Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have a trojan virus. [Solved]


  • This topic is locked This topic is locked

#1
Dohnovan

Dohnovan

    Member

  • Member
  • PipPip
  • 99 posts
Hello, I have recently discovered that my computer was hacked and I don't know what to do at this point.
I have been experiencing things such as a black backround on my desktop programs dissapearing and my firewall being disabled aswell as the computer restarting and putting me on a different profile.
I have some basic info on what could be the cause, a friend of mine looked at a folder I clicked on earlier today and it had really important information on it regarding what's going on with my computer. The information apparently lead my friend to believe I had a trojan virus from a fake Avast/Advanced System Care Program. I also downloaded something earlier today that appeared to start the problem! I also need to mention two other friends said the hacker used Lynxus to do some other stuff on the computer.
I should inform you that I for some reason was switched back to my original profile and givin access to the hackers created profile on my computer which I am not sure what to do with. Please help. Thank you!
 
 
I am posting on the infected computer, and if for some reason I don't respond to the thread feel free to message me at Email ID removed. Thank you again!

Edited by Valinorum, 15 January 2015 - 02:43 AM.
Removed Email ID

  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Dohnovan and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Drivers MD5
Shortcut.txt
Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • FRST.txt
  • Shortcut.txt
  • Addition.txt
     

  • 0

#3
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Jennifer (administrator) on JENNIFER-PC on 15-01-2015 14:26:06
Running from C:\Users\Jennifer\Desktop
Loaded Profiles: Jennifer (Available profiles: Jennifer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-01-13] (NCSOFT Corporation)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Google Update] => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.the...&cc=US&unqvl=74
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupon...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jennifer\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tiancity.com/NxGame -> C:\ProgramData\Tiancity\NGM\npNxGameCN.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @talk.google.com/O1DPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Jennifer\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-14] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5131672 2013-12-01] (INCA Internet Co., Ltd.)
S2 PCloudCleanerService; C:\Windows\SysWOW64\PCloudCleanerService.EXE [93152 2013-10-04] (Panda Security S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U4 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX™)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-02] (Anchorfree Inc.)
S3 WinRing0_1_2_0; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 eamonm; system32\DRIVERS\eamonm.sys [X]
R4 ehdrv; system32\DRIVERS\ehdrv.sys [X]
R4 epfw; system32\DRIVERS\epfw.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 05120427227F6F088ECA75942ED7ACA9
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 9920704BF815A5B42DA5264F013AAEB7
C:\Windows\System32\DRIVERS\atikmpag.sys 0D1055A47A8F5DC1CAA2701831293EBB
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 7DCA2C59491D420947A0B529DB37C7CF
C:\Windows\System32\DRIVERS\amd_sata.sys 033D09CD953C40B4AFBA9DCB1D1DFB8E
C:\Windows\System32\DRIVERS\amd_xata.sys F32F762E54137925E185E5FDA5F73826
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5B25D1A753CC3A3EDB909BB759AC1098
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys E428DFFA96FAD07D8CA3C9082563A225
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EpfwLWF.sys C581DEBB25220862D325BE141F02E989
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\hppdbulkio.sys E325F85012E793CEE74B73C4F22AE311
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 39246F2CFBF1D32C3A12E242661EC039
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ladfGSCamd64.sys 305BB2AC00D46542E0A653AB63F4ABB1
C:\Windows\System32\DRIVERS\ladfGSRamd64.sys 28CDDC7D478A6313F55077416DCBD0DE
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys A092954BE7E2827733D636D5E250F2E2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 7B486E26DCA97766F3617A395690E76A
C:\Windows\system32\drivers\RzDxgk.sys 652F9068C05A7FB83291DF616CDC8A8B
C:\Windows\System32\DRIVERS\rzendpt.sys 41F8F530DEDCF7DB8C567E527658A088
C:\Windows\system32\drivers\RzFilter.sys 2CEDF1DC70CEFB415354180A507104CE
C:\Windows\System32\DRIVERS\rzmpos.sys 8311DF377D878D43A2853F0FCF934E71
C:\Windows\system32\drivers\rzpmgrk.sys F17F84511E7DFDEEAB646F0699A006D7
C:\Windows\system32\drivers\rzpnk.sys FEF60A37301E1F5A3020FA3487FB2CD7
C:\Windows\System32\DRIVERS\rzudd.sys C2A49525F6CEEED97A1D9FC950AAF863
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\taphss6.sys A6AED6B7871EE365174BFB0677A9A681
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\Windows\System32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E
C:\Windows\System32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 14:26 - 2015-01-15 14:26 - 00033943 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2015-01-15 14:24 - 2015-01-15 14:24 - 02125312 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe
2015-01-15 14:22 - 2015-01-15 14:26 - 00000000 ____D () C:\FRST
2015-01-15 14:22 - 2015-01-15 14:22 - 02125312 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2015-01-14 22:53 - 2015-01-14 22:53 - 00000000 ____D () C:\Users\Jennifer\Desktop\New folder
2015-01-14 21:34 - 2015-01-14 21:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-14 16:38 - 2015-01-14 16:38 - 00001584 _____ () C:\Windows\CompatibilityIssues.txt
2015-01-14 15:50 - 2015-01-14 16:40 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-14 15:50 - 2015-01-14 16:40 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-14 13:23 - 2015-01-14 13:23 - 00002378 _____ () C:\Users\mnmojcotiuu\Documents\MumbleAutomaticCertificateBackup.p12
2015-01-14 13:22 - 2015-01-14 13:23 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Mumble
2015-01-14 13:04 - 2015-01-14 13:05 - 00000025 _____ () C:\Users\mnmojcotiuu\Desktop\SKYPE ME.txt
2015-01-14 13:01 - 2015-01-14 13:01 - 00112472 _____ () C:\Users\mnmojcotiuu\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 12:54 - 2015-01-14 12:54 - 00000398 _____ () C:\Users\mnmojcotiuu\Desktop\Read this please! I want you to understand!.txt
2015-01-14 12:43 - 2015-01-14 12:43 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\IObit
2015-01-14 12:43 - 2015-01-14 12:43 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Skype
2015-01-14 12:42 - 2015-01-14 13:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Skype
2015-01-14 12:39 - 2015-01-14 12:39 - 01661128 _____ (ESET) C:\Users\mnmojcotiuu\Downloads\eset_smart_security_live_installer.exe
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\ProductData
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Adobe
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Razer
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Google
2015-01-14 12:32 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu
2015-01-14 12:32 - 2015-01-14 12:32 - 00000020 ___SH () C:\Users\mnmojcotiuu\ntuser.ini
2015-01-14 12:32 - 2015-01-14 12:32 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\VirtualStore
2015-01-14 12:32 - 2013-09-12 09:45 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\TuneUp Software
2015-01-14 12:32 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-14 12:32 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 12:24 - 2015-01-14 12:24 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\ESET
2015-01-14 12:24 - 2015-01-14 12:24 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\ESET
2015-01-14 12:08 - 2015-01-14 12:08 - 01661128 _____ (ESET) C:\Users\Jennifer\Downloads\eset_smart_security_live_installer.exe
2015-01-14 11:57 - 2015-01-14 12:09 - 00000247 _____ () C:\Windows\system32\2015-01-14-18-57-29.098-aswFe.exe-1532.log
2015-01-14 11:57 - 2015-01-14 11:57 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-57-22.010-AvastVBoxSVC.exe-4784.log
2015-01-14 11:45 - 2015-01-14 11:45 - 00000000 ____D () C:\ProgramData\df0432e000002384
2015-01-14 11:23 - 2015-01-14 11:23 - 00511633 _____ () C:\Users\Jennifer\Downloads\Autoruns.zip
2015-01-14 11:23 - 2015-01-14 11:23 - 00000000 ____D () C:\Users\Jennifer\Downloads\Autoruns
2015-01-14 11:08 - 2015-01-14 21:27 - 00002292 _____ () C:\Windows\setupact.log
2015-01-14 11:08 - 2015-01-14 16:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 11:04 - 2015-01-14 21:19 - 00817788 _____ () C:\Windows\PFRO.log
2015-01-14 10:48 - 2015-01-14 10:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-14 10:48 - 2015-01-14 10:48 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-14 10:40 - 2015-01-14 10:41 - 04978536 _____ (AVAST Software) C:\Users\Jennifer\Downloads\avast_premier_antivirus_setup_online.exe
2015-01-14 10:25 - 2015-01-14 13:08 - 00000000 ____D () C:\ProgramData\fhciaaehadeekancjplcmndhgjofifnn
2015-01-14 10:21 - 2015-01-14 10:21 - 69275648 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00344064 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-01-14 10:17 - 2015-01-14 10:17 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\SendSpace
2015-01-14 10:16 - 2015-01-14 10:16 - 00000000 ____D () C:\ProgramData\6432806091339046072
2015-01-14 10:15 - 2015-01-14 13:09 - 00000000 ____D () C:\ProgramData\oknkhljlbonlgiegffbbpibnmjljpnbg
2015-01-14 10:10 - 2015-01-14 10:10 - 05948937 _____ () C:\Users\Jennifer\Downloads\ATMoP.zip
2015-01-13 22:57 - 2015-01-13 22:58 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (12).exe
2015-01-13 22:48 - 2015-01-13 22:48 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (11).exe
2015-01-13 22:43 - 2015-01-13 22:43 - 02460206 _____ () C:\Users\Jennifer\Downloads\GamezAion Files 4.5.0.27.rar
2015-01-13 22:34 - 2015-01-13 22:34 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (3).exe
2015-01-13 22:30 - 2015-01-13 22:30 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (10).exe
2015-01-13 22:28 - 2015-01-13 22:28 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (9).exe
2015-01-13 22:25 - 2015-01-13 22:25 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (8).exe
2015-01-13 22:21 - 2015-01-13 22:21 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (2).exe
2015-01-13 22:17 - 2015-01-13 22:17 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (7).exe
2015-01-13 22:10 - 2015-01-13 22:11 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (6).exe
2015-01-13 22:09 - 2015-01-13 22:09 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (5).exe
2015-01-13 22:07 - 2015-01-13 22:07 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (4).exe
2015-01-13 22:02 - 2015-01-13 22:02 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (3).exe
2015-01-13 21:51 - 2015-01-13 21:51 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (2).exe
2015-01-13 21:48 - 2015-01-13 21:48 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (1).exe
2015-01-13 21:47 - 2015-01-13 21:47 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer.exe
2015-01-13 21:46 - 2015-01-13 21:46 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (1).exe
2015-01-13 12:15 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:15 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:15 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:15 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:15 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:15 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:15 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:15 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:15 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:15 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:15 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:15 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:15 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 22:31 - 2015-01-09 22:31 - 00001990 _____ () C:\Users\Public\Desktop\TERA Launcher.lnk
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2015-01-09 22:30 - 2015-01-09 22:42 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\TERA
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Users\Public\Games
2015-01-09 22:24 - 2015-01-09 22:24 - 28742344 _____ (En Masse Entertainment) C:\Users\Jennifer\Downloads\TERA-Minimal-Setup.exe
2015-01-09 14:55 - 2015-01-12 15:46 - 00000000 ____D () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install)
2015-01-09 14:55 - 2015-01-09 14:55 - 00185687 _____ () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install) (1).torrent
2015-01-09 14:54 - 2015-01-09 14:54 - 00185687 _____ () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install).torrent
2015-01-09 14:49 - 2015-01-09 14:50 - 20359976 _____ () C:\Users\Jennifer\Downloads\WoW434S.rar
2015-01-08 17:32 - 2015-01-08 17:32 - 00000000 ____D () C:\ProgramData\3528706942
2015-01-07 22:41 - 2015-01-07 22:49 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Arcadia PVE Runes of Magic.lnk
2015-01-07 22:41 - 2015-01-07 22:49 - 00002133 _____ () C:\Users\Public\Desktop\Arcadia PVE Runes of Magic.lnk
2015-01-07 22:36 - 2015-01-07 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcadia PVE Runes of Magic
2015-01-07 22:36 - 2015-01-07 22:36 - 00000000 ____D () C:\Program Files (x86)\Arcadia PVE Runes of Magic
2015-01-07 22:29 - 2015-01-07 22:29 - 00000000 ____D () C:\Users\Jennifer\Documents\Optimizer Pro
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-07 22:24 - 2015-01-07 22:23 - 01941064 _____ () C:\Users\Jennifer\Downloads\winrar520.exe
2015-01-07 22:13 - 2015-01-07 22:18 - 3393974537 _____ () C:\Users\Jennifer\Downloads\ArcadiaPVE6.2.rar
