your system administrator.

 

Should I attempt step 6 at this time or do you have alternative instructions?

 

Thanks,

 

Z

[zgwninja]

Also, most of my desktop icons now look like they've been hijacked and replaced by a circular oscilloscope.

[Valinorum]

Provide me a fresh FRST log please.

[zgwninja]

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Terry (administrator) on Z-BOT on 04-11-2014 21:49:43
Running from C:\Users\Terry\Desktop
Loaded Profile: Terry (Available profiles: Terry)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Motive Communications, Inc.) C:\Program Files\SBC\update\SST.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Spotify Ltd) C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Dropbox, Inc.) C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Carbonite, Inc.) C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [SBC_McciTrayApp] => C:\Program Files\SBC\update\SST.exe [1011200 2007-02-28] (Motive Communications, Inc.)
HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-05-22] (Carbonite, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [Google Update] => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-09-25] (Google Inc.)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [Spotify Web Helper] => C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Run: [BesoMimce] => regsvr32.exe "C:\ProgramData\BesoMimce\BesoMimce.dat"
HKU\S-1-5-21-1477731906-2416044131-2405930326-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
SearchScopes: HKLM - {09DFB3C9-D563-4D42-AABF-D6796B3B92DC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {3FAF579A-33CB-4FAB-9A78-037CB0FF797E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM - {FC41E59C-37C4-4AEE-A1D4-55148888F8F5} URL = http://search.live.c...#38;FORM=HVDUS7
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...?q={searchTerms}
SearchScopes: HKCU - {09DFB3C9-D563-4D42-AABF-D6796B3B92DC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {3FAF579A-33CB-4FAB-9A78-037CB0FF797E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKCU - {FC41E59C-37C4-4AEE-A1D4-55148888F8F5} URL = http://search.live.c...#38;FORM=HVDUS7
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0F673877-3D73-4322-8DFB-0F6923DB2C1A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: [NameServer] 8.8.8.8,8.8.8.8,4.2.2.2,4.2.2.1
Tcpip\..\Interfaces\{4FBCA8C3-56A4-4875-BEE7-A825DDB9689D}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\searchplugins\yahoo-avast.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-12]
FF Extension: FlashGot - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-07]
FF Extension: Adblock Plus - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-26]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java™ Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Terry\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (Google Search) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5013000 2013-05-22] (Carbonite, Inc. (www.carbonite.com))
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [66560 2012-05-31] (Nalpeiron Ltd.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2014-10-29] (Enigma Software Group USA, LLC.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-03] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2014-10-29] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-10-29] ()
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [20632 2008-08-10] (Aventail Corporation)
S3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [25240 2008-08-10] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [77464 2008-08-10] (Aventail Corporation)
S3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [23192 2008-08-10] (Aventail Corporation)
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S4 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 4D6C6E0505A8E5A0656DCB223497D37C
C:\Windows\system32\drivers\aswMonFlt.sys 1A2CC93BBD77C2D95A7567938D7D7239
C:\Windows\system32\drivers\aswRdr.sys FFB1BDC9CAF255019D678DB5BEDAF0F0
C:\Windows\system32\Drivers\aswRvrt.sys 24B3BDA01DB3A704E33A5266C7B52DAF
C:\Windows\system32\drivers\aswSnx.sys D13182758BAC9B4996D592E7684C9267
C:\Windows\system32\drivers\aswSP.sys D1A68A33B082FA1C7087CE54A7923D90
C:\Windows\system32\drivers\aswTdi.sys AF01CD260A9EF60B09029C9F5EF99040
C:\Windows\system32\Drivers\aswVmm.sys B2D7EE52633CA8831DDAFCA81C2D46C3
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 9264DD96883E5769EE79CB43E712BE9E
C:\Windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DP.sys 88749FBF8BEB18C90E7D6626C8C1910B
C:\Windows\System32\DRIVERS\HSXHWBS2.sys FE440536BD98AF772130DC3A6FE1915F
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys EDC37B918E583A5A813C53D4F5588255
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\MarvinBus.sys A3E700D78EEC390F1208098CDCA5C6B6
C:\Windows\System32\DRIVERS\mcdbus.sys 8FD868E32459ECE2A1BB0169F513D31E
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ngfilter.sys 1DBB2ECFAE8B660189530A52ABCE274E
C:\Windows\System32\DRIVERS\nglog.sys 62AA8B8D788A0F0831435B4892E9501F
C:\Windows\System32\DRIVERS\ngvpn.sys D5FC4D1E8AA00C083EDEA918D10232D8
C:\Windows\System32\DRIVERS\ngwfp.sys D8DAB970838723CF68C499538B288EC9
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvmfdx32.sys 74C825C573AA6E115590D94E7BF86901
C:\Windows\System32\DRIVERS\nvlddmkm.sys E0434DCCF91A47D9D8A785AF83865D7D
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\System32\drivers\nvstor32.sys 7EBA6C9A0A295B1559EFB9062E701218
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 22:44 - 2014-11-03 22:45 - 00006164 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2014-11-03 21:14 - 2014-11-03 21:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Terry\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-02 14:30 - 2014-11-03 21:01 - 00000000 ____D () C:\ProgramData\MocxoNicku
2014-11-02 14:26 - 2014-11-02 14:26 - 00099679 _____ () C:\Users\Terry\Desktop\Shortcut.txt
2014-11-02 14:24 - 2014-11-02 14:26 - 00037726 _____ () C:\Users\Terry\Desktop\Addition.txt
2014-11-02 14:23 - 2014-11-04 21:50 - 00040027 _____ () C:\Users\Terry\Desktop\FRST.txt
2014-11-02 14:22 - 2014-11-04 21:49 - 00000000 ____D () C:\FRST
2014-11-02 14:22 - 2014-11-02 14:22 - 01106432 _____ (Farbar) C:\Users\Terry\Desktop\FRST.exe
2014-11-02 14:19 - 2014-11-02 14:19 - 00000000 _____ () C:\Users\Terry\Downloads\FRST.exe.55qvqxh.partial
2014-11-02 11:54 - 2014-11-02 11:54 - 00000000 ____D () C:\_OTL
2014-11-01 23:16 - 2014-11-01 23:16 - 00056106 _____ () C:\Users\Terry\Desktop\Extras.Txt
2014-11-01 23:00 - 2014-11-01 23:00 - 00080420 _____ () C:\Users\Terry\Desktop\OTL.Txt
2014-11-01 17:47 - 2014-11-01 17:47 - 00602112 _____ (OldTimer Tools) C:\Users\Terry\Desktop\OTL.exe
2014-11-01 15:38 - 2014-11-01 15:38 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Terry\Desktop\tdsskiller.exe
2014-11-01 14:04 - 2014-11-01 15:18 - 00000000 ____D () C:\AdwCleaner
2014-11-01 14:01 - 2014-11-01 14:01 - 01998336 _____ () C:\Users\Terry\Desktop\adwcleaner_4.002.exe
2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\Qoobox
2014-11-01 13:32 - 2014-11-01 16:04 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-01 13:32 - 2014-11-01 13:32 - 05591672 ____R (Swearware) C:\Users\Terry\Desktop\ComboFix.exe
2014-11-01 13:32 - 2014-11-01 13:32 - 00000000 ____D () C:\Windows\erdnt
2014-10-29 22:04 - 2014-10-29 22:04 - 00000000 __SHD () C:\found.006
2014-10-29 21:51 - 2014-10-29 21:51 - 00001072 _____ () C:\Users\Terry\Desktop\RegHunter.lnk
2014-10-29 21:51 - 2014-10-29 21:51 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-10-29 21:51 - 2014-10-29 21:51 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Enigma Software Group
2014-10-29 21:49 - 2014-10-29 21:49 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-27 22:05 - 2014-10-27 22:05 - 00293967 _____ () C:\Users\Terry\Downloads\Project Respiration & Digestion.pptx
2014-10-27 21:59 - 2014-10-21 16:35 - 08686380 _____ () C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
2014-10-22 19:14 - 2014-10-27 20:46 - 01075887 _____ () C:\Users\Terry\Downloads\Verhoeff Von Gieson Stain.pptx
2014-10-22 19:14 - 2014-10-22 21:54 - 00410240 _____ () C:\Users\Terry\Downloads\Hall - Fouchet Stain Presentation - Jennifer Heimbach.pptx
2014-10-19 19:21 - 2014-10-19 19:38 - 02195639 _____ () C:\Users\Terry\Downloads\jennifer heimbach spleen and lymph vessel  Project Blood Vessels, Skin, & Lymphatics.pptx
2014-10-18 19:06 - 2014-10-18 19:06 - 00098664 _____ () C:\Users\Terry\Downloads\Project Blood Vessels, Skin, & Lymphatics.pptx
2014-10-18 18:44 - 2014-10-18 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-16 11:54 - 2014-10-16 11:54 - 00160896 _____ () C:\Windows\Minidump\Mini101614-01.dmp
2014-10-16 02:19 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:19 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:19 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:16 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:03 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 02:00 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:08 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:08 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:08 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:08 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:08 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:08 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:08 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 13:08 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:08 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:08 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:08 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:08 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 13:08 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 13:08 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 21:17 - 2014-10-11 21:17 - 00000128 _____ () C:\Users\Terry\Downloads\calendar.ics
2014-10-11 19:46 - 2014-10-11 21:00 - 01034185 _____ () C:\Users\Terry\Downloads\Project Endocrine.pptx
2014-10-06 20:59 - 2014-10-06 20:59 - 00490496 _____ () C:\Users\Terry\Downloads\TS010286212.pot
2014-10-06 20:54 - 2014-10-06 20:54 - 01010227 _____ () C:\Users\Terry\Downloads\free_powerpoint_templates.zip
2014-10-05 17:51 - 2014-10-05 17:51 - 00801841 _____ () C:\Users\Terry\Downloads\Jennifer Heimbach Project Excitable.pptx
2014-10-05 15:44 - 2014-10-05 15:44 - 00125651 _____ () C:\Users\Terry\Downloads\Project Excitable.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 21:20 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 21:20 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 21:18 - 2012-01-17 16:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job
2014-11-04 21:13 - 2013-04-02 10:50 - 01233084 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 21:13 - 2010-05-14 14:18 - 00031871 _____ () C:\ProgramData\nvModes.001
2014-11-04 21:13 - 2010-05-14 13:55 - 00031871 _____ () C:\ProgramData\nvModes.dat
2014-11-04 20:51 - 2012-07-12 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 15:18 - 2012-01-17 16:34 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job
2014-11-03 21:28 - 2006-11-02 02:33 - 00811276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 21:23 - 2014-03-05 18:38 - 00000000 ___RD () C:\Users\Terry\Dropbox
2014-11-03 21:23 - 2014-03-05 18:36 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Dropbox
2014-11-03 21:20 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 21:19 - 2006-11-02 05:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-03 20:55 - 2013-09-13 15:02 - 00246270 _____ () C:\Windows\PFRO.log
2014-11-03 07:45 - 2007-08-18 13:06 - 00000000 ____D () C:\Users\Terry
2014-11-01 15:10 - 2010-05-14 13:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-01 12:17 - 2013-04-02 10:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-29 21:51 - 2013-05-09 06:38 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-29 21:51 - 2011-12-27 21:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-29 21:49 - 2011-12-27 21:52 - 00001077 _____ () C:\Users\Terry\Desktop\SpyHunter.lnk
2014-10-29 17:36 - 2008-02-03 10:27 - 00000000 ____D () C:\Users\Terry\Desktop\Jenna
2014-10-29 15:45 - 2013-02-07 16:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-28 05:35 - 2009-10-02 08:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-18 18:05 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 11:54 - 2007-12-10 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-16 11:53 - 2013-10-12 19:53 - 299889822 _____ () C:\Windows\MEMORY.DMP
2014-10-16 02:47 - 2013-04-02 10:44 - 00379336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:19 - 2007-04-25 11:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:14 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:04 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-08 16:11 - 2008-04-02 18:37 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForTerry.job