2015-01-07 21:21 - 2015-01-07 21:21 - 00029025 _____ () C:\Users\Jennifer\Downloads\arcadiarom_[Isohunt.to].torrent
2015-01-05 19:47 - 2015-01-05 19:47 - 00001034 _____ () C:\Users\Public\Desktop\ROM PVP.lnk
2015-01-05 19:47 - 2015-01-05 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROM PVP
2015-01-05 19:28 - 2015-01-07 16:03 - 00000000 ____D () C:\Program Files (x86)\ROM PVP
2015-01-05 18:14 - 2015-01-05 19:24 - 00000000 ____D () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup
2015-01-05 17:42 - 2015-01-05 18:06 - 895606659 ____R () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup.zip
2015-01-05 17:41 - 2015-01-05 17:41 - 00091156 _____ () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup.torrent
2015-01-04 20:39 - 2015-01-04 20:39 - 00000023 _____ () C:\Users\Jennifer\Downloads\_settings.ini
2015-01-04 19:31 - 2015-01-04 20:37 - 00000000 ____D () C:\Users\Jennifer\Downloads\_update_status
2015-01-04 19:30 - 2015-01-04 19:30 - 04802048 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyLauncher.exe
2015-01-04 18:58 - 2015-01-04 18:58 - 01009444 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyDownloader (1).exe
2015-01-04 18:56 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey Dynasty
2015-01-04 18:56 - 2015-01-04 18:56 - 01009444 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyDownloader.exe
2015-01-04 18:39 - 2015-01-04 18:39 - 00145196 _____ () C:\Users\Jennifer\Downloads\MonkeyDynasty_Client (1).torrent
2015-01-04 18:28 - 2015-01-04 18:28 - 00145196 _____ () C:\Users\Jennifer\Downloads\MonkeyDynasty_Client.torrent
2015-01-02 10:02 - 2015-01-02 10:02 - 00000014 _____ () C:\Users\Jennifer\uid.dat
2015-01-02 10:01 - 2015-01-03 09:15 - 00000000 ____D () C:\Users\Jennifer\.ultimatescape
2015-01-02 09:56 - 2015-01-02 09:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 09:56 - 2015-01-02 09:56 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 09:55 - 2015-01-02 09:56 - 00638888 _____ (Oracle Corporation) C:\Users\Jennifer\Downloads\chromeinstall-8u25.exe
2014-12-28 16:34 - 2014-12-28 16:34 - 00035215 _____ () C:\Users\Jennifer\Downloads\Tera_Installer.torrent
2014-12-28 14:07 - 2014-12-28 14:07 - 00000000 ____D () C:\Program Files\File Association Helper
2014-12-28 13:56 - 2014-12-28 13:56 - 05948937 _____ () C:\Users\Jennifer\Downloads\ATMoP (1).zip
2014-12-28 05:07 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-28 05:06 - 2014-12-28 05:07 - 20192000 _____ (Gameforge ) C:\Users\Jennifer\Downloads\RunesOfMagic_GameforgeLiveSetup_EN.exe
2014-12-25 17:43 - 2014-12-25 17:43 - 00002406 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-12-25 17:43 - 2014-12-25 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2014-12-25 17:43 - 2014-12-25 17:43 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
2014-12-25 17:41 - 2014-12-25 17:41 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\Jennifer\Downloads\ffxivsetup_ft.exe
2014-12-23 21:45 - 2014-12-23 21:45 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-23 21:42 - 2014-12-23 21:43 - 10603200 _____ (IObit ) C:\Users\Jennifer\Downloads\driver_booster_setup.exe
2014-12-23 21:26 - 2014-12-23 21:26 - 05040384 ____N (AVAST Software) C:\Users\Jennifer\Desktop\avastclear.exe
2014-12-23 07:44 - 2014-12-23 07:44 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\ZMR
2014-12-19 00:04 - 2014-12-19 00:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-19 00:04 - 2014-12-19 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-19 00:04 - 2014-12-19 00:04 - 00000000 ____D () C:\Program Files\Java
2014-12-19 00:02 - 2014-12-19 00:03 - 92658088 _____ (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-8u25-windows-x64.exe
2014-12-18 23:31 - 2014-12-18 23:31 - 00001072 _____ () C:\Users\Jennifer\AppData\Local\Local - Shortcut.lnk
2014-12-18 23:16 - 2014-12-18 23:16 - 00000000 ____D () C:\ArcheAge0
2014-12-18 20:54 - 2015-01-10 18:11 - 00000000 ____D () C:\Users\Jennifer\Documents\ArcheAge
2014-12-18 17:44 - 2014-12-18 17:44 - 00002966 _____ () C:\Windows\System32\Tasks\{422FF63E-5445-4D5F-9683-7F403EF71BE4}
2014-12-18 10:53 - 2014-12-18 10:53 - 00002966 _____ () C:\Windows\System32\Tasks\{A7D6ED4C-9E53-41AC-A275-396D94C3DF37}
2014-12-18 10:52 - 2014-12-18 10:52 - 00002966 _____ () C:\Windows\System32\Tasks\{DF76B1F9-3101-4848-B770-C5A449D86117}
2014-12-18 03:55 - 2014-12-18 11:25 - 00000000 ____D () C:\Program Files (x86)\Diablo III Public Test
2014-12-18 03:55 - 2014-12-18 03:55 - 00001310 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-12-18 03:55 - 2014-12-18 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-12-18 03:48 - 2014-12-18 03:49 - 44119760 _____ (IObit ) C:\Users\Jennifer\Downloads\advanced-systemcare-setup.exe
2014-12-18 02:59 - 2014-11-17 14:37 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-12-18 02:58 - 2014-10-31 16:27 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-18 02:26 - 2014-12-18 02:26 - 31708272 _____ (Trion Worlds Inc.) C:\Users\Jennifer\Downloads\GlyphInstall.exe
2014-12-17 23:54 - 2014-12-17 23:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Jennifer\Downloads\dxwebsetup.exe
2014-12-17 22:21 - 2014-12-17 22:21 - 00002966 _____ () C:\Windows\System32\Tasks\{F880F727-B8E2-40D3-9D6A-EE19EB46DD19}
2014-12-17 22:20 - 2014-12-17 22:20 - 00002966 _____ () C:\Windows\System32\Tasks\{D1216D47-624B-44C3-801F-547FC9494A31}
2014-12-17 22:19 - 2014-12-17 22:19 - 00002966 _____ () C:\Windows\System32\Tasks\{BD50D5B9-3F95-459C-80F7-B9617ABB36C3}
2014-12-17 22:18 - 2014-12-17 22:18 - 00002966 _____ () C:\Windows\System32\Tasks\{5191FA3E-3FFE-439C-B697-E457C01E90C0}
2014-12-17 20:07 - 2014-12-17 20:07 - 00002966 _____ () C:\Windows\System32\Tasks\{9BBCC007-61D2-4A85-A23C-4695B17A9D6E}
2014-12-17 20:06 - 2014-12-17 20:06 - 00002966 _____ () C:\Windows\System32\Tasks\{EC591D39-E54C-48F9-ADDD-1A302B8AE815}
2014-12-17 20:06 - 2014-12-17 20:06 - 00002966 _____ () C:\Windows\System32\Tasks\{6A2C7DE8-D2DF-4AB8-AECA-A0099B0648A8}
2014-12-17 19:34 - 2014-12-17 19:34 - 00880784 _____ (Google Inc.) C:\Users\Jennifer\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-12-17 19:33 - 2015-01-15 13:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA.job
2014-12-17 19:33 - 2015-01-13 19:38 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core.job
2014-12-17 19:33 - 2014-12-17 19:33 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA
2014-12-17 19:33 - 2014-12-17 19:33 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core
2014-12-17 19:33 - 2014-12-17 19:33 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla
2014-12-17 19:32 - 2014-12-17 19:32 - 00880784 _____ (Google Inc.) C:\Users\Jennifer\Downloads\GoogleVoiceAndVideoSetup.exe
2014-12-17 16:12 - 2014-12-17 16:12 - 00003172 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-12-17 16:12 - 2014-12-17 16:12 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-12-17 16:12 - 2014-12-17 16:12 - 00001174 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-12-17 16:12 - 2014-12-17 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-12-17 16:12 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-12-17 16:12 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-12-17 16:12 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2014-12-17 15:55 - 2014-12-17 15:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-17 15:55 - 2014-12-17 15:55 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-17 14:53 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:53 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 14:22 - 2013-08-10 14:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 14:19 - 2013-07-29 08:48 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Skype
2015-01-15 13:06 - 2013-07-29 00:56 - 01444642 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 03:22 - 2013-08-10 14:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 21:43 - 2014-12-14 21:29 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Jennifer)
2015-01-14 21:32 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 21:32 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 21:25 - 2013-10-15 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-14 21:24 - 2013-07-29 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 21:23 - 2014-01-28 19:05 - 00000194 _____ () C:\Windows\SysWOW64\PCloudCleanerService.log
2015-01-14 21:23 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 16:33 - 2013-11-18 14:42 - 00000000 ____D () C:\Program Files (x86)\NCsoft
2015-01-14 16:33 - 2013-07-29 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 16:32 - 2013-07-29 00:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 16:30 - 2013-08-16 09:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\uTorrent
2015-01-14 12:42 - 2014-09-20 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-14 12:42 - 2014-03-24 01:46 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-14 12:42 - 2013-07-29 08:48 - 00000000 ____D () C:\ProgramData\Skype
2015-01-14 12:33 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-14 11:04 - 2014-10-22 21:11 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-14 10:46 - 2014-08-12 17:30 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mumble
2015-01-14 10:26 - 2013-11-18 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion
2015-01-14 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2013-07-29 07:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 00:41 - 2014-12-14 00:11 - 00001408 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Options.ini
2015-01-13 23:57 - 2014-12-14 00:11 - 00000299 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Login.ini
2015-01-13 23:57 - 2014-12-14 00:05 - 00000000 ____D () C:\Breaking Point
2015-01-13 22:49 - 2013-11-18 14:49 - 00000000 ____D () C:\Program Files (x86)\NCWest
2015-01-13 22:18 - 2013-11-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-01-13 21:53 - 2014-04-10 09:16 - 00000000 ____D () C:\Users\Jennifer\Downloads\Gameforge Live
2015-01-11 00:12 - 2014-10-25 22:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-11 00:04 - 2014-12-14 21:28 - 00002148 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-10 23:51 - 2014-10-22 21:12 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-10 23:01 - 2014-09-06 19:23 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-01-10 19:44 - 2013-10-15 19:39 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-10 12:24 - 2013-09-11 19:29 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\TS3Client
2015-01-09 01:04 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 14:56 - 2014-04-10 11:49 - 00000858 _____ () C:\Windows\client.config.ini
2015-01-06 04:36 - 2013-07-29 00:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 22:53 - 2014-04-10 11:26 - 00000000 ___HD () C:\Users\Jennifer\Documents\Runes of Magic
2015-01-05 19:38 - 2014-11-24 21:51 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Arma 3
2015-01-02 10:02 - 2013-07-29 00:03 - 00000000 ____D () C:\Users\Jennifer
2014-12-31 14:28 - 2014-02-10 12:46 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Battle.net
2014-12-28 14:03 - 2013-12-20 12:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-25 17:42 - 2013-12-17 19:13 - 00000000 ____D () C:\Users\Jennifer\Documents\My Games
2014-12-24 03:46 - 2014-10-22 21:11 - 00000000 ____D () C:\ProgramData\IObit
2014-12-24 03:46 - 2014-10-22 21:08 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\IObit
2014-12-23 21:45 - 2014-12-14 21:29 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-12-23 21:45 - 2014-12-14 21:29 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-23 21:45 - 2014-12-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-23 19:27 - 2013-08-24 19:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-23 19:27 - 2013-08-24 19:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-21 19:41 - 2013-07-29 08:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 00:04 - 2013-10-28 08:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-18 23:46 - 2014-09-06 19:23 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Glyph
2014-12-18 21:17 - 2014-09-06 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-18 13:28 - 2013-12-17 18:30 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-18 13:28 - 2013-12-17 18:29 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-18 13:23 - 2014-10-20 02:18 - 00000000 ____D () C:\Users\Public\entropia universe
2014-12-18 13:21 - 2014-03-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-12-18 11:26 - 2014-03-22 00:39 - 00000000 ____D () C:\Users\Jennifer\Documents\Diablo III
2014-12-18 03:48 - 2014-03-21 23:59 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-12-18 03:46 - 2013-08-21 17:37 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-12-18 03:40 - 2014-08-29 21:47 - 00000000 ____D () C:\ProgramData\Origin
2014-12-18 03:40 - 2014-08-29 21:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-18 03:08 - 2013-07-29 20:49 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Razer
2014-12-18 03:07 - 2014-05-03 23:01 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Spotify
2014-12-18 03:06 - 2014-05-03 23:01 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Spotify
2014-12-18 03:05 - 2013-07-29 09:29 - 00112472 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 03:03 - 2009-07-13 21:45 - 00421552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-18 02:59 - 2013-07-29 20:48 - 00000000 ____D () C:\ProgramData\Razer
2014-12-18 02:59 - 2013-07-29 20:48 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-18 00:58 - 2014-02-10 12:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-17 19:33 - 2013-08-10 14:16 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Google
2014-12-17 15:55 - 2014-10-22 21:12 - 00001232 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-12-16 20:49 - 2013-10-28 08:24 - 00000024 _____ () C:\Users\Jennifer\random.dat
2014-12-16 20:22 - 2013-10-28 08:24 - 00000047 _____ () C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat
 
Files to move or delete:
====================
C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat
C:\Users\Jennifer\jagex_cl_runescape_LIVE1.dat
C:\Users\Jennifer\random.dat
C:\Users\Jennifer\uid.dat
 
 
Some content of TEMP:
====================
C:\Users\Jennifer\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 02:01
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Jennifer at 2015-01-15 14:27:09
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
A3Launcher version 0.0.0.3 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.3 - Maca134)
Arcadia PVE Runes of Magic (HKLM-x32\...\{7C127C52-F186-459B-A4AF-36A0D547BB91}) (Version: 6.2 - Star Interactive Australia)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Archeage PTS (HKLM-x32\...\Glyph Archeage PTS) (Version:  - Trion Worlds, Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ATI Catalyst Install Manager (HKLM\...\{D9B8D7C4-BE13-5877-6999-B076956AA3F9}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.10) (Version: 5.0.0.10 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6785 - NVIDIA Corporation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
ROM PVP version 6.0.2.2662.en (HKLM-x32\...\{CEFAC901-2296-485A-92CD-DE7BA7E4C27A}_is1) (Version: 6.0.2.2662.en - ROMPVP, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Spotify (HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vindictus (HKLM-x32\...\Steam App 212160) (Version:  - Nexon)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
14-01-2015 03:00:12 Windows Update
14-01-2015 10:41:46 avast! antivirus system restore point
14-01-2015 10:45:28 Device Driver Package Install: Avast Network Service
14-01-2015 16:30:43 Removed Adobe Reader XI (11.0.10).
14-01-2015 16:33:39 Removed Aion
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A22E98E-07D5-468D-BA79-BC386F274091} - System32\Tasks\{422FF63E-5445-4D5F-9683-7F403EF71BE4} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {12CFCABC-7D2D-46E6-B551-55F7B11E06D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {226D0725-8398-40E0-8874-A8F77E2351DD} - System32\Tasks\{A7D6ED4C-9E53-41AC-A275-396D94C3DF37} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {2388753E-A1DC-4143-9F2A-4368C36498D5} - System32\Tasks\{D1216D47-624B-44C3-801F-547FC9494A31} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {5BBD6020-AB37-482B-A303-42DC85C40835} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {5F04544C-6B63-4766-B95B-1C0F2515BCA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {8314096D-4A38-4D20-B18B-133DCB315261} - System32\Tasks\{DF76B1F9-3101-4848-B770-C5A449D86117} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {84560551-244B-426E-A654-6E49192BB88D} - System32\Tasks\Uninstaller_SkipUac_Jennifer => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {980309FC-3CD5-41A0-8789-769E042FC239} - System32\Tasks\{EC591D39-E54C-48F9-ADDD-1A302B8AE815} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A14927BE-15E3-49CF-BA93-1535742C73AE} - System32\Tasks\{BD50D5B9-3F95-459C-80F7-B9617ABB36C3} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A2B3090B-D3FF-4566-8AEF-78472E625D6C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {A2BEA4EC-C586-404F-837D-8FC03ECFF26A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {A4D9279C-7907-4271-B462-DB780212D1BA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {A6D9AD91-F755-4F0F-83BB-562D55EF25E1} - System32\Tasks\{9BBCC007-61D2-4A85-A23C-4695B17A9D6E} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {AFD6DCC1-2779-489A-8930-A5B81E7CE4B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {B077AAC1-E802-4E2F-A310-CEF1C2536EA9} - System32\Tasks\{6A2C7DE8-D2DF-4AB8-AECA-A0099B0648A8} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {BAA2BFA6-7E11-4474-9199-8F10C6FE67C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {C1310865-CAB2-458C-8A64-03CADE054747} - System32\Tasks\{5191FA3E-3FFE-439C-B697-E457C01E90C0} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {E01E781A-2D87-40D2-AB28-3C9E32CFAF3C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {E4785D56-A9BD-489F-A7E3-D27CCA049031} - System32\Tasks\Driver Booster SkipUAC (Jennifer) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-12-17] (IObit)
Task: {EA2C5EBE-EBB8-45D5-A37C-1A2AD9504403} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {F0970072-3090-41F7-A738-FC27498EE9B7} - System32\Tasks\{F880F727-B8E2-40D3-9D6A-EE19EB46DD19} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-04 01:36 - 2012-07-04 01:36 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2011-06-29 23:25 - 2011-06-29 23:25 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-17 15:55 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-12-17 15:55 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-12-17 15:55 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-12-11 15:26 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 15:26 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 15:26 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 15:26 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\startupreg: Spotify => "C:\Users\Jennifer\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jennifer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Jennifer\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3796663202-1426937064-2068174289-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3796663202-1426937064-2068174289-1005 - Limited - Enabled)
Guest (S-1-5-21-3796663202-1426937064-2068174289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3796663202-1426937064-2068174289-1007 - Limited - Enabled)
Jennifer (S-1-5-21-3796663202-1426937064-2068174289-1000 - Administrator - Enabled) => C:\Users\Jennifer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2015 09:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000005120fd8
Faulting process id: 0x6cc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/14/2015 09:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x4ff3d643
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x710
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3
 
Error: (01/14/2015 09:21:41 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failed, we will have to recover the machine and reboot failed w/err 0x00000003
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCheckRzFilterLoad failed w/err 0x00000002
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCreateFile failed w/err 0x00000002
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCheckRzFilterLoad failed w/err 0x00000002
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCreateFile failed w/err 0x00000002
 
Error: (01/14/2015 09:21:24 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
 
System errors:
=============
Error: (01/14/2015 09:24:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (01/14/2015 09:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
Error: (01/14/2015 09:24:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (01/14/2015 09:22:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/14/2015 09:22:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/14/2015 09:21:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (01/14/2015 09:21:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
Error: (01/14/2015 09:21:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (01/14/2015 04:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/14/2015 04:41:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
Error: (01/14/2015 09:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000005120fd86cc01d0307b12003d76C:\Windows\Explorer.EXEunknown5057afb3-9c6f-11e4-b628-f80f41485b7e
 
Error: (01/14/2015 09:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.04ff3d643Device.dll4.1.0.04f55e10bc000000500000000000033c171001d0307a926cb1fbC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll27ea17c3-9c6e-11e4-9f15-f80f41485b7e
 
Error: (01/14/2015 09:21:41 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failed, we will have to recover the machine and reboot failed w/err 0x00000003
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCheckRzFilterLoad failed w/err 0x00000002
 
Error: (01/14/2015 09:21:36 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCreateFile failed w/err 0x00000002
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCheckRzFilterLoad failed w/err 0x00000002
 
Error: (01/14/2015 09:21:29 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonCreateFile failed w/err 0x00000002
 