Some content of TEMP:
====================
C:\Users\Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmusxl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e93ad22d-f362-11db-81a4-001bb9508be8}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e93ad22d-f362-11db-81a4-001bb9508be8}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {e93ad22d-f362-11db-81a4-001bb9508be8}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

 

LastRegBack: 2014-11-04 21:40

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Terry at 2014-11-04 21:50:44
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-AACE (HKLM\...\ATT-AACE) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Aventail Access Manager (HKCU\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 9.1.33 - Aventail Corporation)
Aventail Access Manager (Version: 9.1.33 - Aventail Corporation) Hidden
Aventail Connect (HKLM\...\{A2A78788-2792-49BF-AF22-5E9296E568F3}) (Version: 9.1.33 - Aventail)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C4400 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C4400_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.4.6 build 3121 (May-22-2013) - Carbonite)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 2010 (HKLM\...\DVD Shrink 2010_is1) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GMATPrep (HKLM\...\GMATPrep 2.1.279) (Version: 2.1.279 - Graduate Management Admission Council (GMAC))
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}) (Version: 10.0 - HP)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version:  - )
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 12 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150120}) (Version: 1.5.0.120 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Just BASIC v1.01 (HKLM\...\Just BASIC v1.01) (Version:  - )
LAS EZ 3.0.0 (HKLM\...\{8F0C7F4E-62F3-4EA7-944E-237C24FB5F3A}) (Version: 3.0.0.629 - Leica Microsystems)
Leica EZ Camera 2.6.0 (HKLM\...\Leica EZ Camera) (Version: 2.6.0 - Leica Microsystems)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nero 7 Ultra Edition (HKLM\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PS_AIO_03_C4400_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RegHunter (HKLM\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)
RuneScape Toolbar (HKLM\...\RuneScape Toolbar) (Version:  - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2A1BE1E7-C550-4D67-A553-7F2D3A39233D}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{43090D0D-E309-4D12-B3E8-0165D520BA4C}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{88FC690D-93F7-4A46-B920-4F611E7BE891}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\EPIVER~1.DLL (Aventail)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{A7BC4157-A8EC-488F-9808-C63E2ACB0996}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Aventail\epi\epi.dll (Aventail Corporation)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1477731906-2416044131-2405930326-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2E9FF072-E3C7-44D5-84DA-7C6E73953647} - System32\Tasks\wrSpySweeper_L9C45C3EE578D4DC8B0BA4E13A94872E9 => C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Task: {35952BB2-CDC4-4B73-B28D-EE0B1A021A5A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe [2014-11-03] (Carbonite, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {64214F3C-7499-4EA5-A9E1-156A0249FE31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {75541089-08B6-447C-8B39-A39430347AA9} - System32\Tasks\HPCeeScheduleForTerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard)
Task: {7E4431C1-1C68-4B99-BFAE-8848FDA504D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {9E150536-C247-4F3E-8F5E-017F30096D4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB900A37-164E-4212-9D65-27BA0C4FFAFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {C790ABEC-2A85-40E1-9B3B-836788A81131} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {EE51F583-7952-4D6E-92BD-E210AE3783BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-04 13:33 - 2014-11-04 13:33 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110401\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-03 21:22 - 2014-11-03 21:22 - 00043008 _____ () c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmusxl.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
2009-04-05 22:51 - 2009-04-05 22:51 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-08 18:12 - 2009-04-08 18:12 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-01 10:02 - 2010-04-01 10:02 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1477731906-2416044131-2405930326-500 - Administrator - Disabled)
Guest (S-1-5-21-1477731906-2416044131-2405930326-501 - Limited - Disabled)
Terry (S-1-5-21-1477731906-2416044131-2405930326-1000 - Administrator - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 09:45:04 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({032c65e3-ef0f-443e-a08d-e9eda902d2c1},{3b3de9c5-8949-4767-8bcf-e82665a6a2f0},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/04/2014 09:45:04 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {3b3de9c5-8949-4767-8bcf-e82665a6a2f0}

Error: (11/04/2014 09:35:31 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({0eb92aa3-bae7-46bb-9ab3-69bb8872c56d},{e39b26ed-3a8b-4250-b375-2b91a48f75b5},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/04/2014 09:35:31 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {e39b26ed-3a8b-4250-b375-2b91a48f75b5}

Error: (11/04/2014 09:32:08 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({54037005-aedc-4d83-a160-0094c687ef78},{4f71b3fb-4d8a-4e28-848f-5bbea4be210f},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/04/2014 09:32:08 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {4f71b3fb-4d8a-4e28-848f-5bbea4be210f}

Error: (11/04/2014 09:30:01 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({4cd12560-0bba-467e-b505-330cd58c1e42},{da16337a-d0c0-4b45-952d-4b5074396cae},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/04/2014 09:30:01 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {da16337a-d0c0-4b45-952d-4b5074396cae}

Error: (11/04/2014 09:26:53 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details BeginPrepareSnapshot({2ef0cd91-f8ae-4cf5-a3b1-952ff5621385},{57aea61a-6618-43d0-a6c4-7ec163453e33},\\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\) [hr = 0x80042308].

Operation:
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator

Error: (11/04/2014 09:26:53 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{b077e006-0424-11dc-859e-806e6f6e6963}\
   Snapshot ID: {57aea61a-6618-43d0-a6c4-7ec163453e33}

System errors:
=============
Error: (11/04/2014 09:42:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (11/03/2014 10:23:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume HP.

Error: (11/03/2014 10:23:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/03/2014 10:23:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume HP.

Error: (11/03/2014 10:23:25 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/03/2014 10:23:25 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume HP.

Error: (11/03/2014 10:23:25 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/03/2014 10:23:23 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/03/2014 10:23:23 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/03/2014 10:23:23 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume HP.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-01 12:06:33.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:31.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:28.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:26.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:22.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:20.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:18.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:13.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-01 12:06:10.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 52%
Total physical RAM: 2941.76 MB
Available physical RAM: 1404.03 MB
Total Pagefile: 12076.3 MB
Available Pagefile: 10644.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.55 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:363.82 GB) (Free:81.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.79 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Shortcut.txt

 

Users shortcut scan result (x86) Version: 02-11-2014
Ran by Terry at 2014-11-04 21:52:12
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A83000000003}\SC_Reader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe (I.R.I.S. SA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk -> C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Doom9's Xvid Forum.lnk -> C:\Program Files\Xvid\doom9forum.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Koepi's Homepage (Updates).lnk -> C:\Program Files\Xvid\koepishomepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Xvid Homepage.lnk -> C:\Program Files\Xvid\xvidhomepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Koepi's OGMCalc.lnk -> C:\Program Files\Xvid\OGMCalc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Nic's FourCC changer.lnk -> C:\Program Files\Xvid\AviC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Nic's MiniCalc.lnk -> C:\Program Files\Xvid\MiniCalc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk -> C:\Program Files\Xvid\releasenotes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Some quantization matrices.lnk -> C:\Program Files\Xvid\Xvid_Quant_Matrices.zip ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\StatsReader 2.1.lnk -> C:\Program Files\Xvid\StatsReader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\StatsReader Notes.lnk -> C:\Program Files\Xvid\statsreader.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid.lnk -> C:\Program Files\Xvid\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall.lnk -> C:\Program Files\Xvid\xvid-uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Vidc.Cleaner.lnk -> C:\Program Files\Xvid\vidccleaner.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubMux.lnk -> C:\Program Files\Gabest\VobSub\submux.exe (Gabest)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubResync.lnk -> C:\Program Files\Gabest\VobSub\subresync.exe (Gabest)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\Uninstall.lnk -> C:\Program Files\Gabest\VobSub\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub dir.lnk -> C:\Program Files\Gabest\VobSub ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Getting Started Guide.lnk -> C:\hp\documentation\getting_started\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety & Comfort Guide.lnk -> C:\hp\documentation\297660.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\hp\documentation\usgvn.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013\TurboTax 2013.lnk -> C:\Windows\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2009\TurboTax 2009.lnk -> C:\Windows\Installer\{38975F50-EAA2-012B-ADB4-000000000000}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2008\TurboTax 2008.lnk -> C:\Windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe (Intuit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\File Shredder.lnk -> C:\Program Files\Spybot - Search & Destroy\SDShred.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Tutorial.lnk -> C:\Program Files\Spybot - Search & Destroy\Help\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk -> C:\Program Files\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk -> C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Guided Tour.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Pinnacle Studio 12 Help.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Pinnacle Studio 12 Manual.lnk -> C:\Program Files\Pinnacle\Studio 12\Studio_us.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Pinnacle Studio 12.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Readme.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Tools\AM Capture.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Tools\Check 3D Server.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12\Tools\Transfer Content.lnk -> C:\Windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk -> C:\Program Files\PC-Doctor 5 for Windows\pcdr5cuiw32.exe (PC-Doctor, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP support information.lnk -> C:\hp\support\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Disc Creation.lnk -> C:\Windows\SMINST\CD Creator.exe (SoftThinks)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Manager.lnk -> C:\Windows\SMINST\Restore7.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\EarthLink.lnk -> C:\Program Files\Online Services\EarthLink\InstallEarthLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Juno Dial-up.lnk -> C:\Program Files\Online Services\JunoUS\JunoTurboSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\MSN.lnk -> C:\Program Files\Online Services\MSN90\MSNSUSII.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero Dial-up.lnk -> C:\Program Files\Online Services\NetzeroUS_du\NetZeroHSSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero High-speed.lnk -> C:\Program Files\Online Services\NetzeroUS_Acc\NetZeroHSSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Try  AOL Today.lnk -> C:\Program Files\Online Services\Aolus\InstallAol.exe (Hewlett Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage Small Business Plans.lnk -> C:\Program Files\Online Services\VonagesmbUS\launch_vonage.js ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage.lnk -> C:\Program Files\Online Services\VonagecoreUS\Core_start.exe (Vonage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\AOL.lnk -> C:\Program Files\Online Services\Aolca\InstallAol.exe (Hewlett Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netscape.lnk -> C:\Program Files\Online Services\Netscape_ca\Setup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero Dial-up.lnk -> C:\Program Files\Online Services\Netzero_du_ca\NetZeroHSSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero High-speed.lnk -> C:\Program Files\Online Services\Netzero_Acc_ca\NetZeroHSSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Vonage Home Phone Service.lnk -> C:\Program Files\Online Services\Vonageca\core\launch_vonage.js ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero BackItUp [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroBackItUp_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero BurnRights [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero CD-DVD Speed [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero CoverDesigner [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero Express [English Help].lnk -> C:\Program Files\Nero\Nero 7\Core\NeroExpress_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero Home [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero Home\NeroHome_Eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero MediaHome [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome_Eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero PhotoSnap [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero PhotoSnap\NeroPhotoSnap_Eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero Recode [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero Recode\NeroRecode_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero ShowTime [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero ShowTime\NeroShowTime_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero SoundTrax [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero SoundTrax\NeroSoundTrax_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero StartSmart [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero Vision [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero Vision\NeroVisionExpress_ENG.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuals\Nero WaveEditor [English Help].lnk -> C:\Program Files\Nero\Nero 7\Nero WaveEditor\NeroWaveEditor_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Program Files\Microsoft Works\wksgsg.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Program Files\Microsoft Works\wksdb.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Program Files\Microsoft Works\wksss.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Program Files\Microsoft Works\WksWP.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Windows Address Book.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Activation Assistant for Microsoft Office.lnk -> C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\ota.hta ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Problem Reports and Solutions.lnk -> C:\Windows\System32\wercon.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\Uninstall MagicDisc.lnk -> C:\Program Files\MagicDisc\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Release Notes.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Release_Notes.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Framework.exe (Leica Microsystems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Chinese.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\zh-cn\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Deutsch.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\de\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ English.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Espanol.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\es\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Francais.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\fr\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Italiano.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\it\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leica Application Suite\LAS EZ Help\LAS EZ Japanese.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Help\ja\LAS_EZ_Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just BASIC v1.01\Just BASIC Help.lnk -> C:\Program Files\Just BASIC v1.01\JUSTBASIC.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just BASIC v1.01\Just BASIC v1.01.lnk -> C:\Program Files\Just BASIC v1.01\jbasic.