Error: (01/14/2015 09:21:24 PM) (Source: RzOvlMon) (EventID: 0) (User: )
Description: RzOvlMonChecking failure, wait for 5sec for the next try failed w/err 0x00000003
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-3820 APU with Radeon™ HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 7636.71 MB
Available physical RAM: 4588.16 MB
Total Pagefile: 15271.6 MB
Available Pagefile: 12316.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.79 GB) (Free:1314.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: DA15B420)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Users shortcut scan result (x64) Version: 15-01-2015 01
Ran by Jennifer at 2015-01-15 14:27:31
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Arcadia PVE Runes of Magic.lnk -> C:\Program Files (x86)\Arcadia PVE Runes of Magic\Arcadia PVE\Client.exe (Runewaker)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV - A Realm Reborn.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV System Information.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivsysinfo.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk -> C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Uninstall Smart Defrag 3.lnk -> C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROM PVP\ROM PVP.lnk -> C:\Program Files (x86)\ROM PVP\Runes of Magic.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall\RaidCall.lnk -> C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall\Uninstall RaidCall.lnk -> C:\Program Files (x86)\RaidCall\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest\NCLauncher\Uninstall - NCLauncher.lnk -> C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe (NCSOFT Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble\Mumble.lnk -> C:\Program Files (x86)\Mumble\mumble.exe (Thorvald Natvig)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\help.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe (IObit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Glyph.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Uninstall Glyph.lnk -> C:\Program Files (x86)\Glyph\GlyphUninstall.exe (Trion Worlds Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Runes of Magic on the Web.lnk -> C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Runes Of Magic\Runes of Magic.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Runes of Magic.lnk -> C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA-Minimal-Installer\En Masse Diagnostic Tool.lnk -> C:\Users\Public\Games\En Masse Entertainment\TERA\EMEDiag.exe (En Masse Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA-Minimal-Installer\TERA Launcher.lnk -> C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe (En Masse Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Driver Booster 2.lnk -> C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Uninstall Driver Booster 2.lnk -> C:\Program Files (x86)\IObit\Driver Booster\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test\Diablo III Public Test.lnk -> C:\Program Files (x86)\Diablo III Public Test\Diablo III Public Test Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> C:\Program Files (x86)\Diablo III\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk -> C:\Program Files (x86)\Coupons\CouponsDotCom.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcadia PVE Runes of Magic\Arcadia PVE Runes of Magic.lnk -> C:\Program Files (x86)\Arcadia PVE Runes of Magic\Arcadia PVE\Client.exe (Runewaker)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher\A3Launcher.lnk -> C:\Program Files (x86)\A3Launcher\A3Launcher.exe (Maca134)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\Links\Desktop.lnk -> C:\Users\Jennifer\Desktop ()
Shortcut: C:\Users\Jennifer\Links\Downloads.lnk -> C:\Users\Jennifer\Downloads ()
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk -> C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Jennifer\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo\Ventrilo.lnk -> C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Arcadia PVE Runes of Magic.lnk -> C:\Program Files (x86)\Arcadia PVE Runes of Magic\Arcadia PVE\Client.exe (Runewaker)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk -> C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\RaidCall.lnk -> C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe (IObit)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7a5afdf4c340002b\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft Public Test\World of Warcraft Public Test Launcher.exe (No File)
Shortcut: C:\Users\Jennifer\AppData\Local\Local - Shortcut.lnk -> C:\Users\Jennifer\AppData\Local ()
Shortcut: C:\Users\Jennifer\AppData\Local\Microsoft\Windows\GameExplorer\{2B40B4E2-1199-41B7-9EB7-2A6F4DA1C3BC}\PlayTasks\0\Play.lnk -> C:\Users\Jennifer\Downloads\World of Warcraft Classic\Setup1\WoW.exe (Blizzard Entertainment)
Shortcut: C:\Users\mnmojcotiuu\Links\Desktop.lnk -> C:\Users\Jennifer\Desktop ()
Shortcut: C:\Users\mnmojcotiuu\Links\Downloads.lnk -> C:\Users\Jennifer\Downloads ()
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\A3Launcher.lnk -> C:\Program Files (x86)\A3Launcher\A3Launcher.exe (Maca134)
Shortcut: C:\Users\Public\Desktop\Arcadia PVE Runes of Magic.lnk -> C:\Program Files (x86)\Arcadia PVE Runes of Magic\Arcadia PVE\Client.exe (Runewaker)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo III Public Test.lnk -> C:\Program Files (x86)\Diablo III Public Test\Diablo III Public Test Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Driver Booster 2.lnk -> C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit)
Shortcut: C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Public\Desktop\IObit Uninstaller.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe (IObit)
Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\Public\Desktop\ROM PVP.lnk -> C:\Program Files (x86)\ROM PVP\Runes of Magic.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Smart Defrag 3.lnk -> C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\Stereoscopic 3D Viewer.lnk -> C:\Windows\SysWOW64\NVSTView.exe (No File)
Shortcut: C:\Users\Public\Desktop\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\TERA Launcher.lnk -> C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe (En Masse Entertainment)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -n
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -f
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse 2.0\Razer Synapse 2.0.lnk -> C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) -> -launch
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe () -> uninstall_start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --process-per-tab --enable-sync 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Archeage Beta.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 122
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Archeage PTS.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 120
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Archeage.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 120
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk -> C:\Program Files (x86)\Coupons\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print Savings\Uninstall Catalina Savings Printer.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --process-per-tab --enable-sync 
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --process-per-tab --enable-sync 
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --process-per-tab --enable-sync 
ShortcutWithArgument: C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --process-per-tab --enable-sync 
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org\Open Codecs\Website.url -> hxxp://xiph.org/dshow/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag Home Page.url -> hxxp://www.iobit.com/iobitsmartdefrag.html
InternetURL: C:\Users\Jennifer\Favorites\.. Atomix Blade & Soul ...url -> hxxp://bns.atomixro.com/?page=download
InternetURL: C:\Users\Jennifer\Favorites\Addiction WoW  The Burning Crusade 2.4.3.url -> hxxp://wow-addiction.com/
InternetURL: C:\Users\Jennifer\Favorites\Afroman Colt 45 lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=kvOpEDDW51o
InternetURL: C:\Users\Jennifer\Favorites\Air Gear Episode 21 - AniLinkz.url -> hxxp://anilinkz.com/air-gear-episode-21
InternetURL: C:\Users\Jennifer\Favorites\Arena-Tournament • View topic - imorph and how to use it (4.3.4).url -> hxxp://arena-tournament.com/forum/viewtopic.php?f=10&t=8217
InternetURL: C:\Users\Jennifer\Favorites\Aura Kingdom - Free Anime MMORPG at Aeria Games.url -> hxxp://aurakingdom.aeriagames.com/
InternetURL: C:\Users\Jennifer\Favorites\Bleach AMV - The Demon is a Part of Me - YouTube.url -> hxxp://www.youtube.com/watch?v=MBnN-8Hehk4
InternetURL: C:\Users\Jennifer\Favorites\Bosses.url -> hxxp://www.forum.stormgn.net/index.php?topic=94.msg137#msg137
InternetURL: C:\Users\Jennifer\Favorites\c9 Beginner money making tips..url -> hxxp://gameslacker.blogspot.com/2012/09/beginner-money-making-tips.html
InternetURL: C:\Users\Jennifer\Favorites\Crafting - PWpedia.url -> hxxp://pwi-wiki.perfectworld.com/index.php/Crafting#See_Also
InternetURL: C:\Users\Jennifer\Favorites\Download IObit Freeware.url -> hxxp://www.iobit.com/
InternetURL: C:\Users\Jennifer\Favorites\Dragons Prophet - Home.url -> https://www.dragonsp...hegame.com/home
InternetURL: C:\Users\Jennifer\Favorites\Enchant weapon - Crusader, farming. - Forums - World of Warcraft.url -> hxxp://eu.battle.net/wow/en/forum/topic/3888481171
InternetURL: C:\Users\Jennifer\Favorites\EverQuest - Home.url -> https://www.everquest.com/home
InternetURL: C:\Users\Jennifer\Favorites\Forsaken World - The Ultimate Free to Play MMORPG.url -> hxxp://fw.perfectworld.com/download
InternetURL: C:\Users\Jennifer\Favorites\Free server World of Warcraft Mists of Pandaria.url -> hxxp://pandawow.ru/en/index.html
InternetURL: C:\Users\Jennifer\Favorites\Frost mage Arena MOP 5.4 rating 2k+ - YouTube.url -> hxxp://www.youtube.com/watch?v=F8BXgS7t_no
InternetURL: C:\Users\Jennifer\Favorites\Funcom - Registration and Subscription.url -> https://register.the...l/tsw/dohnovan1
InternetURL: C:\Users\Jennifer\Favorites\Gear Optimizer - Ask Mr. Robot - World of Warcraft.url -> hxxp://www.askmrrobot.com/wow/gear
InternetURL: C:\Users\Jennifer\Favorites\How to connect - Aeon-WoW  Unique Custom Level 80 Server.url -> hxxp://aeon-wow.com/page/connect
InternetURL: C:\Users\Jennifer\Favorites\How to connect - RiseWow TBC Private Server.url -> hxxp://risewow.com/page/connect
InternetURL: C:\Users\Jennifer\Favorites\http--adversewow.com-.url -> hxxp://adversewow.com/
InternetURL: C:\Users\Jennifer\Favorites\http--play.typeracer.com-.url -> hxxp://play.typeracer.com/
InternetURL: C:\Users\Jennifer\Favorites\http--vindictus.nexon.net-Community-.url -> hxxp://vindictus.nexon.net/Community/