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just BASIC v1.01\Uninstall.lnk -> C:\Program Files\Just BASIC v1.01\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Configuration Utility\iPhone Configuration Utility.lnk -> C:\Windows\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCUIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ\ImageJ.lnk -> C:\Program Files\ImageJ\ImageJ.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ\Uninstall ImageJ.lnk -> C:\Program Files\ImageJ\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2\HyperCam 2.lnk -> C:\Program Files\HyCam2\HyCam2.exe (Hyperionics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2\HyperCam Help.lnk -> C:\Program Files\HyCam2\HyCam2.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2\README.lnk -> C:\Program Files\HyCam2\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2\Uninstall HyperCam.lnk -> C:\Program Files\HyCam2\UnHyCam2.exe (Hyperionics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Help.lnk -> C:\Program Files\HP\Digital Imaging\help\aio47.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Product Support Website.lnk -> C:\Program Files\HP\Digital Imaging\HP Photosmart C4400 series\help\HP Product Support Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Readme.lnk -> C:\Program Files\HP\Digital Imaging\help\PS_AIO_03_C4400_readme\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 2.0\HP Photosmart Essential 2.0.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard\HP Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMATPrep\GMATPrep.lnk -> C:\Program Files\GMATPrep2012\GMATPrep.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgrade.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink 2010\DVD Shrink 2010.lnk -> C:\Program Files\DVD Shrink 2010\DVDShrink.exe (DVD Shrink 2010)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink 2010\Uninstall DVD Shrink 2010.lnk -> C:\Program Files\DVD Shrink 2010\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk -> C:\Program Files\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall  DVD Flick.lnk -> C:\Program Files\DVD Flick\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk -> C:\Program Files\DVD Flick\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk -> C:\Program Files\DVD Flick\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk -> C:\Program Files\DVD Flick\guide\index_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk -> C:\Program Files\DVD Flick\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk -> C:\Program Files\Coupons\CouponsDotCom.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\AviSynth Documentation.lnk -> C:\Program Files\AviSynth 2.5\Docs\English\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Example Scripts.lnk -> C:\Program Files\AviSynth 2.5\Examples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\License.lnk -> C:\Program Files\AviSynth 2.5\gpl.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Plugin Directory.lnk -> C:\Program Files\AviSynth 2.5\plugins ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Uninstall AviSynth.lnk -> C:\Program Files\AviSynth 2.5\Uninstall.exe (The Public)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\AutoGK.lnk -> C:\Program Files\AutoGK\AutoGK.exe (autogk.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Uninstall.lnk -> C:\Program Files\AutoGK\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\Catalan Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_ca.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\English Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\French Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_fr.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\Greek Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_gr.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\Italian Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_it.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\Portuguese Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_pt.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Tutorials\Russian Tutorial.lnk -> C:\Program Files\AutoGK\help\AutoGK_ru.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\Windows\System32\sdclt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\AC3Filter Config.lnk -> C:\Program Files\AC3Filter\ac3config.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Clear filter cache.lnk -> C:\Program Files\AC3Filter\Clear filter cache.reg ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\License.lnk -> C:\Program Files\AC3Filter\GPL.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Readme.lnk -> C:\Program Files\AC3Filter\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Reset to defaults.lnk -> C:\Program Files\AC3Filter\Reset to defaults.reg ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Restore default presets.lnk -> C:\Program Files\AC3Filter\Presets.reg ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\SPDIF test (32bit).lnk -> C:\Program Files\AC3Filter\spdif_test.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Uninstall AC3Filter.lnk -> C:\Program Files\AC3Filter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Documentation (rus)\AC3Filter - Ðóêîâîäñòâî ïîëüçîâàòåëÿ.lnk -> C:\Program Files\AC3Filter\doc\ac3filter_rus.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Documentation (rus)\Ãðîìêîñòü è äèíàìè÷åñêèé äèàïàçîí.lnk -> C:\Program Files\AC3Filter\doc\loudness_rus.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Documentation (eng)\AC3Filter & SPDIF.lnk -> C:\Program Files\AC3Filter\doc\spdif_eng.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Documentation (eng)\AC3Filter User's Manual.lnk -> C:\Program Files\AC3Filter\doc\ac3filter_eng.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Documentation (eng)\Loudness and dynamic range.lnk -> C:\Program Files\AC3Filter\doc\loudness_eng.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Hewlett-Packard\HP Advisor\HP Advisor.lnk -> C:\hp\tmp\%ProgramFiles(x86)%\Hewlett-Packard\HP Advisor\HPAdvisor.exe (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader 8.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\DVD Shrink 2010.lnk -> C:\Program Files\DVD Shrink 2010\DVDShrink.exe (DVD Shrink 2010)
Shortcut: C:\Users\Public\Desktop\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\LAS EZ.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Framework.exe (Leica Microsystems)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\TurboTax 2013.lnk -> C:\Windows\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Terry\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Terry\HP Total Care Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
Shortcut: C:\Users\Terry\Microsoft Office – 60 Day Trial..lnk -> C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\ota.hta ()
Shortcut: C:\Users\Terry\My HP Games.lnk -> C:\Program Files\HP Games\onplay\onplay.exe (No File)
Shortcut: C:\Users\Terry\Windows Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()
Shortcut: C:\Users\Terry\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Terry\Pictures\My Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Terry\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Terry\Links\Documents.lnk -> C:\Users\Terry\Documents ()
Shortcut: C:\Users\Terry\Links\Dropbox.lnk -> C:\Users\Terry\Dropbox ()
Shortcut: C:\Users\Terry\Links\Music.lnk -> C:\Users\Terry\Music ()
Shortcut: C:\Users\Terry\Links\Pictures.lnk -> C:\Users\Terry\Pictures ()
Shortcut: C:\Users\Terry\Links\Public.lnk -> C:\Users\Public ()
Shortcut: C:\Users\Terry\Links\Recently Changed.lnk -> C:\Users\Terry\Searches\Recently Changed.search-ms ()
Shortcut: C:\Users\Terry\Links\Searches.lnk -> C:\Users\Terry\Searches ()
Shortcut: C:\Users\Terry\Desktop\DVD Flick.lnk -> C:\Program Files\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\Users\Terry\Desktop\Framework.exe - Shortcut.lnk -> C:\Program Files\Leica Microsystems\LAS EZ\Framework.exe (Leica Microsystems)
Shortcut: C:\Users\Terry\Desktop\ImageJ.lnk -> C:\Program Files\ImageJ\ImageJ.exe ()
Shortcut: C:\Users\Terry\Desktop\IMG_6683.JPG - Shortcut.lnk -> C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\WEDDING\Marty Pix\IMG_6683.JPG ()
Shortcut: C:\Users\Terry\Desktop\JENNIFER HEIMBACH RESUME.doc - Shortcut.lnk -> C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\Resume\JENNIFER HEIMBACH RESUME.doc ()
Shortcut: C:\Users\Terry\Desktop\MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Shortcut: C:\Users\Terry\Desktop\RegHunter.lnk -> C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Terry\Desktop\Spotify.lnk -> C:\Users\Terry\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Terry\Desktop\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Terry\Desktop\USB STICK\My Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Terry\Desktop\Security Programs\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Terry\Desktop\Security Programs\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner.exe (No File)
Shortcut: C:\Users\Terry\Desktop\Security Programs\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Terry\Desktop\Pinnacle\Pinnacle Studio 12.lnk -> C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe (Pinnacle Systems)
Shortcut: C:\Users\Terry\Desktop\Media Players\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\JENNIFER HEIMBACH RESUME.doc - Shortcut.lnk -> C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\Resume\JENNIFER HEIMBACH RESUME.doc ()
Shortcut: C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\WEDDING\Marty Pix\IMG_6683.JPG - Shortcut.lnk -> C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\WEDDING\Marty Pix\IMG_6683.JPG ()
Shortcut: C:\Users\Terry\Desktop\Jennifer Heimbach Employment Documents\Biocare\JENNIFER HEIMBACH RESUME .doc.lnk -> C:\Users\Terry\Downloads\JENNIFER HEIMBACH RESUME (3).doc ()
Shortcut: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\My documents old HP\My Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\My documents old HP\My Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\My documents old HP\jodie\schmesktop\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Terry\Desktop\Finances\Taxes\Turbo Tax\TurboTax 2008.lnk -> C:\Windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe (Intuit)
Shortcut: C:\Users\Terry\Desktop\Finances\Taxes\Turbo Tax\TurboTax 2009.lnk -> C:\Windows\Installer\{38975F50-EAA2-012B-ADB4-000000000000}\TurboTax.exe (Intuit)
Shortcut: C:\Users\Terry\Desktop\Downloading Programs\µTorrent.lnk -> C:\Program Files\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Terry\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in\Uninstall Winamp Detector Plug-in.lnk -> C:\Program Files\Winamp Detect\UninstWaDetect.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\License.lnk -> C:\Users\Terry\jagexcache\jagexlauncher\LICENSE.txt ()
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter\RegHunter.lnk -> C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Terry\Dropbox ()
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 2010.lnk -> C:\Program Files\DVD Shrink 2010\DVDShrink.exe (DVD Shrink 2010)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 12.lnk -> C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe (Pinnacle Systems)
Shortcut: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Terry\AppData\Local\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Terry\AppData\Local\Microsoft\Windows\GameExplorer\{0D0B1196-F2D9-4425-BC47-320A94C535B4}\PlayTasks\0\Play.lnk -> C:\Program Files\Diablo II\Diablo II.exe (No File)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk -> C:\Program Files\Online Services\eBay\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=73
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Zip.ca - Online DVD Rentals.lnk -> C:\Program Files\Online Services\zipca\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=zipca&pf=desktop&locale=en_ca&bd=all&c=73