InternetURL: C:\Users\Jennifer\Favorites\http--www.logitech.com-en-us-support-wireless-gaming-headset-g930section=downloads&osid=14&bit=64.url -> hxxp://www.logitech.com/en-us/support/wireless-gaming-headset-g930?section=downloads&osid=14&bit=64
InternetURL: C:\Users\Jennifer\Favorites\Inari, Konkon, Koi Iroha. Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/inari-konkon-koi-iroha-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Kagerou Days 4 v01 - Read Kagerou Days 4 Online - Page 20.url -> hxxp://mangafox.me/manga/kagerou_days/v01/c004/20.html
InternetURL: C:\Users\Jennifer\Favorites\League of Legends.url -> hxxp://na.leagueoflegends.com/
InternetURL: C:\Users\Jennifer\Favorites\LostArmy WoW.url -> hxxp://www.lostarmy-wow.com/
InternetURL: C:\Users\Jennifer\Favorites\Mahou Shoujo Madoka Magica Episode 3 - AniLinkz.url -> hxxp://anilinkz.com/mahou-shoujo-madoka-magica-episode-3
InternetURL: C:\Users\Jennifer\Favorites\Maken-Ki! Two Episode Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/maken-ki-two-episode-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Molten  Official Website.url -> https://www.molten-wow.com/
InternetURL: C:\Users\Jennifer\Favorites\Monkey Dynasty » Free Jade Dynasty Private Server.url -> hxxp://monkeydynasty.org/
InternetURL: C:\Users\Jennifer\Favorites\Nightcore - Lithium HD + Lyrics [DL] - YouTube.url -> hxxp://www.youtube.com/watch?v=SmQa2nx9xSI
InternetURL: C:\Users\Jennifer\Favorites\Nightcore - tattoo - YouTube.url -> hxxp://www.youtube.com/watch?v=7VdG4GU6Itg
InternetURL: C:\Users\Jennifer\Favorites\Nightcore - Under The Moon Light - YouTube.url -> hxxp://www.youtube.com/watch?v=PQ86pvzI7hU
InternetURL: C:\Users\Jennifer\Favorites\Nisekoi Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/nisekoi-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Nobunaga the Fool Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/nobunaga-the-fool-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Noragami Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/noragami-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Oblivion WoW 3.3.5 Private 255 FUN Server.url -> hxxp://www.oblivion-wow.com/store
InternetURL: C:\Users\Jennifer\Favorites\Official En Masse Entertainment Forums.url -> hxxp://tera-forums.enmasse.com/forums/general-discussion/topics/Best-places-to-farm-gathering-skills-possibly-a-future-guide
InternetURL: C:\Users\Jennifer\Favorites\Official Rush Team Free FPS Multiplayer Website.url -> hxxp://www.asr-games.net/
InternetURL: C:\Users\Jennifer\Favorites\Perfect World International - Free MMORPG  Play Free Online Video Games.url -> hxxp://pwi.perfectworld.com/download
InternetURL: C:\Users\Jennifer\Favorites\Perfect World Mine Database - Wood.url -> hxxp://www.pwdatabase.com/pwi/mine_type/2861
InternetURL: C:\Users\Jennifer\Favorites\Perfect World Syndicate.url -> hxxp://www.pwsyndicate.com/index.php
InternetURL: C:\Users\Jennifer\Favorites\Phi Brain Kami no Puzzle 2 Episode 9 (Ep 34) - AniLinkz.url -> hxxp://anilinkz.com/phi-brain-kami-no-puzzle-2-episode-9-ep-34
InternetURL: C:\Users\Jennifer\Favorites\Private Server Database - Open WoW.url -> hxxp://www.openwow.com/
InternetURL: C:\Users\Jennifer\Favorites\Psycho-Pass Episode 15 - AniLinkz.url -> hxxp://anilinkz.com/psycho-pass-episode-15
InternetURL: C:\Users\Jennifer\Favorites\Quiz Navigator  Multiplication.com.url -> hxxp://www.multiplication.com/learn/quiz-navigator
InternetURL: C:\Users\Jennifer\Favorites\Ranking the top Anime sites - Watch streaming Anime online - Anime Toplist.url -> hxxp://animetoplist.org/
InternetURL: C:\Users\Jennifer\Favorites\Savage Garden - Truly Madly Deeply with Lyrics !! - YouTube.url -> hxxp://www.youtube.com/watch?v=US-ZgUr3xQY
InternetURL: C:\Users\Jennifer\Favorites\Skype sign in - Sign in to your Skype account.url -> https://login.skype....sage=logged_out
InternetURL: C:\Users\Jennifer\Favorites\Smolderforge  2.4.3 Private Server.url -> hxxp://www.smolderforge.com/site/home/downloads
InternetURL: C:\Users\Jennifer\Favorites\Sword Art Online Episode 12 - AniLinkz.url -> hxxp://anilinkz.com/sword-art-online-episode-12
InternetURL: C:\Users\Jennifer\Favorites\TERA - En Masse Entertainment.url -> hxxp://www.enmasse.com/products/tera
InternetURL: C:\Users\Jennifer\Favorites\Tera Online [US] Guide to 250k+ points for Sirjuka Gallery! (Rank 1) - YouTube.url -> hxxp://www.youtube.com/watch?v=oiJoRZWFWEY
InternetURL: C:\Users\Jennifer\Favorites\The Elder Scrolls Online - Sign Up for The Elder Scrolls Online Beta Test Today!.url -> hxxp://www.elderscrollsonline.com/en/news/post/2013/01/21/sign-up-for-the-elder-scrolls-online-beta-test-today
InternetURL: C:\Users\Jennifer\Favorites\The Fall of Shai Hu - Quest - World of Warcraft.url -> hxxp://www.wowhead.com/quest=30855
InternetURL: C:\Users\Jennifer\Favorites\Timed Multiplication Quiz for Facts Test Drills.url -> hxxp://www.free-online-calculator-use.com/multiplication-quiz.html
InternetURL: C:\Users\Jennifer\Favorites\Titan-Core.url -> hxxp://titan-core.net/
InternetURL: C:\Users\Jennifer\Favorites\Tm 99 Runs. - Epic Perfect World.url -> hxxp://epicpw.com/guides/tm-99-runs/
InternetURL: C:\Users\Jennifer\Favorites\Toshley's Station Hero's Hat - Item - World of Warcraft#reward-from-q.url -> hxxp://www.wowhead.com/item=31457/toshleys-station-heros-hat#reward-from-q
InternetURL: C:\Users\Jennifer\Favorites\TwinkInfo.com Portal  World of Warcraft WoW Twinks.url -> hxxp://twinkinfo.com/
InternetURL: C:\Users\Jennifer\Favorites\Typing Special Characters - Microsoft Standard English (United States 101) Keyboard.url -> hxxp://www.forlang.wsu.edu/help/keyboards.asp
InternetURL: C:\Users\Jennifer\Favorites\Vindictus.url -> hxxp://vindictus.nexon.net/Support/Client.aspx
InternetURL: C:\Users\Jennifer\Favorites\Vote panel - Sunset-WoW.url -> hxxp://sunset-wow.com/vote
InternetURL: C:\Users\Jennifer\Favorites\Warcraft-Arena (0 players online).url -> hxxp://warcraft-arena.servegame.com/
InternetURL: C:\Users\Jennifer\Favorites\WARFRAME Wiki.url -> hxxp://warframe.wikia.com/wiki/WARFRAME_Wiki
InternetURL: C:\Users\Jennifer\Favorites\Welcome in the Swarm.url -> hxxp://www.swarm-servers.com/
InternetURL: C:\Users\Jennifer\Favorites\Welcome.url -> hxxp://osu.ppy.sh/p/welcome
InternetURL: C:\Users\Jennifer\Favorites\Witch Craft Works Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/witch-craft-works-episode-1
InternetURL: C:\Users\Jennifer\Favorites\Wizard Barristers Benmashi Cecil Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/wizard-barristers-benmashi-cecil-episode-1
InternetURL: C:\Users\Jennifer\Favorites\World of Warcraft Official Game Site.url -> hxxp://us.battle.net/wow/en/
InternetURL: C:\Users\Jennifer\Favorites\WoW Craft 255 High fun realm.url -> hxxp://wow-craft.eu/
InternetURL: C:\Users\Jennifer\Favorites\WoWMortal - 4.3.4 and 4.0.6 Instant 85 Cataclysm Private Server.url -> hxxp://cataclysm.wowmortal.com/
InternetURL: C:\Users\Jennifer\Favorites\xKito Music - YouTube.url -> hxxp://www.youtube.com/user/nyuualiaslucy?feature=watch
InternetURL: C:\Users\Jennifer\Favorites\Z-X Ignition Episode 1 - AniLinkz.url -> hxxp://anilinkz.com/z-x-ignition-episode-1
InternetURL: C:\Users\Jennifer\Favorites\[EpiXWoW]  Official Website Homepage.url -> hxxp://epixwow.com/
InternetURL: C:\Users\Jennifer\Favorites\[GUIDE] I wanna be the Ermahgerdian (current state 13.11.13) - Guardian - Dragon's Prophet Forums.url -> https://www.dragonsp...t-state-180713/
InternetURL: C:\Users\Jennifer\Favorites\▶ 10 Hours Fluffle Puff Pink fluffy unicorns dancing on rainbows - YouTube.url -> hxxp://www.youtube.com/watch?v=Sm368W0OsHo
InternetURL: C:\Users\Jennifer\Favorites\▶ 300 Violin Orchestra - Jorge Quintero (High Quality) - YouTube.url -> hxxp://www.youtube.com/watch?v=fCebJodm0lY
InternetURL: C:\Users\Jennifer\Favorites\▶ Adema - The way you like it Lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=g-ejGJ1UtIQ
InternetURL: C:\Users\Jennifer\Favorites\▶ Alien Trance - 6 little eggs [Otis] - YouTube.url -> hxxp://www.youtube.com/watch?v=BPi-JW6sdxg
InternetURL: C:\Users\Jennifer\Favorites\▶ Amazon Nightcore- All The Things She Said - YouTube.url -> hxxp://www.youtube.com/watch?v=Sc4A5vg3EQ0
InternetURL: C:\Users\Jennifer\Favorites\▶ Anime Guitar Hero Photo SlideShow Tribute - Do the Rock Man - YouTube.url -> hxxp://www.youtube.com/watch?v=kaYebygpxs4
InternetURL: C:\Users\Jennifer\Favorites\▶ Antiserum x Mayhem - Trippy (Original Mix) - YouTube.url -> hxxp://www.youtube.com/watch?v=l1nR-kh1zgU
InternetURL: C:\Users\Jennifer\Favorites\▶ AWESOME VIOLIN BEAT VISUALIZATION - YouTube.url -> hxxp://www.youtube.com/watch?v=Sia31xQBWAM
InternetURL: C:\Users\Jennifer\Favorites\▶ Awolnation - Sail - Unlimited Gravity Remix - YouTube.url -> hxxp://www.youtube.com/watch?v=t1wjL4BqXlI
InternetURL: C:\Users\Jennifer\Favorites\▶ Best Chillstep Dubstep Mix ever - YouTube.url -> hxxp://www.youtube.com/watch?v=mjwHO1b_tbE
InternetURL: C:\Users\Jennifer\Favorites\▶ Bet I Bust Lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=2fcVgGcZKYs
InternetURL: C:\Users\Jennifer\Favorites\▶ Bleach - I Stand Alone - YouTube.url -> hxxp://www.youtube.com/watch?v=C90LgDMz_e0
InternetURL: C:\Users\Jennifer\Favorites\▶ BLEACH AMV LET'S GO - TRICK DADDY FT. LIL JON & TWISTA RAP ANIME MUSIC VIDEO - YouTube.url -> hxxp://www.youtube.com/watch?v=0pdzJCyNY-0
InternetURL: C:\Users\Jennifer\Favorites\▶ Bleach OST Invasion YouTube2 - YouTube.url -> hxxp://www.youtube.com/watch?v=X8vjIYnNfwo
InternetURL: C:\Users\Jennifer\Favorites\▶ Bleach [AMV] - Can't Break Me - Csonti - YouTube.url -> hxxp://www.youtube.com/watch?v=fNeJHtJ5kdM
InternetURL: C:\Users\Jennifer\Favorites\▶ Blue Nightcore - Timber - YouTube.url -> hxxp://www.youtube.com/watch?v=Mto25cISPD4
InternetURL: C:\Users\Jennifer\Favorites\▶ Bring Me to Life - Evanescence - YouTube.url -> hxxp://www.youtube.com/watch?v=SDklocLs8mU
InternetURL: C:\Users\Jennifer\Favorites\▶ Buku - Fullagold - YouTube.url -> hxxp://www.youtube.com/watch?v=1gBWGIuhkv0
InternetURL: C:\Users\Jennifer\Favorites\▶ Carnival Of Rust [Nightcore] - YouTube.url -> hxxp://www.youtube.com/watch?v=idpgCm2S8sI
InternetURL: C:\Users\Jennifer\Favorites\▶ Cryptex - Slay It - YouTube.url -> hxxp://www.youtube.com/watch?v=9lM07iiGKoo
InternetURL: C:\Users\Jennifer\Favorites\▶ Cyclone - Baby Bash (Lyrics) - YouTube.url -> hxxp://www.youtube.com/watch?v=GXnBjpzRTco
InternetURL: C:\Users\Jennifer\Favorites\▶ D4L - Tat It Up w- Lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=cZ1W7YOoGrg
InternetURL: C:\Users\Jennifer\Favorites\▶ Daft Punk - Around The World - YouTube.url -> hxxp://www.youtube.com/watch?v=yca6UsllwYs
InternetURL: C:\Users\Jennifer\Favorites\▶ Dark Strings Metal Rap Beat Instrumental - YouTube.url -> hxxp://www.youtube.com/watch?v=V9u2kLIUGCc
InternetURL: C:\Users\Jennifer\Favorites\▶ David Banner- play (dirty Version) - YouTube.url -> hxxp://www.youtube.com/watch?v=uLqqonSVQzY