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvidvfw.dll,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\DirectVobSub Configure.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> dvobsub.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Configure.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> vobsub.dll,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Cutter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> vobsub.dll,Cutter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Joiner.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> vobsub.dll,Joiner
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D (no hardware acceleration).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout direct3d --overlay --no-directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout direct3d --overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no hardware acceleration).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout directx --no-overlay --no-directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no video overlay).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout directx --no-overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout directx --overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to OpenGL.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --vout opengl --overlay --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Qt (default).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -I qt --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Skinnable.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -I skins --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to DirectX (default).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --aout aout_directx --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to Waveout.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --aout waveout --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Easy Internet Services.lnk -> C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe (Hewlett-Packard) -> /LaunchPage /eis
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero Home.lnk -> C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero ProductSetup.lnk -> C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=8  MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero StartSmart.lnk -> C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tools\Nero BurnRights.lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tools\Nero CD-DVD Speed.lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tools\Nero DriveSpeed.lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tools\Nero InfoTool.lnk -> C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Share\Nero MediaHome.lnk -> C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Play\Nero ShowTime.lnk -> C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Photo and Video\Nero PhotoSnap Viewer.lnk -> C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Photo and Video\Nero PhotoSnap.lnk -> C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Photo and Video\Nero Recode.lnk -> C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Photo and Video\Nero Vision.lnk -> C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Labels\Nero CoverDesigner.lnk -> C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Data\Nero BackItUp.lnk -> C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Data\Nero Burning ROM.lnk -> C:\Program Files\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Data\Nero Express.lnk -> C:\Program Files\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8  /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Audio\Nero Burning ROM.lnk -> C:\Program Files\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Audio\Nero Express.lnk -> C:\Program Files\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8  /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Audio\Nero SoundTrax.lnk -> C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Audio\Nero WaveEditor.lnk -> C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Product Registration.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Co.) -> "HP Photosmart C4400 series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Uninstall.lnk -> C:\Program Files\HP\Digital Imaging\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}\setup\hpzscr01.exe (Hewlett-Packard) -> -datfile hposcr29.dat -onestop
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMATPrep\Uninstall GMATPrep.lnk -> C:\Program Files\GMATPrep2012\uninstall.exe () -> runas
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk -> C:\Program Files\Coupons\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite\Carbonite InfoCenter.lnk -> C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) ->  /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite\Uninstall Carbonite.lnk -> C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe (Carbonite, Inc.) -> /remove
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Public\Desktop\Carbonite InfoCenter.lnk -> C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) ->  /open
ShortcutWithArgument: C:\Users\Terry\Desktop\Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Terry\Desktop\RuneScape.lnk -> C:\Users\Terry\jagexcache\jagexlauncher\bin\JagexLauncher.exe () -> runescape
ShortcutWithArgument: C:\Users\Terry\Desktop\Security Programs\Carbonite InfoCenter.lnk -> C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) ->  /open
ShortcutWithArgument: C:\Users\Terry\Desktop\Nero\Nero Home.lnk -> C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\Users\Terry\Desktop\Nero\Nero StartSmart.lnk -> C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\My documents old HP\jodie\schmesktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Terry\Desktop\Games\RuneScape.lnk -> C:\Users\Terry\jagexcache\jagexlauncher\bin\JagexLauncher.exe () -> runescape
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk -> C:\Users\Terry\jagexcache\jagexlauncher\bin\JagexLauncher.exe () -> runescape
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com"
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /X {230DB04D-4116-4BB3-ACAE-7983EDCC0448}
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk -> C:\Users\Terry\AppData\Roaming\Enigma Software Group\sh_installer.exe (Enigma Software Group USA, LLC.) -> -r sh
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\RuneScape.lnk -> C:\Users\Terry\jagexcache\jagexlauncher\bin\JagexLauncher.exe () -> runescape
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter\Uninstall.lnk -> C:\Users\Terry\AppData\Roaming\Enigma Software Group\rh_installer.exe (Enigma Software Group USA, LLC.) -> -r rh
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk -> C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk -> C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=8 