InternetURL: C:\Users\Jennifer\Favorites\▶ Dj Fresh - Louder (Dubstep) - YouTube.url -> hxxp://www.youtube.com/watch?v=tLojc_YtPm0
InternetURL: C:\Users\Jennifer\Favorites\▶ Dj Raaban - Drop The Bass - YouTube.url -> hxxp://www.youtube.com/watch?v=W-xeW9C5OzU
InternetURL: C:\Users\Jennifer\Favorites\▶ Dragon Spotlight #15 - Balge - YouTube.url -> hxxp://www.youtube.com/watch?v=pjQNCJtBnFI
InternetURL: C:\Users\Jennifer\Favorites\▶ DRAMATIC SONG - 10 HOURS!! - YouTube.url -> hxxp://www.youtube.com/watch?v=RCNMETN-XnM
InternetURL: C:\Users\Jennifer\Favorites\▶ Dubstep - Adventure Club ft Krewella - Rise & Fall (KDrew Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=FHSE0QY78EE
InternetURL: C:\Users\Jennifer\Favorites\▶ Dubstep - System - Lights - YouTube.url -> hxxp://www.youtube.com/watch?v=SFQY_d9qwl4
InternetURL: C:\Users\Jennifer\Favorites\▶ E-40 Function Bass Boost - YouTube.url -> hxxp://www.youtube.com/watch?v=uoe1gTdcHGw
InternetURL: C:\Users\Jennifer\Favorites\▶ E-40 Function Ft. YG, IamSu, and Problem - YouTube.url -> hxxp://www.youtube.com/watch?v=g-iC-irllqY
InternetURL: C:\Users\Jennifer\Favorites\▶ E-40 Sliding Down The Pole Bass Boosted - YouTube.url -> hxxp://www.youtube.com/watch?v=71n5-INoVMQ
InternetURL: C:\Users\Jennifer\Favorites\▶ Eminem - 25 to Life ( Lyrics ) - YouTube.url -> hxxp://www.youtube.com/watch?v=CubMGxbU6fc
InternetURL: C:\Users\Jennifer\Favorites\▶ Epic Music Of All Times Drift - YouTube.url -> hxxp://www.youtube.com/watch?v=T4MAaGJMBdY
InternetURL: C:\Users\Jennifer\Favorites\▶ Exorcist Hip Hop Remix [CRG] - YouTube.url -> hxxp://www.youtube.com/watch?v=saTtd6MmT0I
InternetURL: C:\Users\Jennifer\Favorites\▶ Fatty Spins - Doin' Your Mom - Lyrics Video - YouTube.url -> hxxp://www.youtube.com/watch?v=8KXANErD7BM
InternetURL: C:\Users\Jennifer\Favorites\▶ Feint - The Journey ft. Veela [HD] - YouTube.url -> hxxp://www.youtube.com/watch?v=a2ViM6HE7O0
InternetURL: C:\Users\Jennifer\Favorites\▶ Fenech-Soler - Last Forever (The Chainsmokers Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=cfkoJqw101w
InternetURL: C:\Users\Jennifer\Favorites\▶ FL Rap Beat - Angry Violins - YouTube.url -> hxxp://www.youtube.com/watch?v=e7ZW_m3fxKo
InternetURL: C:\Users\Jennifer\Favorites\▶ Get Silly (Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=oGyQpVmPqHc
InternetURL: C:\Users\Jennifer\Favorites\▶ Greatest Battle Music Of All Times Chokkaku - YouTube.url -> hxxp://www.youtube.com/watch?v=oMKMZy1eSQU
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Holly Drummond - Out Of My Mind (System Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=ELZxd3SHAJU
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Maka & Waeck ft. Farisha - Breathe (Vexare Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=Ca_kSIKpxsA
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  MitiS - Open Window (ft. Anna Yvette) - YouTube.url -> hxxp://www.youtube.com/watch?v=ouGRTkwq5NE
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Pandoh - Tristram Falls - YouTube.url -> hxxp://www.youtube.com/watch?v=UGsEjKcC9DI
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Phrenik - All Or Nothing ft. Nikki B - YouTube.url -> hxxp://www.youtube.com/watch?v=T_w9rdH5H4o
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Skrux & Felxprod - Find You ft. Complexion (Myriad Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=xNmMNKSGC6o
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Synx - Leave Me - YouTube.url -> hxxp://www.youtube.com/watch?v=To0AMpOjbxo
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Dubstep  Young London - Broken (Culture Code Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=x0ph6zCKwKc
InternetURL: C:\Users\Jennifer\Favorites\▶ HD Electro  Dead C.A.T Bounce - Closer To Me ft. Emily Underhill (Myriad Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=CBoC53DqQ6o
InternetURL: C:\Users\Jennifer\Favorites\▶ HEROES X VILLAINS - FLEX - YouTube.url -> hxxp://www.youtube.com/watch?v=L8wK794JRPY
InternetURL: C:\Users\Jennifer\Favorites\▶ Hip Hop instrumental violin lourd.Bass Boost - YouTube.url -> hxxp://www.youtube.com/watch?v=_TNxBJo8x8E
InternetURL: C:\Users\Jennifer\Favorites\▶ I put on for my city Lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=zJV9EBQU8WY
InternetURL: C:\Users\Jennifer\Favorites\▶ I'm Sprung T Pain ft Akon with lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=zWDDBN5X6Bw
InternetURL: C:\Users\Jennifer\Favorites\▶ Incubus - Aqueous Transmission - YouTube.url -> hxxp://www.youtube.com/watch?v=eQK7KSTQfaw
InternetURL: C:\Users\Jennifer\Favorites\▶ Instrumental (Scary-Beats Rap) - YouTube.url -> hxxp://www.youtube.com/watch?v=ceBn0SKTFZs
InternetURL: C:\Users\Jennifer\Favorites\▶ JT Machinima - Minecraft Mob Rap - The Mob Rap by JT Machinima - YouTube.url -> hxxp://www.youtube.com/watch?v=si_5mY8akr0
InternetURL: C:\Users\Jennifer\Favorites\▶ Korn- Word Up! [Lyrics] - YouTube.url -> hxxp://www.youtube.com/watch?v=v16q6cAKRJM
InternetURL: C:\Users\Jennifer\Favorites\▶ Kraddy - Android Porn (Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=xpNpjKQqHqU
InternetURL: C:\Users\Jennifer\Favorites\▶ Krewella - Alive - YouTube.url -> hxxp://www.youtube.com/watch?v=hPpK_GkAK30
InternetURL: C:\Users\Jennifer\Favorites\▶ Krewella - Strobelights - YouTube.url -> hxxp://www.youtube.com/watch?v=UtPD2opGGfM
InternetURL: C:\Users\Jennifer\Favorites\▶ M83 - Midnight City - YouTube.url -> hxxp://www.youtube.com/watch?v=M2IPU05tZ2k
InternetURL: C:\Users\Jennifer\Favorites\▶ Martin Garrix - Animals (Official Video) - YouTube.url -> hxxp://www.youtube.com/watch?v=gCYcHz2k5x0
InternetURL: C:\Users\Jennifer\Favorites\▶ Minnesota - Stardust [Dubstep] - YouTube.url -> hxxp://www.youtube.com/watch?v=sJSK0yhd28Y
InternetURL: C:\Users\Jennifer\Favorites\▶ Monstercat - Best of 2012 Album Mix by Going Quantum (1hr 45 of Electronic Dance Music) - YouTube.url -> hxxp://www.youtube.com/watch?v=ycMg5Q6AtWI
InternetURL: C:\Users\Jennifer\Favorites\▶ Morde Song - Mordekaiser Es Numero Uno ( The Wanted - Chasing the sun parody) - YouTube.url -> hxxp://www.youtube.com/watch?v=nLSAZeRzY4Q
InternetURL: C:\Users\Jennifer\Favorites\▶ More Kords - Fragmentize (ft. Miyoki) - YouTube.url -> hxxp://www.youtube.com/watch?v=DnKmHY6F7ds
InternetURL: C:\Users\Jennifer\Favorites\▶ Most Epic OSTs Ever A Hero Will Rise - YouTube.url -> hxxp://www.youtube.com/watch?v=is0c_Q9hJrY
InternetURL: C:\Users\Jennifer\Favorites\▶ Most Fantastic Battle Music - Fate of the Unknown - YouTube.url -> hxxp://www.youtube.com/watch?v=DpknxKrcLDk
InternetURL: C:\Users\Jennifer\Favorites\▶ New Instrumental By OmX ! - YouTube.url -> hxxp://www.youtube.com/watch?v=iND5s5X-k-Q
InternetURL: C:\Users\Jennifer\Favorites\▶ New R&B Pop Instrumental, Beats Hotness!!! - YouTube.url -> hxxp://www.youtube.com/watch?v=rkoEWm4Bovs
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - A Demon's Fate - YouTube.url -> hxxp://www.youtube.com/watch?v=dG0WhEgcLt8
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - A Thousand Miles - YouTube.url -> hxxp://www.youtube.com/watch?v=01vMbBNBDww
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Apologize - YouTube.url -> hxxp://www.youtube.com/watch?v=ziKsPebaNdA
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Attack - YouTube.url -> hxxp://www.youtube.com/watch?v=_up91tZBvWc
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Blue - YouTube.url -> hxxp://www.youtube.com/watch?v=d11TIk7aaIQ
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Bring Back The Glory [HD] - YouTube.url -> hxxp://www.youtube.com/watch?v=Jef6C_sxGbw
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Call me - YouTube.url -> hxxp://www.youtube.com/watch?v=YmEHe2hytag
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Coming Undone VS Ultranumb - YouTube.url -> hxxp://www.youtube.com/watch?v=LHtYY2NFwB4
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Deliver Us From Evil - YouTube.url -> hxxp://www.youtube.com/watch?v=zxiKNinw5zU
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Demons - YouTube.url -> hxxp://www.youtube.com/watch?v=bOpLs6qfYoI
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Down With The Sickness (SubVibe RMX) [HD] - YouTube.url -> hxxp://www.youtube.com/watch?v=w-jegU6Tbtk
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Dragula [HD] - YouTube.url -> hxxp://www.youtube.com/watch?v=X089PK8frv0
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Empty Eyes - YouTube.url -> hxxp://www.youtube.com/watch?v=dczSlVazyGg
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Fly On The Wall [HD] [Request] - YouTube.url -> hxxp://www.youtube.com/watch?v=pX8laYbWXqM
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Get Out Alive - YouTube.url -> hxxp://www.youtube.com/watch?v=_OF3DSKy7uo
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Halo - YouTube.url -> hxxp://www.youtube.com/watch?v=MOj8sC-lX6M
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Impossible - YouTube.url -> hxxp://www.youtube.com/watch?v=SGWVzEYxzrk
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Lost in the Echo - YouTube.url -> hxxp://www.youtube.com/watch?v=oCL7DW6ziAw
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Numb Encore [HQ] - YouTube.url -> hxxp://www.youtube.com/watch?v=ck9pWoDDp5k
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - One Life [HQ] - YouTube.url -> hxxp://www.youtube.com/watch?v=lnvf1lUhtYg
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Parachute - YouTube.url -> hxxp://www.youtube.com/watch?v=SbKkDGeZgnA
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Roar - YouTube.url -> hxxp://www.youtube.com/watch?v=4QT2iNjbxVM
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Rock Mix - YouTube.url -> hxxp://www.youtube.com/watch?v=pkeqX_gJFjg
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - She Doesn't Mind [HQ] - YouTube.url -> hxxp://www.youtube.com/watch?v=iQrQJCbpDWE
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Skillet Falling Inside The Black - YouTube.url -> hxxp://www.youtube.com/watch?v=T8o5TVxVF88
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Skillet Hero - YouTube.url -> hxxp://www.youtube.com/watch?v=VmNLHI8u5m8
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore - Sweet Escape - YouTube.url -> hxxp://www.youtube.com/watch?v=WEcSUzgPQMI
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore ▪ Encore (Party World) - YouTube.url -> hxxp://www.youtube.com/watch?v=MA9h43dYMI0
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore- Paparazzi - YouTube.url -> hxxp://www.youtube.com/watch?v=GIUe1KAxkB0
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore- S.C.A.V.A - YouTube.url -> hxxp://www.youtube.com/watch?v=StQeZ4ao8Hk
InternetURL: C:\Users\Jennifer\Favorites\▶ NIGHTCORE- Temperature - YouTube.url -> hxxp://www.youtube.com/watch?v=CuzyduGWWbM