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.url -> hxxp://www.lightscribe.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.url -> hxxp://www.lightscribe.com/go/videos/QuickDemo
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\DVD Flick on the Web.url -> hxxp://www.dvdflick.net
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\AviSynth Online.url -> hxxp://www.avisynth.org
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Download Plugins.url -> hxxp://www.avisynth.org/warpenterprises/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\AC3Filter home.url -> hxxp://ac3filter.net
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=73
InternetURL: C:\Users\Terry\Favorites\140 Ways to Change the World.url -> hxxp://www.marcandangel.com/2011/09/04/140-ways-to-change-the-world/
InternetURL: C:\Users\Terry\Favorites\City of Concord, Parks & Recreation - TeamSideline.com.url -> hxxp://www.teamsideline.com/Org/StandingsResults.aspx?d=0mOzsuqzZyXmPVuIcgyRewjWQITH0Qtdavp57xVsZIq01O1N3%2bxmnfKZ0DG%2f4qFhpG%2bYNFkKp0g%3d
InternetURL: C:\Users\Terry\Favorites\ELI5_ What exactly is Obamacare and what did it change_ _ explainlikeimfive.url -> hxxp://www.reddit.com/r/explainlikeimfive/comments/vb8vs/eli5_what_exactly_is_obamacare_and_what_did_it/c532iz2
InternetURL: C:\Users\Terry\Favorites\Knowledge, Performance, Training, & Learning.url -> hxxp://www.nwlink.com/~donclark/hrd.html
InternetURL: C:\Users\Terry\Favorites\Krumboltz, John _ Stanford University School of Education.url -> hxxp://ed.stanford.edu/faculty/jdk
InternetURL: C:\Users\Terry\Favorites\Modern Library 100 Best Novels - Wikipedia, the free encyclopedia.url -> hxxp://en.m.wikipedia.org/wiki/Modern_Library_100_Best_Novels
InternetURL: C:\Users\Terry\Favorites\Sarah And Vinnie « [email protected] -> hxxp://radioalice.cbslocal.com/show/sarah-and-vinnie/
InternetURL: C:\Users\Terry\Favorites\The Only Chocolate Chip Cookie I Will Ever Need to Know How to Make For The Rest of My Life _ For Me, For You.url -> hxxp://forme-foryou.com/2011/08/the-only-chocolate-chip-cookie-i-will-ever-need-to-know-how-to-make-for-the-rest-of-my-life.html
InternetURL: C:\Users\Terry\Favorites\Wheat-free.org - wheat free recipes, places to eat, suppliers of ingredients.url -> hxxp://www.wheat-free.org/
InternetURL: C:\Users\Terry\Favorites\Yahoo! Mail The best web-based email!.url -> https://login.yahoo....g/mail?.intl=us
InternetURL: C:\Users\Terry\Favorites\Z MBA\Graduate and Credential Student Application and Document Deadlines.url -> hxxp://www20.csueastbay.edu/prospective/how-to-apply/application-and-document-deadlines/graduate-and-credential.html
InternetURL: C:\Users\Terry\Favorites\Z MBA\Important Dates.url -> hxxp://www20.csueastbay.edu/students/academic-and-studying/important-dates.html
InternetURL: C:\Users\Terry\Favorites\Troubleshooting\Download System Update Readiness Tool for Windows Vista (KB947821) [February 2013] from Official Microsoft Download Center.url -> hxxp://www.microsoft.com/en-us/download/details.aspx?id=504
InternetURL: C:\Users\Terry\Favorites\Links\http--www.coolmath.com-precalculus-review-calculus-intro-index.url -> hxxp://www.coolmath.com/precalculus-review-calculus-intro/index.html
InternetURL: C:\Users\Terry\Favorites\Links\MY HR  Kaiser Permanente Human Resources.url -> https://epf.kp.org/w.../home/intercept
InternetURL: C:\Users\Terry\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Users\Terry\Favorites\Jenna School\De Anza College  Medical Laboratory Technician  Home.url -> hxxp://www.deanza.edu/mlt/
InternetURL: C:\Users\Terry\Favorites\Jenna School\Medical Laboratory Sciences - weber.edu.url -> hxxp://www.weber.edu/mls
InternetURL: C:\Users\Terry\Favorites\Jenna School\YouTube - Photosynthesis-Calvin Cycle and Cyclic Electron Flow.url -> hxxp://www.youtube.com/watch?v=OYSD1jOD1dQ&feature=related
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\ANATOMY.url -> hxxp://wps.aw.com/wps/media/access/Pearson_Default/3713/3803113/login.html
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\CR Physio lectures.url -> hxxp://www.megaupload.com/?f=7ZGHXS8R
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\Entrez Gene CYP27B1 cytochrome P450, family 27, subfamily B, polypeptide 1 [ Homo sapiens ].url -> hxxp://www.ncbi.nlm.nih.gov/sites/entrez?db=gene&cmd=retrieve&list_uids=1594
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\Google Image Result for http--www.bio.davidson.edu-courses-immunology-Students-spring2006-Kinsell-figure%2011-15.jpg.url -> hxxp://images.google.com/imgres?imgurl=hxxp://www.bio.davidson.edu/courses/immunology/Students/spring2006/Kinsell/figure%252011-15.jpg&imgrefurl=hxxp://www.bio.davidson.edu/courses/immunology/Students/spring2006/Kinsell/KyleProtein.htm&usg=__U0mmi4dzjvUx_StYwDsgQC3Gybg=&h=277&w=632&sz=70&hl=en&start=12&sig2=Js3m-pfi_ft2-m4jEyvEiw&um=1&tbnid=e07Uevqa8U6l4M:&tbnh=60&tbnw=137&ei=QAejSbP2BJDWnQfGvd39DQ&prev=/images%3Fq%3DTLR2/1%26um%3D1%26hl%3Den%26safe%3Doff%26rls%3Dcom.microsoft:*:IE-SearchBox
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\Google Image Result for http--www.ncbi.nlm.nih.gov-bookshelf-picrender.fcgibook=endocrin&part=A742&blobname=ch5fb7.jpg.url -> hxxp://images.google.com/imgres?imgurl=hxxp://www.ncbi.nlm.nih.gov/bookshelf/picrender.fcgi%3Fbook%3Dendocrin%26part%3DA742%26blobname%3Dch5fb7.jpg&imgrefurl=hxxp://www.ncbi.nlm.nih.gov/bookshelf/br.fcgi%3Fbook%3Dendocrin%26part%3DA742%26rendertype%3Dbox%26id%3DA789&usg=__pjS5X1cjBtGVSEYV2wRN0ouy700=&h=374&w=538&sz=61&hl=en&start=3&sig2=GKCvk0e5wC80wffrPYPuzg&tbnid=dZWy4wdHMErxeM:&tbnh=92&tbnw=132&ei=XwGjSeGMF4jDnQfcyKH9DQ&prev=/images%3Fq%3Dvitamin%2BD%2Breceptor%26gbv%3D2%26hl%3Den%26safe%3Doff%26sa%3DG
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\http--www.amazon.com-Garfield-Friends-One-Thom-Huge-dp-B000244EK6.url -> hxxp://www.amazon.com/Garfield-Friends-One-Thom-Huge/dp/B000244EK6
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\ilearn.url -> https://ilearn.sfsu....login/index.php
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\SFSUBIOL355Weitze.url -> hxxp://sfsubiol355weitze.blogspot.com/
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\WileyPLUS.url -> https://edugen.wiley...ecure/index.uni
InternetURL: C:\Users\Terry\Favorites\Jenna School\Jenna Science\YouTube - Photosynthesis-Calvin Cycle and Cyclic Electron Flow.url -> hxxp://www.youtube.com/watch?v=OYSD1jOD1dQ&feature=related
InternetURL: C:\Users\Terry\Favorites\Jenna School\HT School\Histotechician Program - Mt. San Antonio College.url -> hxxp://www.mtsac.edu/instruction/sciences/histotech/courses.html
InternetURL: C:\Users\Terry\Favorites\Jenna School\HT School\Histotechnology Certification - Continuing Education and Training - Harford Community College.url -> hxxp://www.harford.edu/cet/histotech/onlineprogram.asp?FA=ContEd
InternetURL: C:\Users\Terry\Favorites\Jenna Kaiser\MY HR  Kaiser Permanente Human Resources.url -> https://epf.kp.org/w.../home/intercept
InternetURL: C:\Users\Terry\Favorites\jCrap\Brahma Kumaris Official Website - Home.url -> hxxp://www.bkwsu.org/
InternetURL: C:\Users\Terry\Favorites\jCrap\Diet for Eczema  Natural Remedies for Eczema - Eczema Diet Treatment.url -> hxxp://www.diethealthclub.com/health-issues-and-diet/eczema/diet.html
InternetURL: C:\Users\Terry\Favorites\jCrap\Directory for green products and environmental services.url -> hxxp://www.ecobusinesslinks.com/
InternetURL: C:\Users\Terry\Favorites\jCrap\Free Groceries  How To Get Free Grocery Assistance..url -> hxxp://freegrocerycentral.com/rd_p?p=308548&t=16723&c=&a=
InternetURL: C:\Users\Terry\Favorites\jCrap\Garage sales  Yard sales - Find & advertise garage sale or yard sale.url -> hxxp://www.garagesalestracker.com/
InternetURL: C:\Users\Terry\Favorites\jCrap\Gray Brechin Biography.url -> hxxp://www.graybrechin.com/GBrechinBiography.html
InternetURL: C:\Users\Terry\Favorites\jCrap\Meditation MP3 files, free ringtones, photo galleries, Windows sounds, Buddhism, cell phones, webcams, and more.url -> hxxp://www.jetcityorange.com/