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore-Nightmare - YouTube.url -> hxxp://www.youtube.com/watch?v=RtohtqDH-Rc
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightcore-Nightstep - I need a Doctor - YouTube.url -> hxxp://www.youtube.com/watch?v=OizN-CBc6Rs
InternetURL: C:\Users\Jennifer\Favorites\▶ Nightstep - Rise & Fall [HQ] - YouTube.url -> hxxp://www.youtube.com/watch?v=fHabzld6Qqk
InternetURL: C:\Users\Jennifer\Favorites\▶ NightTrap - Symphonica [HQ] - YouTube.url -> hxxp://www.youtube.com/watch?v=ZuGN80bSJcY
InternetURL: C:\Users\Jennifer\Favorites\▶ numb encore linkin park jay z nightcore - YouTube.url -> hxxp://www.youtube.com/watch?v=eFaO7z_q3fU
InternetURL: C:\Users\Jennifer\Favorites\▶ Níl Sé'n Lá Nightcore - YouTube.url -> hxxp://www.youtube.com/watch?v=gGBCsx1C0D8
InternetURL: C:\Users\Jennifer\Favorites\▶ Over & Over Again - Nelly Ft. Tim McGraw - YouTube.url -> hxxp://www.youtube.com/watch?v=lFl4YcvCz7Q
InternetURL: C:\Users\Jennifer\Favorites\▶ Pendulum - Witchcraft (Rob Swire's Drumstep Mix) - YouTube.url -> hxxp://www.youtube.com/watch?v=P3ot-LMuPgs
InternetURL: C:\Users\Jennifer\Favorites\▶ Rap Instrumental By OmX 2 !!!! Fl 10 xxl !! - YouTube.url -> hxxp://www.youtube.com/watch?v=ab-nI_Q0oag
InternetURL: C:\Users\Jennifer\Favorites\▶ Ready To Fight - ManHood feat. Vic Da Lic - YouTube.url -> hxxp://www.youtube.com/watch?v=7aj6dMvija8
InternetURL: C:\Users\Jennifer\Favorites\▶ Reckful - Warrior (Rank 1, 84-3) - YouTube.url -> hxxp://www.youtube.com/watch?v=BKqWxkKw8VI
InternetURL: C:\Users\Jennifer\Favorites\▶ Roy Jones - Can't be touched - YouTube.url -> hxxp://www.youtube.com/watch?v=GoCOg8ZzUfg
InternetURL: C:\Users\Jennifer\Favorites\▶ Shadow Of The Day - Nightcore - YouTube.url -> hxxp://www.youtube.com/watch?v=lKrTqaxlmSo
InternetURL: C:\Users\Jennifer\Favorites\▶ Skrux - Last Breath - YouTube.url -> hxxp://www.youtube.com/watch?v=L2HIdP5oDBc
InternetURL: C:\Users\Jennifer\Favorites\▶ Sorry Blame it on me - Akon with lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=26WBT1ZdLdc
InternetURL: C:\Users\Jennifer\Favorites\▶ Stooki Sound & Mr Carmack - Uppers - YouTube.url -> hxxp://www.youtube.com/watch?v=HHmHLx9x5Os
InternetURL: C:\Users\Jennifer\Favorites\▶ The Morning After Club Banger! WITH HOOK! SOLD - YouTube.url -> hxxp://www.youtube.com/watch?v=s2BCNFBfFLY
InternetURL: C:\Users\Jennifer\Favorites\▶ Three Loco (Andy Milonakis, Dirt Nasty, Riff Raff) - We Are Farmers - YouTube.url -> hxxp://www.youtube.com/watch?v=8Zg_ZpJJsTA
InternetURL: C:\Users\Jennifer\Favorites\▶ Trance - Daggmask - YouTube.url -> hxxp://www.youtube.com/watch?v=TAfjJCz-1eA
InternetURL: C:\Users\Jennifer\Favorites\▶ Trance - Le - YouTube.url -> hxxp://www.youtube.com/watch?v=EfFsGMnPZhQ
InternetURL: C:\Users\Jennifer\Favorites\▶ Trap Megamix January 2014  Best TRAP MUSIC [HD-FREE DL] #87 - YouTube.url -> hxxp://www.youtube.com/watch?v=nfxga3ELoSw
InternetURL: C:\Users\Jennifer\Favorites\▶ Twista - Wetter w- lyrics - YouTube.url -> hxxp://www.youtube.com/watch?v=bKWTseZjjuE
InternetURL: C:\Users\Jennifer\Favorites\▶ Twista Wetter [ With lyrics] - YouTube.url -> hxxp://www.youtube.com/watch?v=KHl4b_OBHyA
InternetURL: C:\Users\Jennifer\Favorites\▶ Two Steps from [bleep] - Black Blade - YouTube.url -> hxxp://www.youtube.com/watch?v=KjHSEzoMrSI
InternetURL: C:\Users\Jennifer\Favorites\▶ TwoThirds feat. Laura Brehm - Waking Dreams (Soulero Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=6jAMWyBPqsY
InternetURL: C:\Users\Jennifer\Favorites\▶ TWRK - BaDINGA! - YouTube.url -> hxxp://www.youtube.com/watch?v=TrEk96vX8_Q
InternetURL: C:\Users\Jennifer\Favorites\▶ Under Pressure {HipHop Instrumental} Free DL - YouTube.url -> hxxp://www.youtube.com/watch?v=OR5aSWBhpdk
InternetURL: C:\Users\Jennifer\Favorites\▶ Violin Freestyle Rap Beat (Instrumental) - YouTube.url -> hxxp://www.youtube.com/watch?v=aAHfl633MSM
InternetURL: C:\Users\Jennifer\Favorites\▶ Violin Hip Hop [Broken Sorrow] - YouTube.url -> hxxp://www.youtube.com/watch?v=gmIyukBjE5o
InternetURL: C:\Users\Jennifer\Favorites\▶ We ready Mix - YouTube.url -> hxxp://www.youtube.com/watch?v=Rp2SN6eMURI
InternetURL: C:\Users\Jennifer\Favorites\▶ Will Smith - Encore - YouTube.url -> hxxp://www.youtube.com/watch?v=wQDknCtPtI0
InternetURL: C:\Users\Jennifer\Favorites\▶ World of Warcraft - Lvl 19 Rogue Twink Guide - YouTube.url -> hxxp://www.youtube.com/watch?v=2QDs3tfRYug
InternetURL: C:\Users\Jennifer\Favorites\▶ Ying Yang Twins - Salt Shaker Bass Boosted - YouTube.url -> hxxp://www.youtube.com/watch?v=LaL_cUCwycs
InternetURL: C:\Users\Jennifer\Favorites\▶ [BLEACH AMV]Ichigo Is a Cut above - YouTube.url -> hxxp://www.youtube.com/watch?v=38hEoA2RIVw
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Drumstep Modigs - The Pillars of Creation - YouTube.url -> hxxp://www.youtube.com/watch?v=XbzNnz0Yzok
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Drumstep oneBYone - Rock It - YouTube.url -> hxxp://www.youtube.com/watch?v=YunLWT8U-XI
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Bass Science - Ghost In The Wires - YouTube.url -> hxxp://www.youtube.com/watch?v=dzqA9oWVPao
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Day One - Lunar Orbit - YouTube.url -> hxxp://www.youtube.com/watch?v=B62pdgO4DP8
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Inaki - Lift Me - YouTube.url -> hxxp://www.youtube.com/watch?v=efULVQxhijY
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep iNexus - Rage Quit (Eliminate Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=w17-naEI9Fg
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Minnesota - Stardust - YouTube.url -> hxxp://www.youtube.com/watch?v=QXYPR0sNGIQ
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Modigs - Blur - YouTube.url -> hxxp://www.youtube.com/watch?v=-bu3mRb7s1k
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Protohype - Circuit Break - YouTube.url -> hxxp://www.youtube.com/watch?v=ui05PF8bYnU
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Spag Heddy - Like A B055 - YouTube.url -> hxxp://www.youtube.com/watch?v=uw2pioYwqIw
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Spag Heddy - Till You Drop - YouTube.url -> hxxp://www.youtube.com/watch?v=ZqDsTcAONGw
InternetURL: C:\Users\Jennifer\Favorites\▶ [HD] Dubstep Tristam - Shine - YouTube.url -> hxxp://www.youtube.com/watch?v=3AAacCy4BMI
InternetURL: C:\Users\Jennifer\Favorites\▶ [House] MitiS - Expose (Original Mix) (1080p HD) - YouTube.url -> hxxp://www.youtube.com/watch?v=N5cbvcaZO7c
InternetURL: C:\Users\Jennifer\Favorites\▶ [Nightcore] Pop Danthology 2012 - YouTube.url -> hxxp://www.youtube.com/watch?v=F2rtI9lAVJw
InternetURL: C:\Users\Jennifer\Favorites\▶ [Trap] DJ SNAKE - Turn Down For What (feat. Lil Jon) (Official Audio) - YouTube.url -> hxxp://www.youtube.com/watch?v=rLBJZuao17o
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Nightcore - Dreaming - YouTube.url -> hxxp://www.youtube.com/watch?v=qJXMoPR9r80
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Nightcore - Just Dance - Lady gaga - YouTube.url -> hxxp://www.youtube.com/watch?v=5rnLT61m-yQ
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Nightcore - Leave out All the rest - Linkin park - YouTube.url -> hxxp://www.youtube.com/watch?v=9vckiieD4NA
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Nightcore - Magnetic Eyes - YouTube.url -> hxxp://www.youtube.com/watch?v=5cVQmWnKPpI
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Nightcore - my love - YouTube.url -> hxxp://www.youtube.com/watch?v=VuaAhhSDdt0
InternetURL: C:\Users\Jennifer\Favorites\▶ ▶ Two Steps From [bleep] - The Ancients - YouTube.url -> hxxp://www.youtube.com/watch?v=nFn1cVnz_lE
InternetURL: C:\Users\Jennifer\Favorites\▶ ►BEST OF PROGRESSIVE HOUSE MIX AUGUST 2013◄ ヽ( ≧ω≦)ノ [FREE DOWNLOAD] - YouTube.url -> hxxp://www.youtube.com/watch?v=33BDDqfwKG4
InternetURL: C:\Users\Jennifer\Favorites\▶ ►BEST OF TRAP MUSIC MIX OCTOBER 2013◄ ヽ( ≧ω≦)ノ [FREE DOWNLOAD] - YouTube.url -> hxxp://www.youtube.com/watch?v=76Cm-GkJsM0
InternetURL: C:\Users\Jennifer\Favorites\▶ 【5 HOURS】►LIQUID DUBSTEP-DRUM AND BASS 2013◄ ヽ( ≧ω≦)ノ - YouTube.url -> hxxp://www.youtube.com/watch?v=JrKDwLd3am0
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Electro House】Enzo Darren - Nola [Flashover Recordings] - YouTube.url -> hxxp://www.youtube.com/watch?v=NdL5z11WkfY
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Electro House】Urbanstep - The Anthem (Original Mix) - YouTube.url -> hxxp://www.youtube.com/watch?v=gRqdOCd41F0
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Electro】AdhesiveWombat - 8 Bit Adventure (SpikedGrin Remix) [Free Download] - YouTube.url -> hxxp://www.youtube.com/watch?v=n4A_F5SXmgo
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Glitch Hop】Warriyo - Sunburn - YouTube.url -> hxxp://www.youtube.com/watch?v=iqFRz9u9GeE
InternetURL: C:\Users\Jennifer\Favorites\▶ 【HALLOWEEN SPECIAL】►1 HOUR HALLOWEEN DUBSTEP COMPILATION 2013◄ ヽ( ≧ω≦)ノ - YouTube.url -> hxxp://www.youtube.com/watch?v=8HZ2NzG3lG0
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Trap】Aero Chord - Ctrl Alt Destruction (Original Mix) [Free Download] - YouTube.url -> hxxp://www.youtube.com/watch?v=RWo_pIVCL_E&list=PLvlw_ICcAI4cDtL3pBl80RMawk-sMTmki
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Trap】Pegboard Nerds x Misterwives - Coffins [Free Download] - YouTube.url -> hxxp://www.youtube.com/watch?v=I87r-v9UmJE&list=PLvlw_ICcAI4cDtL3pBl80RMawk-sMTmki
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Trap】Rihanna - Pour It Up (RL Grime Remix) - YouTube.url -> hxxp://www.youtube.com/watch?v=bxftqoTil7g&list=PLvlw_ICcAI4cDtL3pBl80RMawk-sMTmki
InternetURL: C:\Users\Jennifer\Favorites\▶ 【Trap】Tiesto - Take Me (Skg - Trap Remix) [EXCLUSIVE] - YouTube.url -> hxxp://www.youtube.com/watch?v=Rucbzc1-dPc&list=PLvlw_ICcAI4cDtL3pBl80RMawk-sMTmki
InternetURL: C:\Users\Jennifer\Favorites\Mom's\http--www.amazon.com-Seagate-ST31000340NS-Barracuda-ES-2-Internal-dp-B0027IGKV6-ref=pd_cp_e_2.url -> hxxp://www.amazon.com/Seagate-ST31000340NS-Barracuda-ES-2-Internal/dp/B0027IGKV6/ref=pd_cp_e_2
InternetURL: C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install)\Data\enUS\AccountBilling.url -> hxxp://signup.worldofwarcraft.com/
InternetURL: C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install)\Data\enUS\TechSupport.url -> hxxp://www.worldofwarcraft.com/support/
InternetURL: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Arma 3.url -> steam://rungameid/107410
InternetURL: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\The Secret World.url -> steam://rungameid/215280
InternetURL: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Vindictus.url -> steam://rungameid/212160
InternetURL: C:\Users\mnmojcotiuu\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\mnmojcotiuu\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
 