InternetURL: C:\Users\Terry\Favorites\jCrap\mental_floss magazine - Where Knowledge Junkies Get Their Fix.url -> hxxp://www.mentalfloss.com/
InternetURL: C:\Users\Terry\Favorites\jCrap\pHbalance - home.url -> hxxp://phbalance.wikispaces.com/
InternetURL: C:\Users\Terry\Favorites\jCrap\WORK email.url -> https://remote.gotmo...m/owa/&reason=0
InternetURL: C:\Users\Terry\Favorites\J Job Search\American Society for Clinical Pathology - laboratory professionals.url -> hxxp://www.ascp.org/MainMenu/laboratoryprofessionals.aspx
InternetURL: C:\Users\Terry\Favorites\J Job Search\Career counseling 101+ things you can do with a degree in biology.url -> hxxp://advan.physiology.org/content/31/4/323.full.pdf+html
InternetURL: C:\Users\Terry\Favorites\J Job Search\Emerging Infectious Diseases Fellowship Program.url -> hxxp://www.aphl.org/mycareer/fellowships/eid/pages/default.aspx
InternetURL: C:\Users\Terry\Favorites\J Job Search\Find Jobs - HEALTHCARE HIS Jobs in Sacramento, California.url -> hxxp://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?IPath=JRKV0L&ff=21&APath=2.21.21.0.0&job_did=J3G6G576JRGKBYV9V6C
InternetURL: C:\Users\Terry\Favorites\J Job Search\john muir health.url -> https://www.healthca...a0495941f282815
InternetURL: C:\Users\Terry\Favorites\J Job Search\Makro Scientific research assistant.url -> hxxp://jobs.makroscientific.com/Jobdetails.aspx?job_id=3774&state=California&job_state='5'&keyword=&category=ALL&lbl=Research Asst (Ref Id : 24552-MP)&job_category=3&type=Search
InternetURL: C:\Users\Terry\Favorites\J Job Search\mohshistologyconsulting.com.url -> hxxp://www.mohshistologyconsulting.com/id10.html
InternetURL: C:\Users\Terry\Favorites\J Job Search\National Society for Histotechnology - Career Center - Welcome to the NSH Career Center.url -> hxxp://www.jobtarget.com/home/index.cfm?site_id=8282
InternetURL: C:\Users\Terry\Favorites\J Job Search\Patent Agent Info.url -> hxxp://www.uspto.gov/ip/boards/oed/exam/registration.jsp
InternetURL: C:\Users\Terry\Favorites\J Job Search\Process Technician II, BioAnalytical - Genencor a Danisco division.url -> hxxp://www.genencor.com/wps/wcm/connect/genencor/genencor/jobs_and_careers/jobs/vacant+jobs/erecruit_9003_50181926_en.htm
InternetURL: C:\Users\Terry\Favorites\J Job Search\Public Health Microbiologists.url -> hxxp://www.cdph.ca.gov/programs/lfs/Pages/PublicHealthMicrobiologists.aspx
InternetURL: C:\Users\Terry\Favorites\J Job Search\Sample Reference Request Letter.url -> hxxp://jobsearch.about.com/od/referenceletters/a/refrequest.htm
InternetURL: C:\Users\Terry\Favorites\J Job Search\SUBBING\30 DAY SUBSTITUTE TEACHING PERMIT.url -> hxxp://www.ctc.ca.gov/credentials/leaflets/cl505p.pdf
InternetURL: C:\Users\Terry\Favorites\J Job Search\SUBBING\http--www.ctc.ca.gov-credentials-leaflets-cl667.pdf.url -> hxxp://www.ctc.ca.gov/credentials/leaflets/cl667.pdf
InternetURL: C:\Users\Terry\Favorites\J Job Search\SUBBING\San Ramon Valley Unified School District Substitute Teaching.url -> hxxp://www.srvusd.k12.ca.us/substituteteaching
InternetURL: C:\Users\Terry\Favorites\Fitness\Bodybuilding.com - Huge Online Supplement Store & Fitness Community!.url -> hxxp://www.bodybuilding.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\one hundred push ups.url -> hxxp://hundredpushups.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\Online Stopwatch.url -> hxxp://www.online-stopwatch.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\RANDOM.ORG - Sequence Generator.url -> hxxp://www.random.org/sequences/
InternetURL: C:\Users\Terry\Favorites\Fitness\twenty five pull ups.url -> hxxp://www.twentyfivepullups.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\two hundred sit-ups 2.url -> hxxp://www.twohundredsitups.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\two hundred sit-ups.url -> hxxp://www.twohundredsitups.com/index.html
InternetURL: C:\Users\Terry\Favorites\Fitness\two hundred squats.url -> hxxp://www.twohundredsquats.com/
InternetURL: C:\Users\Terry\Favorites\Fitness\Workout Plans  Men's Health.url -> hxxp://www.menshealth.com/fitness/workout-plans-1
InternetURL: C:\Users\Terry\Favorites\FINANCES\Chase Personal Banking Investments Credit Cards Home Student Loans Auto Commercial Small Business Insurance.url -> https://www.chase.com/Chase.html
InternetURL: C:\Users\Terry\Favorites\FINANCES\Mint.com  Start Here.url -> https://wwws.mint.co...Id=1&country=US
InternetURL: C:\Users\Terry\Favorites\FINANCES\Your Retirement Plan – Wells Fargo.url -> https://www.wellsfar...tplan/wrs/index
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\AT&T.url -> https://accountmanag...cusBtn=35555341
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\Bank of America  Online Banking  Accounts Overview.url -> https://onlineeast2....ion/GotoWelcome
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\Mercury Auto Insurance - Get a fast, free online car insurance quote..url -> hxxp://mercuryinsurance.com/
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\Mercury Insurance - Make a Payment.url -> https://payment.merc...ateSelection.do
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\web-Pak - Powered @ Garaventa Enterprises.url -> https://www.garavent....com/webpak/run
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\Student Loans\ACS  Borrower Account Summary.url -> https://www.acs-educ...accountInfo.jsp
InternetURL: C:\Users\Terry\Favorites\FINANCES\Z Bills\Student Loans\Sallie Mae Manage Your Loans.url -> https://www.manageyourloans.com/MYL
InternetURL: C:\Users\Terry\Favorites\FINANCES\USAA\USAA - My USAA.url -> https://www.usaa.com...bal_my_accounts
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\A Clean Colon - Free Fantasy Baseball - ESPN.url -> hxxp://games.espn.go.com/flb/clubhouse?leagueId=131054&teamId=11&seasonId=2013
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Baseball's Next Top Model - Free Fantasy Baseball - ESPN.url -> hxxp://games.espn.go.com/flb/clubhouse?leagueId=131054&teamId=11&seasonId=2012
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\ESPN - Tournament Challenge - ESPN's NCAA Men's Bracket Game - Game Home.url -> hxxp://games.espn.go.com/tournament-challenge-bracket/en/lander?entryID=126753
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Replacement Football Refs - Free Fantasy Football - ESPN.url -> hxxp://games.espn.go.com/ffl/clubhouse?leagueId=287142&teamId=3&seasonId=2012
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Yahoo! Sports Fantasy Baseball - Canseco's Mexican HGH.url -> hxxp://baseball.fantasysports.yahoo.com/b1/137213
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Yahoo! Sports Fantasy Basketball - Europe USA We Draft Anyway..url -> hxxp://basketball.fantasysports.yahoo.com/nba/14384
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Yahoo! Sports Fantasy Basketball.url -> hxxp://basketball.fantasysports.yahoo.com/nba/36717/4
InternetURL: C:\Users\Terry\Favorites\Fantasy Sports\Yahoo! Sports Fantasy Football.url -> hxxp://football.fantasysports.yahoo.com/f1/572534/6
InternetURL: C:\Users\Terry\Favorites\Cooking\Acid Alkaline Foods.url -> hxxp://www.scribd.com/doc/16663927/Acid-Alkaline-Foods
InternetURL: C:\Users\Terry\Favorites\Cooking\Baked Chicken Recipes - PaleoFood Collection.url -> hxxp://paleofood.com/chicbak.htm
InternetURL: C:\Users\Terry\Favorites\Cooking\Chicken In Gravy Recipe - Food.com - 88309.url -> hxxp://www.food.com/recipe/chicken-in-gravy-88309
InternetURL: C:\Users\Terry\Favorites\Cooking\Chicken Steamed With Fresh Lemons Sai Ling Mung Ching Gai) Recipe - Food.com - 108502.url -> hxxp://www.food.com/recipe/chicken-steamed-with-fresh-lemons-sai-ling-mung-ching-gai-108502
InternetURL: C:\Users\Terry\Favorites\Cooking\Classic Hollandaise Sauce  Recipes - GourmetSleuth.url -> hxxp://www.gourmetsleuth.com/Recipes/Sauces-244/Classic-Hollandaise-Sauce-169.aspx
InternetURL: C:\Users\Terry\Favorites\Cooking\Find recipes online    Foodily    Food, I love you.url -> hxxp://foodily.com/
InternetURL: C:\Users\Terry\Favorites\Cooking\Glutenfreeda.com, The Largest Collection of Gluten-Free Recipes in the World, for those who have Celiac Disease, Gluten Intolerance or just love Food!.url -> hxxp://www.glutenfreeda.com/index.asp
InternetURL: C:\Users\Terry\Favorites\Cooking\Homemade Four Cheese Ravioli Recipe - Allrecipes.com.url -> hxxp://allrecipes.com//Recipe/homemade-four-cheese-ravioli/Detail.aspx
InternetURL: C:\Users\Terry\Favorites\Cooking\Kaiser Schmarrn Recipe - RecipeTips.com.url -> hxxp://www.recipetips.com/recipe-cards/t--36591/kaiser-schmarrn.asp
InternetURL: C:\Users\Terry\Favorites\Cooking\Low GI cooking and recipes.url -> hxxp://lowgicooking.com/
InternetURL: C:\Users\Terry\Favorites\Cooking\Perezhilton.com Mobile.url -> hxxp://mobi.perezhilton.com/2012-05-24-kanye-west-bon-iver-lost-in-the-world-music-video
InternetURL: C:\Users\Terry\Favorites\Cooking\Potassium Broth.url -> hxxp://www.naturalhealthtechniques.com/recipes/potassium_broth1_files/potassium_broth1.htm
InternetURL: C:\Users\Terry\Favorites\Cooking\Prudence Pennywise Whole Wheat Hamburger Buns.url -> hxxp://prudencepennywise.blogspot.com/2008/08/whole-wheat-hamburger-buns.html
InternetURL: C:\Users\Terry\Favorites\Cooking\ratatouille’s ratatouille  smitten kitchen.url -> hxxp://smittenkitchen.com/2007/07/rat-a-too-ee-for-you-ee/
InternetURL: C:\Users\Terry\Favorites\Cooking\Recipes  Gluten Free Recipes.url -> hxxp://glutenfreemommy.com/recipes/
InternetURL: C:\Users\Terry\Favorites\Cooking\The Veggie Table - Vegetarian Recipes and Info.url -> hxxp://www.theveggietable.com/
InternetURL: C:\Users\Terry\Favorites\Cooking\Tips for Cooking Perfect White Rice.url -> hxxp://teriskitchen.com/pasta/rice-a.html
InternetURL: C:\Users\Terry\Favorites\Cooking\Tomato sauce.url -> hxxp://allrecipes.com/Recipe/Very-Special-Spaghetti-Sauce/Detail.aspx
InternetURL: C:\Users\Terry\Favorites\Cooking\Vanilla Cupcakes Recipe With Picture - Joyofbaking.com Tested Recipe.url -> hxxp://www.joyofbaking.com/VanillaCupcakes.html
InternetURL: C:\Users\Terry\Favorites\Cooking\Veggie Burger Recipe - Food.com - 104977.url -> hxxp://www.food.com/recipe/veggie-burger-104977
InternetURL: C:\Users\Terry\Favorites\Cooking\View All Photos  Budget Recipes Feed 4 for $10 - Cooking Light.url -> hxxp://www.cookinglight.com/food/everyday-menus/healthy-budget-recipes-00400000056656/page86.html
InternetURL: C:\Users\Terry\Favorites\Cooking\Wheat-free.org - wheat free recipes, places to eat, suppliers of ingredients.url -> hxxp://www.wheat-free.org/
InternetURL: C:\Users\Terry\Favorites\Cooking\_zenhabits.url -> hxxp://zenhabits.net/
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\Rune Headquarters .. Your unfair Runescape advantage.url -> hxxp://runehq.com/
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\RuneScape - The Number 1 Free Multiplayer Game.url -> hxxp://www.runescape.com/kbase/guid/dungeoneering
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\The RuneScape Wiki - Skills, quests, guides, items, monsters and more.url -> hxxp://runescape.wikia.com/wiki/RuneScape_Wiki
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\Tip.it Runescape Help  Fairy Ring Map  The Original RuneScape help site!.url -> hxxp://tip.it/runescape/?page=fairy_ring_map.htm
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\Welcome - Sal's Realm of RuneScape.url -> hxxp://runescape.salmoneus.net/
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\YouTube - Jad Guide (June 2010) - ranger method.url -> hxxp://www.youtube.com/watch?v=b4y78GGhfCI
InternetURL: C:\Users\Terry\Favorites\Cooking\Runescape\Zybez Runescape Help Your source for Runescape tips since 2001.url -> hxxp://www.zybez.net/
InternetURL: C:\Users\Terry\Favorites\Cooking\Recipes & Food Blogs\Acid - Alkaline Food Charts and Potassium-Rich Foods Chart.url -> hxxp://www.essense-of-life.com/moreinfo/foodcharts.htm
InternetURL: C:\Users\Terry\Favorites\Cooking\Recipes & Food Blogs\Big Chopped Salad with Creamy Bacon Dressing Recipe   Food Network.url -> hxxp://www.foodnetwork.com/recipes/big-chopped-salad-with-creamy-bacon-dressing-recipe/index.html
InternetURL: C:\Users\Terry\Favorites\Cooking\Recipes & Food Blogs\DedeMed - Mediterranean Diet Cooking Video Recipes - Shawarma Sandwich Recipe.url -> hxxp://www.dedemed.com/index.php/Other-Recipes/Shawarma-Sandwich-Recipe.html
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\City of Concord Adult Softball.url -> hxxp://www.ci.concord.ca.us/recreation/sports/softball.htm
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\City of Concord, Community & Recreation Services - TeamSideline.com.url -> hxxp://www.teamsideline.com/org/StandingsResults.aspx?d=0mOzsuqzZyXmPVuIcgyRewvKfjSy3YuXpp9o7P%2ftO%2f%2foYpDii%2bmL8w%3d%3d
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\City of Concord, Parks & Recreation - TeamSideline.com.url -> hxxp://www.teamsideline.com/Org/StandingsResults.aspx?d=0mOzsuqzZyXmPVuIcgyRe7TkpqR%2b%2fnXwNeKXcf9Ov3hruY5s6%2fycdxHoDbql%2bTvf56OajBtDlyg%3d
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\The Official Site of The Oakland Athletics Homepage.url -> hxxp://oakland.athletics.mlb.com/index.jsp?c_id=oak
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Yahoo! Sports Fantasy Basketball - Europe USA We Draft Anyway..url -> hxxp://basketball.fantasysports.yahoo.com/nba/14384
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Youth Basketball Community  Presented by the NCAA & the NBA  iHoops.url -> hxxp://www.ihoops.com/
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\It’s 5 O’Clock Somewhere Softball\City of San Ramon Adult Sports Leagues.url -> hxxp://www.sanramon.ca.gov/Parks/programs/sports/adultleagues.htm
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Golf\Driver\Golf Tips - Swing Extremes Driver Setup.url -> hxxp://www.golftipsmag.com/instruction/driving/quick-tips/swing-extremes-driver-setup.html
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Golf\Driver\Tips for Improving the Follow Through of Your Golf Swing How to Hit a Long Drive in Golf  eHow.com.url -> hxxp://www.ehow.com/video_2359008_tips-follow-through-golf-swing.html?wa%5Fvlsrc=continuous&wa%5Fvrid=2c925bd7%2D6822%2D42bf%2D890e%2D93b576672044&cp=1&pid=1
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Camping\CAOutdoors.com - Campgrounds, California.url -> hxxp://www.caoutdoors.com/Campgrounds-California.htm
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Camping\Eldorado National Forest - Recreational Activities.url -> hxxp://www.fs.fed.us/r5/eldorado/recreation/dev-camp/
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Camping\Tahoe National Forest - Campground Camping.url -> hxxp://www.fs.usda.gov/wps/portal/fsinternet/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDfxMDT8MwRydLA1cj72BTSw8jAwgAykeaxcN4jhYG_h4eYX5hPgYwefy6w0H24dcPNgEHcDTQ9_PIz03VL8iNMMgycVQEAIzTHkw!/dl3/d3/L2dJQSEvUUt3QS9ZQnZ3LzZfME80MEkxVkFCOTBFMktTNTlIMjAwMDAwMDA!/?recid=55444&actid=29&cid=FSE_003705&navid=110130000000000&ss=110517&ttype=activity&navtype=BROWSEBYSUBJECT&pnavid=110000000000000&position=BROWSEBYSUBJECT&pname=Tahoe+National+Forest+-+Campground+Camping
InternetURL: C:\Users\Terry\Favorites\ALL Sports & Recreation\Camping\The Best In Tent Camping Northern California Guide Book.url -> hxxp://www.trails.com/catalog_product.aspx?productfamilyid=10653
InternetURL: C:\Users\Terry\Desktop\HP Printer Diagnostic Tools.url -> hxxp://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e016-1&h_keyword=dg-THD&jumpid=ex_r4155/hho/ipg/ccdoc/trailhead_doc
InternetURL: C:\Users\Terry\Desktop\Old Comp\Snood\Register.url -> hxxp://wordofmousegames.com/shop
InternetURL: C:\Users\Terry\Desktop\Old Comp\Snood\Try Other WOM Games!.url -> hxxp://womgames.com/
InternetURL: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\Shared Documents old HP\ASTROLOG\ASTRLOG2.URL -> hxxp://www.astrolog.org/astrolog.htm
InternetURL: C:\Users\Terry\Desktop\Jenna\J's Scan Disk Flash Drive\Shared Documents old HP\ASTROLOG\ASTROLOG.URL -> hxxp://www.magitech.com/~cruiser1/astrolog.htm
InternetURL: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Auto & Transport- DMV Registration.url -> https://wwws.mint.co...13&exclHidden=T

==================== End of log =============================