==================== End of log =============================
 

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi and thanks for the logs :)

Firstly a friendly warning:

warning.gif IOBit software warning!

I see that you are running some IOBit software .
Although legitimate one, IOBit as a vendor is considered a rogue one here due to stealing Malwarebytes' intellectual property. This is only an information and a polite request to refrain from using its software. Whether you decide to do it or not, it's your call.

Step 1

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   5.75KB   187 downloadsand save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlog
  • JRT Log
  • ADWcleaner scan log

  • 0

#5
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Jennifer at 2015-01-15 15:38:56 Run:1
Running from C:\Users\Jennifer\Desktop
Loaded Profiles: Jennifer (Available profiles: Jennifer)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
createrestorepoint:
 
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.the...&cc=US&unqvl=74
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupon...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jennifer\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Jennifer\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-14] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5131672 2013-12-01] (INCA Internet Co., Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 WinRing0_1_2_0; No ImagePath
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2014-12-23 21:42 - 2014-12-23 21:43 - 10603200 _____ (IObit ) C:\Users\Jennifer\Downloads\driver_booster_setup.exe
2014-12-18 03:48 - 2014-12-18 03:49 - 44119760 _____ (IObit ) C:\Users\Jennifer\Downloads\advanced-systemcare-setup.exe
2015-01-11 00:04 - 2014-12-14 21:28 - 00002148 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-23 21:45 - 2014-12-14 21:29 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-12-23 21:45 - 2014-12-14 21:29 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-23 21:45 - 2014-12-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat
C:\Users\Jennifer\jagex_cl_runescape_LIVE1.dat
C:\Users\Jennifer\random.dat
C:\Users\Jennifer\uid.dat
Task: {5BBD6020-AB37-482B-A303-42DC85C40835} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {84560551-244B-426E-A654-6E49192BB88D} - System32\Tasks\Uninstaller_SkipUac_Jennifer => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {A2B3090B-D3FF-4566-8AEF-78472E625D6C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {A2BEA4EC-C586-404F-837D-8FC03ECFF26A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {A4D9279C-7907-4271-B462-DB780212D1BA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {E01E781A-2D87-40D2-AB28-3C9E32CFAF3C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {EA2C5EBE-EBB8-45D5-A37C-1A2AD9504403} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
emptytemp:
end
*****************
 
Restore point was successfully created.
[2848] C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}" => Key deleted successfully.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found. 
"HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => Key deleted successfully.
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@raidcall.en/RCplugin -> C:\Users\Jennifer\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin => Key not found. 
"HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\Jennifer\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => Moved successfully.
CouponPrinterService => Service deleted successfully.
LiveUpdateSvc => Service deleted successfully.
npggsvc => Service deleted successfully.
SmartDefragDriver => Service stopped successfully.
SmartDefragDriver => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
hxsyol => Service deleted successfully.
sjcst => Service deleted successfully.
X6va015 => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\Users\Jennifer\Downloads\driver_booster_setup.exe => Moved successfully.
C:\Users\Jennifer\Downloads\advanced-systemcare-setup.exe => Moved successfully.
C:\Users\Public\Desktop\Driver Booster 2.lnk => Moved successfully.
C:\Windows\System32\Tasks\Driver Booster Scan => Moved successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2 => Moved successfully.
C:\Users\Jennifer\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jennifer\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Jennifer\random.dat => Moved successfully.
C:\Users\Jennifer\uid.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BBD6020-AB37-482B-A303-42DC85C40835}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BBD6020-AB37-482B-A303-42DC85C40835}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84560551-244B-426E-A654-6E49192BB88D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84560551-244B-426E-A654-6E49192BB88D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Jennifer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Jennifer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2B3090B-D3FF-4566-8AEF-78472E625D6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2B3090B-D3FF-4566-8AEF-78472E625D6C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2BEA4EC-C586-404F-837D-8FC03ECFF26A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2BEA4EC-C586-404F-837D-8FC03ECFF26A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4D9279C-7907-4271-B462-DB780212D1BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4D9279C-7907-4271-B462-DB780212D1BA}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartDefrag3_Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E01E781A-2D87-40D2-AB28-3C9E32CFAF3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E01E781A-2D87-40D2-AB28-3C9E32CFAF3C}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartDefrag3_Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA2C5EBE-EBB8-45D5-A37C-1A2AD9504403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2C5EBE-EBB8-45D5-A37C-1A2AD9504403}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
EmptyTemp: => Removed 655.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:40:19 ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jennifer on Thu 01/15/2015 at 15:49:37.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898.3
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-137BF219.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons.com couponbar"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Jennifer\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/15/2015 at 15:52:39.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v4.107 - Report created 15/01/2015 at 15:57:16
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jennifer - JENNIFER-PC
# Running from : C:\Users\Jennifer\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\drivers\hssdrv6.sys
File Found : C:\Windows\System32\drivers\taphss6.sys
Folder Found : C:\ProgramData\6432806091339046072
Folder Found : C:\ProgramData\df0432e000002384
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Jennifer\AppData\Local\CrashRpt
Folder Found : C:\Users\Jennifer\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Found : C:\Users\Jennifer\AppData\Roaming\SendSpace
Folder Found : C:\Util
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{a4086861-4827-48d4-89e0-11f56410b065}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{abc20dbe-c256-4641-8172-16618b73592b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_
Key Found : HKLM\SOFTWARE\Classes\P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.9
Key Found : HKLM\SOFTWARE\Classes\Pa4086861_4827_48d4_89e0_11f56410b065_.Pa4086861_4827_48d4_89e0_11f56410b065_
Key Found : HKLM\SOFTWARE\Classes\Pa4086861_4827_48d4_89e0_11f56410b065_.Pa4086861_4827_48d4_89e0_11f56410b065_.9
Key Found : HKLM\SOFTWARE\Classes\Pabc20dbe_c256_4641_8172_16618b73592b_.Pabc20dbe_c256_4641_8172_16618b73592b_
Key Found : HKLM\SOFTWARE\Classes\Pabc20dbe_c256_4641_8172_16618b73592b_.Pabc20dbe_c256_4641_8172_16618b73592b_.9
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a4086861-4827-48d4-89e0-11f56410b065}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{abc20dbe-c256-4641-8172-16618b73592b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.10
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{a4086861-4827-48d4-89e0-11f56410b065}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{abc20dbe-c256-4641-8172-16618b73592b}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [6571 octets] - [15/01/2015 15:57:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6631 octets] ##########
 

  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Excellent :)
 
First...
 
adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Next...
 
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start[
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:

  • ADWcleaner clean log
  • Malwarebytes log
  • ESET log


  • 0

#7
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
# AdwCleaner v4.107 - Report created 15/01/2015 at 16:17:46
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jennifer - JENNIFER-PC
# Running from : C:\Users\Jennifer\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Util
Folder Deleted : C:\ProgramData\6432806091339046072
Folder Deleted : C:\ProgramData\df0432e000002384
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Users\Jennifer\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Jennifer\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Jennifer\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_
Key Deleted : HKLM\SOFTWARE\Classes\P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.P4b06fd96_2e06_49dc_8149_9fd6a2703fd4_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pa4086861_4827_48d4_89e0_11f56410b065_.Pa4086861_4827_48d4_89e0_11f56410b065_
Key Deleted : HKLM\SOFTWARE\Classes\Pa4086861_4827_48d4_89e0_11f56410b065_.Pa4086861_4827_48d4_89e0_11f56410b065_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pabc20dbe_c256_4641_8172_16618b73592b_.Pabc20dbe_c256_4641_8172_16618b73592b_
Key Deleted : HKLM\SOFTWARE\Classes\Pabc20dbe_c256_4641_8172_16618b73592b_.Pabc20dbe_c256_4641_8172_16618b73592b_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a4086861-4827-48d4-89e0-11f56410b065}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{abc20dbe-c256-4641-8172-16618b73592b}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a4086861-4827-48d4-89e0-11f56410b065}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{abc20dbe-c256-4641-8172-16618b73592b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4b06fd96-2e06-49dc-8149-9fd6a2703fd4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a4086861-4827-48d4-89e0-11f56410b065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{abc20dbe-c256-4641-8172-16618b73592b}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.10
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mnmojcotiuu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6763 octets] - [15/01/2015 15:57:16]
AdwCleaner[R1].txt - [6823 octets] - [15/01/2015 16:15:53]
AdwCleaner[S0].txt - [6960 octets] - [15/01/2015 16:17:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7020 octets] ##########

  • 0

#8
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/15/2015
Scan Time: 4:31:28 PM
Logfile: scarystuff.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.15.16
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jennifer
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373104
Time Elapsed: 11 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Rogue.Multiple, C:\ProgramData\3528706942, Quarantined, [0f4250a75534f83e60c588a0ca39f907], 
 
Files: 4
PUP.HackTool.LOIC, C:\Users\Jennifer\Downloads\loic-1.0.4-binary (2).zip, Quarantined, [66eb72858aff74c2abcdb3b833cdb34d], 
PUP.HackTool.LOIC, C:\Users\Jennifer\Downloads\loic-1.0.4-binary (3).zip, Quarantined, [b59c5f9872170d299fd97bf0d729f10f], 
PUP.HackTool.LOIC, C:\Users\Jennifer\Downloads\loic-1.0.4-binary (4).zip, Quarantined, [302154a37c0dc76fb4c4adbeb749619f], 
Rogue.Multiple, C:\ProgramData\3528706942\BITAFC2.tmp, Quarantined, [0f4250a75534f83e60c588a0ca39f907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I realized the scan for ESET stopped. I don't know what to do! ;(


Edited by Dohnovan, 15 January 2015 - 07:19 PM.

  • 0

#10
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Can you start it again?


  • 0

Advertisements


#11
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I just realized it's still scanning! I will copy the logs when it's done. Thank you so much!


  • 0

#12
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

No problem :D
 
One thing I did omit from my last statements though is this:
 
warning.gif IOBit software warning!

I see that you are running some IOBit software .
Although legitimate one, IOBit as a vendor is considered a rogue one here due to stealing Malwarebytes' intellectual property. This is only an information and a polite request to refrain from using its software. Whether you decide to do it or not, it's your call.


  • 0

#13
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I was actually going to ask about that crap! What is an effective way to uninstall it completely? Thank you!


  • 0

#14
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Uninstall it normally from programs and features.

 

In a follow up FRST scan after we have done with ESET - I will check for left overs and make sure it's all gone.


  • 0

#15
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b24c39d44070d64e895eda7ad68b2551
# engine=21992
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-16 02:24:09
# local_time=2015-01-15 07:24:09 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21350 172918499 0 0
# scanned=234243
# found=7
# cleaned=0
# scan_time=8274
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jennifer\Downloads\ccsetup413.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jennifer\Downloads\ccsetup414.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jennifer\Downloads\ccsetup415.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jennifer\Downloads\ccsetup416.exe"
sh=5D01165F2136795F93719C4B583376090EB7BF54 ft=1 fh=e8ea969d89266577 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Jennifer\Downloads\winzip185.exe"
sh=B6C45530FB13D657CC052C4C6F27C12E9FBBC46B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Jennifer\Downloads\winzip190-64.msi"
sh=CE858807E7092E29041200D2A5D7FB8F6DFD2D97 ft=1 fh=fb7356e30e72ff4a vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Jennifer\Downloads\winzip190.exe"

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP