1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

internet explorer popups

Discussion in 'Virus & Other Malware Removal' started by kenem1514, Jan 18, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    I have a windows 7 dell laptop, I use Google Chrome, and I completely uninstalled internet explorer but i still get a PC firewall popup from internet explorer. It says:

    "WARNING! Your PC may not be protected!

    If you see this message more than once, you need to call PC support at
    1-888-653-5637 immediately

    During this free call, you will receive assistance on how to remove
    malicious malware from your PC."


    On the webpage behind it all the info, for example location and date, are incorrect. I can't close the browser or the popup. How can I fix this?
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome. :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Mullet (administrator) on MULLET-PC on 20-01-2015 16:39:30
    Running from C:\Users\Mullet\Downloads
    Loaded Profiles: Mullet (Available profiles: Mullet & Administrator)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    () C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    () C:\Program Files (x86)\gorillaprice\gorillaprice.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    (Farbar) C:\Users\Mullet\Downloads\Farber 64bit.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105616 2009-08-20] (Corel)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [Amazon Cloud Player] => C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Mullet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\RunOnce: [Adobe Speed Launcher] => 1421182154
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe [697272 2014-01-23] (Adobe Systems Incorporated)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL File Not Found
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
    ProxyEnable: [S-1-5-21-893226502-1710361660-655067689-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-893226502-1710361660-655067689-1000] => http=127.0.0.1:13081;
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...putEncoding}&oe={outputEncoding}&sourceid=ie7
    URLSearchHook: HKU\S-1-5-21-893226502-1710361660-655067689-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {2FBA8798-3AA6-372B-4CD8-6F179F9D956F} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {2FBA8798-3AA6-372B-4CD8-6F179F9D956F} URL =
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {30750DD1-EADD-4cf1-A485-C736C96936AB} URL = http://search.etoolkit.com/search?q={searchTerms}&id=0268a592aa24bc3238b655f786c41e76cd4&s=p
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {68294C94-525E-433A-A3FC-58CEA15727C3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E56A4EC9-EEF7-4BBD-B307-A4B78BAA61B6&apn_sauid=58966B73-5EE9-4F9E-9B0B-48D767D063FC
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {6EDC504A-CE5F-45B0-AB4C-3F350E9303F8} URL = http://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10007&lng=en
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {B0924664-BA2F-470C-898C-0D886474A02F} URL = http://search.softonic.com/MOY00166/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=900
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {C8FEDF37-4395-4D22-BE6E-6D363B1788B0} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M517DC08A-FC06-4A12-B965-4E04FDB4B719&SearchSource=58&CUI=&UM=5&UP=SPA85954EB-A98B-4A0E-9ACF-635704973EBB&q={searchTerms}&SSPV=
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default
    FF DefaultSearchEngine: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\crawler-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\inbox-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\trovi-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\WebSearch.xml
    FF Extension: FreeWorkz - C:\Users\Mullet\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-05-20]
    FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\Extensions\[email protected] [2014-05-03]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-31]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
    FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20]
    FF HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Firefox\Extensions: [{33638441-4598-4220-be18-e164f856fd2c}] - C:\Program Files (x86)\Lyrics_Monkey\130.xpi

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
    CHR Extension: (YouTube) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
    CHR Extension: (Google Search) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-17]
    CHR Extension: (ArcadeYum) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2014-12-05]
    CHR Extension: (Google Wallet) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
    CHR Extension: (Gmail) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Mullet\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [Not Found]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mullet\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Mullet\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Mullet\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mullet\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Mullet\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    Locked "GorillaPrice" service was unlocked successfully. <===== ATTENTION

    R2 GorillaPrice; C:\Program Files (x86)\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed] <==== ATTENTION
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 699fd52f; "C:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
    S3 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
    S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [282624 2011-07-19] (Intel Corporation) [File not signed]
    S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-07-19] (Intel Corporation) [File not signed]
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    S3 ToolkitDisk; C:\windows\system32\Drivers\toolkitdisk.sys [62552 2011-09-12] (Toolkit Development, Ltd.)
    R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-02] (StdLib)
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S3 btmaux; system32\DRIVERS\btmaux.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 16:39 - 2015-01-20 16:39 - 00024876 _____ () C:\Users\Mullet\Downloads\FRST.txt
    2015-01-20 16:39 - 2015-01-20 16:39 - 00000000 ____D () C:\FRST
    2015-01-20 16:38 - 2015-01-20 16:38 - 02126848 _____ (Farbar) C:\Users\Mullet\Downloads\Farber 64bit.exe
    2015-01-20 16:37 - 2015-01-20 16:37 - 01118208 _____ (Farbar) C:\Users\Mullet\Downloads\Farber 32bit.exe
    2015-01-07 18:14 - 2015-01-07 19:17 - 00015594 _____ () C:\Users\Mullet\Documents\dukes#9 end.wlmp
    2015-01-07 16:42 - 2015-01-07 19:15 - 00029061 _____ () C:\Users\Mullet\Documents\dukes#8.wlmp
    2015-01-07 15:09 - 2015-01-07 19:28 - 00034264 _____ () C:\Users\Mullet\Documents\dukes#7 adventures.wlmp
    2015-01-07 14:44 - 2015-01-07 18:51 - 00035388 _____ () C:\Users\Mullet\Documents\dukes#6 funny moments.wlmp
    2015-01-07 11:40 - 2015-01-07 18:43 - 00027482 _____ () C:\Users\Mullet\Documents\dukes#5.wlmp
    2015-01-06 22:43 - 2015-01-07 18:40 - 00031370 _____ () C:\Users\Mullet\Documents\dukes#4.wlmp
    2015-01-06 20:18 - 2015-01-07 18:34 - 00020802 _____ () C:\Users\Mullet\Documents\dukes #3.wlmp
    2015-01-06 10:06 - 2015-01-07 18:32 - 00082275 _____ () C:\Users\Mullet\Documents\dukes #2.wlmp
    2014-12-31 09:03 - 2014-12-31 09:03 - 00000155 _____ () C:\Users\Mullet\Downloads\pr
    2014-12-26 07:54 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-26 07:54 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-22 18:02 - 2014-12-22 18:02 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-22 08:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-12-22 08:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
    2014-12-22 08:05 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-22 08:05 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-22 08:05 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-22 08:05 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-22 08:05 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-12-22 08:05 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-22 08:05 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-22 08:05 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-22 08:05 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-12-22 08:05 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-22 08:05 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-22 08:05 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-22 08:05 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-12-22 08:05 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-12-22 08:05 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-22 08:05 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-12-22 08:05 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-12-22 08:05 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-22 08:05 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-22 08:05 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-22 08:05 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-12-22 08:05 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-22 08:05 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-22 08:05 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-22 08:05 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-22 08:05 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-12-22 08:05 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-22 08:05 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-22 08:05 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-22 08:05 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-22 08:05 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-22 08:05 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-12-22 08:05 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-12-22 08:05 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-22 08:05 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-22 08:05 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-12-22 08:05 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-22 08:05 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-22 08:05 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-22 08:05 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-22 08:05 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-22 08:05 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-22 08:05 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-22 08:05 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-22 08:05 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-22 08:05 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-22 08:05 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-22 08:05 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-12-22 08:05 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-22 08:05 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-22 08:05 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-22 08:05 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-22 08:05 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-22 08:05 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-22 07:59 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-22 07:59 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2014-12-22 07:58 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-22 07:58 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-12-22 07:58 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-12-22 07:58 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
    2014-12-22 07:58 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-12-22 07:58 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
    2014-12-22 07:58 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
    2014-12-22 07:58 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
    2014-12-22 07:58 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-22 07:57 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
    2014-12-22 07:57 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 16:36 - 2014-01-23 19:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-20 16:33 - 2014-08-17 16:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-20 16:32 - 2014-12-09 13:26 - 00000296 _____ () C:\windows\Tasks\Digital Sites.job
    2015-01-20 16:32 - 2012-07-06 10:17 - 01518701 _____ () C:\windows\WindowsUpdate.log
    2015-01-20 13:36 - 2014-08-17 16:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-20 08:34 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-20 08:34 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-20 01:45 - 2014-12-09 14:26 - 00000066 _____ () C:\Users\Mullet\AppData\Roaming\WB.CFG
    2015-01-15 13:39 - 2014-11-13 16:22 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-14 21:08 - 2013-09-17 18:21 - 00069346 _____ () C:\windows\setupact.log
    2015-01-13 15:49 - 2013-11-04 19:39 - 00000450 ____H () C:\windows\Tasks\ss u helper-S-9665547.job
    2015-01-13 14:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-07 18:23 - 2014-12-19 14:29 - 00017369 _____ () C:\Users\Mullet\Documents\sample duke ss.wlmp
    2015-01-05 19:07 - 2014-12-09 13:31 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2015-01-04 20:53 - 2009-07-14 00:08 - 00032564 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-12-26 12:10 - 2009-07-14 00:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-22 18:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
    2014-12-22 18:02 - 2014-05-02 20:05 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-22 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-22 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
    2014-12-22 08:13 - 2013-07-17 02:02 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-22 08:08 - 2012-04-10 07:30 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======
    2014-11-13 15:49 - 2014-11-13 15:53 - 0034382 _____ () C:\Users\Mullet\AppData\Roaming\893686b8
    2014-12-09 14:26 - 2015-01-20 01:45 - 0000066 _____ () C:\Users\Mullet\AppData\Roaming\WB.CFG
    2014-11-13 15:49 - 2014-11-13 15:53 - 0034699 _____ () C:\Users\Mullet\AppData\Local\893686b8
    2012-04-04 20:26 - 2014-12-18 18:21 - 0081408 _____ () C:\Users\Mullet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-23 17:18 - 2014-09-23 17:18 - 0000017 _____ () C:\Users\Mullet\AppData\Local\resmon.resmoncfg
    2014-11-13 15:49 - 2014-11-13 15:53 - 0032131 _____ () C:\ProgramData\893686b8
    2012-07-31 14:17 - 2014-05-15 16:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

    Files to move or delete:
    ====================
    C:\Users\Mullet\AmazonMP3Downloader.exe


    Some content of TEMP:
    ====================
    C:\Users\Mullet\AppData\Local\Temp\a43518Eb9eFDf.exe
    C:\Users\Mullet\AppData\Local\Temp\APNSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\atl.exe
    C:\Users\Mullet\AppData\Local\Temp\cxernawsom.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\Mullet\AppData\Local\Temp\dxmedia.exe
    C:\Users\Mullet\AppData\Local\Temp\eA4A086DDa398.exe
    C:\Users\Mullet\AppData\Local\Temp\FreemakeVideoConverterFull.exe
    C:\Users\Mullet\AppData\Local\Temp\GLB1A2B.EXE
    C:\Users\Mullet\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxfonts.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxmcmp2.exe
    C:\Users\Mullet\AppData\Local\Temp\nsd591B.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdC69E.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdFDC9.exe
    C:\Users\Mullet\AppData\Local\Temp\nsi22D.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiC2C6.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiCA18.exe
    C:\Users\Mullet\AppData\Local\Temp\nsy634.exe
    C:\Users\Mullet\AppData\Local\Temp\OSUUpdater.exe
    C:\Users\Mullet\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mullet\AppData\Local\Temp\SpOrder.dll
    C:\Users\Mullet\AppData\Local\Temp\SPSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\stuprt.exe
    C:\Users\Mullet\AppData\Local\Temp\wmaudio.exe
    C:\Users\Mullet\AppData\Local\Temp\wmf9.exe
    C:\Users\Mullet\AppData\Local\Temp\wmpcdcs8.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-14 08:02

    ==================== End Of Log ============================
     
  4. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by Mullet at 2015-01-20 16:40:15
    Running from C:\Users\Mullet\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\{FDBF4291-7DDB-4C5C-B128-332A46CF8FFA}) (Version: 10.3.183.10 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Amazon Cloud Player (HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
    Amazon Kindle (HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Amazon Kindle) (Version: - Amazon)
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    AoA DVD Ripper (HKLM-x32\...\{D1725D54-279A-41C5-A73D-23C1785DB920}_is1) (Version: - AoAMedia)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Assistant (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}) (Version: - Verified Publisher) <==== ATTENTION
    Backyard Basketball (HKLM-x32\...\Backyard Basketball) (Version: - )
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
    Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
    CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
    Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
    Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
    Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Contents (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Corel VideoStudio 2010 (HKLM-x32\...\_{CBC7FF57-42A3-414E-B8EA-D971C986BA40}) (Version: 1.5.0.162 - Corel Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
    DeviceIO (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Extended Update (HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    ICA (x32 Version: 1.0 - Corel Corporation) Hidden
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    IPM_V (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
    Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
    MAGIX Goya burnR 1.3.1.2 (US) (HKLM-x32\...\MAGIX Goya burnR US) (Version: 1.3.1.2 - MAGIX AG)
    MAGIX Movie Edit Pro 12 6.5.4.0 (US) (HKLM-x32\...\MAGIX Movie Edit Pro 12 US) (Version: 6.5.4.0 - MAGIX AG)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    MLE (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Movie Studio Platinum 12.0 (HKLM-x32\...\{D112D601-C0E2-11E1-AAB9-F04DA23A5C58}) (Version: 12.0.333 - Sony)
    Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PureHD (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Setup (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Share (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Share64 (Version: 1.00.0000 - Corel Corporation) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VDS10 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    VIO (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Virtual Families (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Dell Games) (x32 Version: 4.0.11.7 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-893226502-1710361660-655067689-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-893226502-1710361660-655067689-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-893226502-1710361660-655067689-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-893226502-1710361660-655067689-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-893226502-1710361660-655067689-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    05-01-2015 01:35:59 Windows Update
    08-01-2015 17:30:04 Windows Update
    11-01-2015 20:00:22 Windows Update
    15-01-2015 08:20:33 Windows Update
    19-01-2015 08:12:25 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2013-09-14 19:25 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0887F103-483F-4763-9FA7-DC0B97E6AB71} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
    Task: {0F8E1204-B4A0-4E49-BADB-7F95EFC05B95} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {119F1D63-C1C0-40FB-BE28-DF91AAA42429} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-23] (Adobe Systems Incorporated)
    Task: {1242EFAD-6DFF-46CC-BA90-6CD3D1ADDA0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
    Task: {12964CC7-553B-43F6-B0C0-B26AC1E5154B} - System32\Tasks\{77F5FE01-E741-4F41-BB9F-FE063E958F76} => pcalua.exe -a D:\Game\CheckInstall.exe -d D:\Game
    Task: {2329D625-5C91-4674-BEEC-5F76F260E870} - System32\Tasks\{732262D4-6848-4D8D-82E2-6381D0C24668} => pcalua.exe -a C:\Users\Mullet\AppData\Local\Temp\Shortcut_sweetimsetup.exe -d C:\Users\Mullet\Desktop -c -Shortcut
    Task: {308A1275-8B44-4FD9-B011-AFA732E5B402} - \Feven-enabler No Task File <==== ATTENTION
    Task: {310C31AB-0306-4A2E-9C36-0282E2473A8A} - System32\Tasks\ss u helper-S-9665547 => c:\programdata\wintersoft\ss u helper\ss u helper.exe
    Task: {34EAB81C-F8EC-4463-93B3-3B241605E562} - System32\Tasks\{72BECBB4-A852-4E02-93D3-D99CF619F429} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-01-10] (Microsoft Corporation)
    Task: {3E18F6BD-C86B-4A30-80A0-E8254A6EFD13} - \FreeHDSport TV V6.0-firefoxinstaller No Task File <==== ATTENTION
    Task: {46BE5FF5-E262-4768-970E-744A6923C24D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {4F616EC7-B49A-40BB-9F71-81287E558C69} - System32\Tasks\{34D1F587-51E4-4CA6-8FE0-1F2CC11E5055} => Chrome.exe
    Task: {722F7B75-C9D1-48E1-996C-07646C65248B} - \Feven-firefoxinstaller No Task File <==== ATTENTION
    Task: {804C913C-8EB0-477F-82C8-9521EF24240B} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {8214C788-7084-4C97-A8AF-021B9B22C85B} - \LaunchApp No Task File <==== ATTENTION
    Task: {90FBF8B7-B7AB-4113-A9C5-448FE0A6364B} - \Your File Updater No Task File <==== ATTENTION
    Task: {94478F08-BA8D-490A-9D49-08B5E887123E} - \FreeHDSport TV V6.0-enabler No Task File <==== ATTENTION
    Task: {9A948D49-0B6E-44BD-9D00-DDBA38B2C072} - \FreeHDSport TV V6.0-chromeinstaller No Task File <==== ATTENTION
    Task: {A9761DDA-246D-4D5A-BF8C-A7810D2EC868} - System32\Tasks\{20D478CC-C24B-45DB-9D3D-525344A569D0} => pcalua.exe -a "C:\Users\Mullet\Downloads\wlsetup-web (4).exe" -d C:\Users\Mullet\Downloads
    Task: {AB89C42F-697F-4EB9-B221-977FF355AC56} - System32\Tasks\PC Shutdown => C:/Windows/System32/shutdown.exe [2009-07-13] (Microsoft Corporation)
    Task: {D0FA491F-FA18-4E67-A599-6EB65E25F0C3} - \DSite No Task File <==== ATTENTION
    Task: {D3D0D884-1F0D-4B36-B47B-0EF20BD8B1B2} - \FreeHDSport TV V6.0-updater No Task File <==== ATTENTION
    Task: {D6F437BD-1D77-4025-B03F-393E590536AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DFC6AC51-1E24-47B2-BCEB-6D4FEE48E18F} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {E2871B76-F7D0-412A-A2A2-930C49565059} - \DealPlyUpdate No Task File <==== ATTENTION
    Task: {E2F5CFC4-8ED8-4A63-9C5D-9566918F297D} - \Feven-chromeinstaller No Task File <==== ATTENTION
    Task: {E78D045B-0BA2-45FE-A22D-9A401EAD87F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
    Task: {E80EFCDC-BC0D-4BFA-BA1B-733A9FB62E6B} - System32\Tasks\{68CAE951-9C43-41F0-BBB3-80F1232B8AF9} => pcalua.exe -a "C:\Users\Mullet\Downloads\wlsetup-web (4).exe" -d C:\Users\Mullet\Downloads
    Task: {EA0ED35F-A526-4F6C-8B15-70F57FB5605A} - System32\Tasks\Digital Sites => C:\Users\Mullet\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-12-09] () <==== ATTENTION
    Task: {EE73FC12-95BF-418B-9332-C8F613A66ACC} - \Feven-codedownloader No Task File <==== ATTENTION
    Task: {F1C1D1DB-47C3-4281-8E1C-AC590424B0A9} - \Feven-updater No Task File <==== ATTENTION
    Task: {F39B0EEC-7FEB-47E9-A6B7-7DE3BF27F53F} - System32\Tasks\{25A4883B-7169-4F15-9B1B-5DC0B2F27BF5} => pcalua.exe -a "C:\Users\Mullet\Downloads\wlsetup-web (1).exe" -d C:\Users\Mullet\Downloads
    Task: {F4954685-FC34-4D09-9552-D84535E19508} - \FreeHDSport TV V6.0-codedownloader No Task File <==== ATTENTION
    Task: {F4C21157-7197-4DD0-9AA8-B0A574AE9279} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F58CBFC6-DC6C-42DA-956F-2D4D5AFD7016} - System32\Tasks\{004D1423-8956-4AA3-B71A-264B3822D5AC} => pcalua.exe -a "C:\Users\Mullet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E64WRVDY\mozilla firefox setup.exe" -d C:\Users\Mullet\Desktop
    Task: {FC63E4C4-00C2-4A06-9631-5ECC4225F1F8} - System32\Tasks\hpUrlLauncher.exe_{2C2A3EF1-55E0-4D07-942B-8A0DBB05C79A} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Mullet\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ss u helper-S-9665547.job => c:\programdata\wintersoft\ss u helper\ss u helper.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2011-12-13 15:03 - 2011-04-10 13:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2014-01-05 19:58 - 2013-12-12 14:56 - 03145536 _____ () C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    2014-04-01 08:32 - 2014-04-01 08:32 - 00420864 _____ () C:\Program Files (x86)\gorillaprice\gorillaprice.exe
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-01-15 13:39 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-15 13:39 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-15 13:39 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-15 13:39 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
    2015-01-15 13:39 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Mullet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
    MSCONFIG\startupreg: BackupAgent => C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
    MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    MSCONFIG\startupreg: SMessaging => "C:\Users\Mullet\AppData\Local\Strongvault Online Backup\SMessaging.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-893226502-1710361660-655067689-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-893226502-1710361660-655067689-501 - Limited - Disabled)
    Mullet (S-1-5-21-893226502-1710361660-655067689-1000 - Administrator - Enabled) => C:\Users\Mullet

    ==================== Faulty Device Manager Devices =============

    Name: X5XSEx
    Description: X5XSEx
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: X5XSEx
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/20/2015 08:34:15 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:34:15 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:33:57 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:33:57 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:33:01 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/20/2015 08:31:20 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (01/19/2015 02:33:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/19/2015 02:26:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/16/2015 00:03:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/16/2015 00:03:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/13/2015 07:05:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/13/2015 07:05:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    Error: (01/13/2015 02:40:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X5XSEx service failed to start due to the following error:
    %%3

    Error: (01/13/2015 02:40:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Assistant service to connect.

    Error: (01/13/2015 07:29:36 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (01/12/2015 10:04:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (01/20/2015 02:28:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/20/2015 08:34:15 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Corel\MLE\MetadataMgr.exe

    Error: (01/20/2015 08:34:15 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Corel\MLE\MLEMonitor.exe

    Error: (01/20/2015 08:33:57 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\WiDiConnectTest64.exe

    Error: (01/20/2015 08:33:57 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\WiFiDnSServer.exe

    Error: (01/20/2015 08:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\Corel\corel digital studio 2010\uvGGPL.exe

    Error: (01/20/2015 08:33:01 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\Corel\corel digital studio 2010\CDLabelApp.exe

    Error: (01/20/2015 08:31:20 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Corel\Corel Digital Studio 2010\UVS.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2013-09-14 20:25:05.686
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-09-14 20:25:05.639
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-09-14 20:25:05.592
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-09-14 20:25:05.545
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-07-06 11:29:29.495
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-07-06 11:29:29.479
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 46%
    Total physical RAM: 6051.18 MB
    Available physical RAM: 3218.38 MB
    Total Pagefile: 12100.54 MB
    Available Pagefile: 8081.81 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:290.26 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66FDC1DE)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    Users shortcut scan result (x64) Version: 19-01-2015
    Ran by Mullet at 2015-01-20 16:42:10
    Running from C:\Users\Mullet\Downloads
    Boot Mode: Normal
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)



    Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\Mullet\Desktop ()
    Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\Mullet\Downloads ()
    Shortcut: C:\Users\Administrator\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Free Ride Games.lnk -> C:\Program Files (x86)\Free Ride Games\GPlrLanc.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader\Uninstall.lnk -> C:\Program Files (x86)\YourFileDownloader\uninstall.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader\YourFile Downloader.lnk -> C:\Program Files (x86)\YourFileDownloader\YourFile.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk -> C:\Users\Mullet\Desktop\Adobe Download Assistant\Adobe Download Assistant.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk -> C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe (Dell Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk -> C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk -> C:\Windows\Installer\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}\MOVIEMK.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Doom9's Xvid Forum.lnk -> C:\Program Files (x86)\Xvid\doom9forum.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Koepi's Homepage (Updates).lnk -> C:\Program Files (x86)\Xvid\koepishomepage.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\INet-Xvid Homepage.lnk -> C:\Program Files (x86)\Xvid\xvidhomepage.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Koepi's OGMCalc.lnk -> C:\Program Files (x86)\Xvid\OGMCalc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Nic's FourCC changer.lnk -> C:\Program Files (x86)\Xvid\AviC.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Nic's MiniCalc.lnk -> C:\Program Files (x86)\Xvid\MiniCalc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk -> C:\Program Files (x86)\Xvid\releasenotes.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Some quantization matrices.lnk -> C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\StatsReader 2.1.lnk -> C:\Program Files (x86)\Xvid\StatsReader.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\StatsReader Notes.lnk -> C:\Program Files (x86)\Xvid\statsreader.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid.lnk -> C:\Program Files (x86)\Xvid\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Vidc.Cleaner.lnk -> C:\Program Files (x86)\Xvid\vidccleaner.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Windows Media Encoder.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Encoding Script.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\WMEncUtil.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media File Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmeditor.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Profile Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Stream Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmstreamedt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{2B1C6CB4-4470-4D57-91E0-83986DCEB5DA}\fssicon.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VipBoxSportsApp.com\VipBoxSportsApp.lnk -> C:\Program Files (x86)\VipBoxSportsApp.com\VipBoxSportsApp.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Movie Studio Platinum 12.0\Movie Studio Platinum 12.0 Readme.lnk -> C:\Program Files (x86)\Sony\Movie Studio Platinum 12.0\Readme\Movie_Studio_readme.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Movie Studio Platinum 12.0\Movie Studio Platinum 12.0.lnk -> C:\Program Files (x86)\Sony\Movie Studio Platinum 12.0\MovieStudioPlatinum120.exe (Sony Creative Software Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Movie Studio Platinum 12.0\Video Capture 6.0 Readme.lnk -> C:\Program Files (x86)\Sony\Movie Studio Platinum 12.0\Readme\Videocapture_readme.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk -> C:\Program Files (x86)\MiPony\MiPony.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\MAGIX Movie Edit Pro 12.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\MovieEdit.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\iPACE Online Services.lnk -> C:\Program Files (x86)\Common Files\MAGIX Shared\Online Services Info\index_0409.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\license conditions.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\license.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\MAGIX Creation Logo - Guidelines.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\MAGIX Creation Logo.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\register.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\register.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\support.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\support.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\uninstall MAGIX Movie Edit Pro 12.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\unwise.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Order\order.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\order.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Documentation\MAGIX Movie Edit Pro 12 help.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\movieedit.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Documentation\MAGIX Movie Edit Pro 12 manual.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\manual.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Additional Applications\VST-DX Adapter Light.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\VstConfig.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Accessories\service components.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\reinstall3rdParty.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\MAGIX Goya burnR.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\Goya.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\iPACE Online Services.lnk -> C:\Program Files (x86)\Common Files\MAGIX Shared\Online Services Info\index_0409.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\license conditions.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\license.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\MAGIX Creation Logo - Guidelines.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\MAGIX Creation Logo.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\register.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\register.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\support.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\support.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\uninstall MAGIX Goya burnR.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\unwise.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Order\order.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\order.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Documentation\MAGIX Goya burnR help.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\Goya.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Accessories\service components.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\reinstall3rdParty.exe (MAGIX AG)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\Intel(R) My WiFi Technology.lnk -> C:\Program Files\Intel\WiFi\bin\PanUI.exe (Intel(R) Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel(R) WiDi\Intel(R) WiDi.lnk -> C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Humongous Entertainment\Backyard Basketball Help.lnk -> C:\hegames\basketball\Help File\index.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Humongous Entertainment\Backyard Basketball.lnk -> C:\hegames\basketball\Basketball.exe (Humongous Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Help.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HPScan.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Product Support Website.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\ProductSupportShortcut.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Shop for Supplies.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\WirelessEasyShortcut.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\DVD Shrink 3.2.lnk -> C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe (DVD Shrink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\DVD Shrink Information.lnk -> C:\Program Files (x86)\DVD Shrink\Web\DVD Shrink.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\Uninstall DVD Shrink.lnk -> C:\Program Files (x86)\DVD Shrink\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\Service Agreements\DHS.pdf.lnk -> C:\Dell\Service Agreements\DHS.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\Dell Software & Utilities\Dell Getting Started Guide.lnk -> C:\Program Files (x86)\Dell\Dell Welcome\welcome.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Digital Studio 2010\Corel VideoStudio 2010.lnk -> C:\Program Files (x86)\Corel\Corel Digital Studio 2010\UVS.exe (Corel)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\MCULauncher.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PowerShot SX150 IS Camera User Guide\PowerShot SX150 IS Camera User Guide.lnk -> C:\Program Files (x86)\Canon\CameraUserGuide-PSSX150IS\PSSX150IS_Guide_EN.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk -> C:\Program Files (x86)\Canon\PhotoStitch\Readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk -> C:\Program Files (x86)\Canon\PhotoStitch\STLauncher.exe (Canon Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ReadMeMET.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Readme.lnk -> C:\Program Files (x86)\Canon\Movie Uploader for YouTube\ReadMe(MovieUploaderForYouTube).rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube.lnk -> C:\Program Files (x86)\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\DCSD Software Guide\DCSD Software Guide.lnk -> C:\Program Files (x86)\Canon\Software Guide\Software_Guide_W_EN.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Readme.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ReadmeCIG.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\CameraWindow DC 8 Readme.lnk -> C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDC8\ReadMe(CameraWindow DC 8).rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\CameraWindow.lnk -> C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\MyCamera\MyCamera.lnk -> C:\Program Files (x86)\Canon\CameraWindow\MyCamera\MyCamera.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper\AoA DVD Ripper on the Web.lnk -> C:\Program Files (x86)\AoA DVD Ripper\AoADVDRipper.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper\AoA DVD Ripper.lnk -> C:\Program Files (x86)\AoA DVD Ripper\AoADVDRipper.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper\HELP.lnk -> C:\Program Files (x86)\AoA DVD Ripper\Help.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper\Step-by-Step Guide (Convert DVD to DivX).lnk -> C:\Program Files (x86)\AoA DVD Ripper\DVDtoDivX.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper\Uninstall AoA DVD Ripper.lnk -> C:\Program Files (x86)\AoA DVD Ripper\UI.exe (AoAMedia.Com)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3 Downloader\Amazon MP3 Downloader.lnk -> C:\Users\Mullet\AmazonMP3Downloader.exe (Amazon.com)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3 Downloader\Uninstall Amazon MP3 Downloader.lnk -> C:\Users\Mullet\Uninstall.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{bba80652-58a7-4320-a64f-475fdbda4363}\PlayTasks\0\Virtual Families.lnk -> C:\Program Files (x86)\WildTangent Games\Games\VirtualFamilies\Virtual Families-WT.exe (No File)
    Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD Graphics.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
    Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\Links\Desktop.lnk -> C:\Users\Mullet\Desktop ()
    Shortcut: C:\Users\Mullet\Links\Downloads.lnk -> C:\Users\Mullet\Downloads ()
    Shortcut: C:\Users\Mullet\Links\OneDrive.lnk -> C:\Users\Mullet\SkyDrive ()
    Shortcut: C:\Users\Mullet\Documents\cover letter for cath - Shortcut.lnk -> C:\Users\Mullet\Documents\cover letter for cath.docx (No File)
    Shortcut: C:\Users\Mullet\Desktop\Amazon Cloud Player.lnk -> C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe (Amazon)
    Shortcut: C:\Users\Mullet\Desktop\Downloads - Shortcut.lnk -> C:\Users\Mullet\Downloads ()
    Shortcut: C:\Users\Mullet\Desktop\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\Desktop\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\Desktop\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\Desktop\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\Mullet\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeWorkz\Remove FreeWorkz.lnk -> C:\Users\Mullet\AppData\Local\FreeWorkz\Uninstaller.exe (No File)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk -> C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe (Amazon)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk -> C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Uninstall.exe (Amazon)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Kindle.lnk -> C:\Users\Mullet\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk -> C:\Users\Mullet\AppData\Local\Amazon\Kindle\application\uninstall.exe (Amazon.com)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DVD Shrink 3.2.lnk -> C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe (DVD Shrink)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ZoomBrowser EX.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe ()
    Shortcut: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{EE989C4D-36B8-4744-A510-1456B7976195}\PlayTasks\0\Play.lnk -> C:\hegames\basketball\Basketball.exe (Humongous Entertainment)
    Shortcut: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{ACDDBA03-FDF3-4EFA-A6A3-52F9E0D71143}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Maxis\SimCity 3000\Game\SC3.EXE (No File)
    Shortcut: C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk -> C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Uninstall.exe (Amazon)
    Shortcut: C:\Users\Public\Desktop\Adobe Download Assistant.lnk -> C:\Users\Mullet\Desktop\Adobe Download Assistant\Adobe Download Assistant.exe ()
    Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\Public\Desktop\Amazon Cloud Player.lnk -> C:\Users\Mullet\Amazon Cloud Player.url ()
    Shortcut: C:\Users\Public\Desktop\Corel VideoStudio 2010.lnk -> C:\Program Files (x86)\Corel\Corel Digital Studio 2010\UVS.exe (Corel)
    Shortcut: C:\Users\Public\Desktop\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\ePrintCenterShortcut.url ()
    Shortcut: C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (Hewlett-Packard Co.)
    Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\ZoomBrowser EX.lnk -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe ()


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Service and Support\register online.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\explore.exe () -> hxxp://www.magix.com/user/register/product_registration/login_screen.php3?VARPROGRAM=Videodeluxe2007&VARCHARGE=6.5.4.0&VARREGISTER=onlineregister&VARLAND=US
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Goya burnR\Service and Support\register online.lnk -> C:\Program Files (x86)\MAGIX\Goya_burnR\explore.exe () -> hxxp://www.magix.com/user/register/product_registration/login_screen.php3?VARPROGRAM=Goya_burnR&VARCHARGE=1.3.1.2&VARREGISTER=onlineregister&VARLAND=US


    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvidvfw.dll,Configure
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Movie Edit Pro 12\Accessories\install program components.lnk -> C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\instslct.exe (MAGIX AG) -> /c
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Advanced Statistics
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Event Viewer
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Diagnostics
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x1000
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {2D5E3D2B-919F-407C-8757-E64827518BB6}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Update IP Address.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\FATE\Fate-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\PlantsVsZombies-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PowerShot SX150 IS Camera User Guide\PowerShot SX150 IS Camera User Guide Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\CameraUserGuide-PSSX150IS\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\PhotoStitch\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\Movie Uploader for YouTube\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\DCSD Software Guide\DCSD Software Guide Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\Software Guide\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\CameraWindow Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\MyCamera\MyCamera Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\CameraWindow\CameraWindow DC 8\CameraWindow DC 8 Uninstall.lnk -> C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe (CANON INC.) -> "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDC8\Uninst.ini"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fe0cc815-796a-41a4-9b14-eab0cab6ef06}\PlayTasks\0\Wedding Dash - Ready, Aim, Love!.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\wedding-dash-ready-aim-love-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fa9b84a6-0e59-4193-aaae-84685b703819}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f90fc75d-8c33-451f-9e10-6020333a53b2}\PlayTasks\0\Final Drive Fury.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f0185260-f04e-4de5-988b-08fb646ee3a4}\PlayTasks\0\Escape Whisper Valley (TM).lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\EscapeWhisperValley-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ec54e28f-aec6-4a9a-bb5a-6e908267a334}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ea50b41b-c732-44ae-a67c-17f082a0c558}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e260a0ce-a77d-4a0a-8b5e-fa30673c91de}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d5619c28-9c54-445c-b722-f7d2aa282acb}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\PlantsVsZombies-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d38b8a47-e546-4fcc-90cf-7fd8f0660bb1}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca4d7cb0-3a81-41f6-bb77-e2a672997b3f}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c92b408d-af20-4d91-ad66-9a3e577e5b01}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c86bbf67-8095-49b4-ab9f-734c59e8b887}\PlayTasks\0\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a2a28acd-8574-44d9-8992-7d0f0778b3fb}\PlayTasks\0\Build-a-lot 2.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{98f40dae-1983-46fe-8fbe-4391ccb0c9d7}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{96c20dce-cff0-41a6-bebb-b2c0d8a55d0d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{84171e03-4584-4cea-971c-2c6612ba39d3}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{80df6420-8ba4-42a4-aa73-1b75edb73dea}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7d797a2c-fd0b-4326-ac46-a32f3f28f02b}\PlayTasks\0\Samantha Swift.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift\SamanthaSwift-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5d9ac69e-40f3-4892-a3ec-c63c8fc0e9be}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{59afa206-9027-433e-99e1-f1d729fabd63}\PlayTasks\0\Jewel Quest.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\JewelQuest-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{401070ad-6eb5-4a05-bdc5-10e022704ab5}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{36c69997-9991-40c7-8031-6449971edb1f}\PlayTasks\0\Luxor.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Luxor\Luxor-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{36a7f8ea-371c-4be7-b974-6664fdb26dc1}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{287bec0e-f921-4b07-9a8a-5700cc6216e6}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{207b08ea-bb66-4f3a-9958-0d960d7fb394}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1dba4c6e-de74-4b08-8154-da9b5c14ae56}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Mullet\Desktop\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\Users\Mullet\Desktop\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Mullet\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\Mullet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{fe0cc815-796a-41a4-9b14-eab0cab6ef06}\PlayTasks\0\Wedding Dash - Ready, Aim, Love!.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\wedding-dash-ready-aim-love-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{f90fc75d-8c33-451f-9e10-6020333a53b2}\PlayTasks\0\Final Drive Fury.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{f0185260-f04e-4de5-988b-08fb646ee3a4}\PlayTasks\0\Escape Whisper Valley (TM).lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\EscapeWhisperValley-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{ec54e28f-aec6-4a9a-bb5a-6e908267a334}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{ea50b41b-c732-44ae-a67c-17f082a0c558}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{ca4d7cb0-3a81-41f6-bb77-e2a672997b3f}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{96c20dce-cff0-41a6-bebb-b2c0d8a55d0d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{84171e03-4584-4cea-971c-2c6612ba39d3}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{80df6420-8ba4-42a4-aa73-1b75edb73dea}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{5d9ac69e-40f3-4892-a3ec-c63c8fc0e9be}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{401070ad-6eb5-4a05-bdc5-10e022704ab5}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{36a7f8ea-371c-4be7-b974-6664fdb26dc1}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{287bec0e-f921-4b07-9a8a-5700cc6216e6}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{207b08ea-bb66-4f3a-9958-0d960d7fb394}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{1dba4c6e-de74-4b08-8154-da9b5c14ae56}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Mullet\AppData\Local\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem


    InternetURL: C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Administrator\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Administrator\Favorites\Links\Play Free Games.url -> hxxp://www.jagex.com/l=0/a=580/slice/dell
    InternetURL: C:\Users\Administrator\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Administrator\Desktop\Play Games\Play RuneScape.url -> hxxp://www.runescape.com/l=0/a=579/splash/dell
    InternetURL: C:\Users\Administrator\Desktop\Play Games\Play War of Legends.url -> hxxp://www.waroflegends.com/l=0/a=579/splash/dell
    InternetURL: C:\Users\Default\Favorites\Links\Play Free Games.url -> hxxp://www.jagex.com/l=0/a=580/slice/dell
    InternetURL: C:\Users\Default\Desktop\Play Games\Play RuneScape.url -> hxxp://www.runescape.com/l=0/a=579/splash/dell
    InternetURL: C:\Users\Default\Desktop\Play Games\Play War of Legends.url -> hxxp://www.waroflegends.com/l=0/a=579/splash/dell
    InternetURL: C:\Users\Mullet\Amazon Cloud Player.url -> https://www.amazon.com/gp/dmusic/mp3/player
    InternetURL: C:\Users\Mullet\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Mullet\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Mullet\Favorites\Links\eBay.url -> hxxp://rover.ebay.com/rover/1/711-86042-13409-3/4?mpre=hxxp://ebay.com
    InternetURL: C:\Users\Mullet\Favorites\Links\Play Free Games.url -> hxxp://www.jagex.com/l=0/a=580/slice/dell
    InternetURL: C:\Users\Mullet\Favorites\Links\Suggested Sites (2).url -> https://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Mullet\Favorites\Links\Suggested Sites.url -> 0
    InternetURL: C:\Users\Mullet\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com/
    InternetURL: C:\Users\Mullet\Favorites\Dell\Dell Internet Security.url -> hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs
    InternetURL: C:\Users\Mullet\Favorites\Dell\DELL.url -> hxxp://g.msn.com/USCON/1
    InternetURL: C:\Users\Mullet\Favorites\Dell\Online Support.url -> hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen

    ==================== End of log =============================
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Is this a company computer? Are you behind a Proxy Server?

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

    Launch and update Malwarebytes Antimalware.

    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now".
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click on Quanrantee All,.
    • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
    • Upon restart, launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Right click on your next reply and select Paste.
    • Submit your reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
  7. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Mullet on Tue 01/20/2015 at 19:41:25.42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] 699fd52f
    Successfully deleted: [Service] 699fd52f
    Failed to stop: [Service] gorillaprice



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update plurpush
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util plurpush
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68294C94-525E-433A-A3FC-58CEA15727C3}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6EDC504A-CE5F-45B0-AB4C-3F350E9303F8}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0924664-BA2F-470C-898C-0D886474A02F}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8FEDF37-4395-4D22-BE6E-6D363B1788B0}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FBA8798-3AA6-372B-4CD8-6F179F9D956F}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Mullet\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Mullet\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\Mullet\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Mullet\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
    Successfully deleted: [File] C:\Users\Mullet\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\Mullet\AppData\LocalLow\FCTB000100571
    Successfully deleted: [Folder] C:\Users\Mullet\AppData\Roaming\DigitalSites
    Successfully deleted: [Folder] "C:\ProgramData\apn"
    Successfully deleted: [Folder] "C:\ProgramData\etoolkit"
    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\Mullet\AppData\Roaming\pcdr"
    Successfully deleted: [Folder] "C:\Users\Mullet\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Mullet\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
    Successfully deleted: [Folder] "C:\Program Files (x86)\toolkitservice"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{08634A6A-D6DD-4EB5-9A23-1692FBDE71B6}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{09E8208A-3061-49F9-9260-B3AD87ECD533}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{0D4B76CA-61FE-4600-8300-84D7E3CA733B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{14D1C046-5A16-49D2-8262-ADB10BFC740D}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{15FD6537-77A1-4F82-969B-DDF0AEA73491}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{168B388B-FF7D-42A2-876E-BAE33A13B1F8}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{1E270DD5-4D37-419F-93BA-0D6CC7EC5F1E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{1E7F9147-D01C-4952-8388-5B88A15635FF}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{1ED86CC4-3553-4D03-9401-17EF474DDEF9}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{22B03415-3534-42B0-A951-9108B06461D5}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{265529A9-2A15-4FCF-8296-A7A9A679C4E8}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{27706E6F-BCCB-4E6D-869E-A6556079BC8E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{29B6C44E-62B1-4955-9963-0BD08D091F64}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{2BAB92A6-FB58-4960-9526-C0764F7C88A0}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{3DC829A4-4D2B-4278-9500-5276275836F0}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{3FCBF23B-74A6-4099-9F7D-44E9B98A67B4}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{40099CEF-FC23-4652-9287-F8B50C1221B8}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{415AE226-5AC8-4E2A-B2CB-D0382985E062}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{43CD541D-C8CF-4D73-B742-1CE788A1AC59}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{47229E6F-163B-400C-98F1-A717A729F7E1}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{48F7EDF9-16BE-47BA-AF28-D3022310C52E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{4F992682-B9EB-4CA9-BCAB-7665E9FA8BF0}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{5532A023-2DC5-44A6-A452-424683344A3B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{55623AD6-FE02-4C0C-BE2B-BDE5AACFA4D6}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{7115C705-63FA-49E1-8C9B-85357735130C}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{716C5C58-9AEE-4ADF-B3C8-FAF84BBB8DBE}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{74515D0C-4246-4B0F-82C8-38EC1400E11B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{76AD0A00-4BD7-4392-9B59-3BA066640B74}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{7737D20E-E433-49FA-846C-E1D0AAAB6B7E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{7B1D4F15-BCD8-4E5F-9074-0D0B022055E3}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{7D24B8E9-5A7F-44E3-A6DF-9632E1F86903}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{82819449-7948-4028-889C-194D37683C5A}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{84D1AF49-59C3-409F-B979-98095CFCD56A}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{853ACA82-4985-46EF-9E72-A30DDD33DF4E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{858FBA7D-40F9-4976-80E6-B93F395B1990}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{86FBC773-3495-482C-A865-1A651E8DB02A}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{87A2D948-48EF-479A-89CE-1CE12BC6A116}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{885CF9C1-7597-4789-B6A5-C7B2BF669929}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8985D781-AB0A-408A-8CDF-EB8245B100B5}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8B11A12C-0B62-4A1B-AD84-9C44BE44A73E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8CE1D564-FCDE-4DBB-B815-E3CE0555625A}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8D0A2D14-6C2E-4392-9C23-5E4C130E066F}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8D7C842D-3E9C-4727-9D84-0269432832CA}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{8E3EE178-20EC-416A-95D8-0D2D3E025EA2}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{96969921-9B80-4462-A9BA-0A8232608AC5}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{97AE8C8E-BFAC-48DC-ACE4-D1365592548B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{9D98503E-1873-4F79-B39E-074DDE1A8460}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{9E8B29DA-68FB-4BF1-9A6A-EFADB7C13742}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{A6EE602D-82FA-49EE-AE1B-14E923FC1E3E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{A7BFA5EE-A91A-48CA-A4E5-034D977B473C}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{A8B9F43F-ED23-4053-9137-CB287E95B2D2}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{B305E70A-F452-40B1-9690-947D5563EDF1}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{B72AA2E8-4C46-4BA1-AE14-A53839A95346}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{B8EF4028-D393-42CE-9544-9F4EA57AB69B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{BD82E480-E156-44F5-B059-BF24D284574B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{C1DFF598-BFC4-45FF-AA52-01F2B1C88D1E}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{C26CF7E0-B495-497D-B37F-24E3154D6951}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{C935A1BE-1E6C-49D1-AEF5-6C53CFFFBBA8}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{CAFFF98F-0AEF-42BC-B5E2-9B1B94F660BA}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{D32F17BC-F9F2-44AC-B796-3E75EE01E641}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{D8DBCA38-A6B9-4B73-BDE8-D91CC9B8E118}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{DA73C922-4090-45EF-852D-D23BBD58E110}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{DBAA31D1-C52F-423A-80D9-E62B478103BB}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{E009B26D-4796-4F67-88E3-50F9330B82A3}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{E415EBB8-3C3E-46DB-9727-063E7253836F}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{ED5C049F-04C5-410F-96E4-BC731FB106AA}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{EE5DF656-1086-48A8-A88D-63546F16E6BC}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{F22F71A5-175F-4425-9B39-67889D70AAD2}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{F432B066-7C2C-4D62-BFC3-53C32C23B27B}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{F972CD32-BB6B-4476-B1F2-B11502D9CB45}
    Successfully deleted: [Empty Folder] C:\Users\Mullet\appdata\local\{FD79FF67-7FE0-435B-A349-FABC8ACA1633}



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\Mullet\AppData\Roaming\mozilla\firefox\profiles\jtsnlvuz.default\searchplugins\trovi-search.xml
    Successfully deleted: [File] C:\Users\Mullet\AppData\Roaming\mozilla\firefox\profiles\jtsnlvuz.default\searchplugins\websearch.xml
    Successfully deleted the following from C:\Users\Mullet\AppData\Roaming\mozilla\firefox\profiles\jtsnlvuz.default\prefs.js

    user_pref("browser.search.defaultenginename", "WebSearch");
    user_pref("browser.search.defaultenginename,S", "WebSearch");
    user_pref("browser.search.defaulturl", "hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=");
    user_pref("browser.search.order.1", "WebSearch");
    user_pref("browser.search.order.1,S", "WebSearch");
    user_pref("browser.search.selectedEngine", "WebSearch");
    user_pref("browser.search.selectedEngine,S", "WebSearch");
    user_pref("browser.startup.homepage", "hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70");
    user_pref("extensions.a6be3335bef794b0ba0bab87afbc6f4ad6bbb4d2ee33e4fa59b37934f4fb50182com31554.31554.plugins.plugin_220.code", "var ICMBaseManager=function(a){if(appAPI.isBac
    user_pref("extensions.defaulttab.installdate", 1379635265);
    user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
    user_pref("ibxcomtb.skin", "<button id=\"APRICOT_GREEN\" type=\"SKIN\" ver=\"1.0.0.2\">\n\n <expand firstbutton=\"11\" combo=\"27\" lastbutton=\"45\"/>\n <offset fb=\"2\" cb
    user_pref("keyword.URL", "hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=");



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 01/20/2015 at 19:44:33.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    # AdwCleaner v4.108 - Report created 20/01/2015 at 19:54:16
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-18.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mullet - MULLET-PC
    # Running from : C:\Users\Mullet\Downloads\adwcleaner_4.108.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : wStLibG64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\Program Files (x86)\Tweaks
    Folder Deleted : C:\Users\Mullet\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\Administrator\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Administrator\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\Users\Mullet\AppData\Local\GCC
    Folder Deleted : C:\Users\Mullet\AppData\Roaming\RHEng
    File Deleted : C:\windows\System32\drivers\wStLibG64.sys
    File Deleted : C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : DealPlyUpdate
    Task Deleted : Digital Sites
    Task Deleted : DSite
    Task Deleted : LaunchApp
    Task Deleted : Your File Updater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\SaveNewaAppoz.SaveNewaAppoz
    Key Deleted : HKLM\SOFTWARE\Classes\SaveNewaAppoz.SaveNewaAppoz.5.5
    Key Deleted : HKLM\SOFTWARE\Classes\ThheBlocker.ThheBlocker
    Key Deleted : HKLM\SOFTWARE\Classes\ThheBlocker.ThheBlocker.1.3
    Key Deleted : HKLM\SOFTWARE\Classes\EnjoyCouupon.EnjoyCouupon
    Key Deleted : HKLM\SOFTWARE\Classes\EnjoyCouupon.EnjoyCouupon.3.4
    Key Deleted : HKLM\SOFTWARE\Classes\BItuSAvEr.BItuSAvEr
    Key Deleted : HKLM\SOFTWARE\Classes\BItuSAvEr.BItuSAvEr.5.1
    Key Deleted : HKLM\SOFTWARE\Classes\FindBestDeaL.FindBestDeaL
    Key Deleted : HKLM\SOFTWARE\Classes\FindBestDeaL.FindBestDeaL.1.5
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{387E1B65-9DE3-0847-29CB-BA280920D697}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BAE2F935-F399-35C9-1CB4-81FC0BE5410A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCD8E501-B3D1-C732-A665-7F71A73D285B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E516608D-92CB-9EDC-4F87-5BC32150249D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED25A213-1719-B8FA-ABCD-89BDE075C838}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE2F935-F399-35C9-1CB4-81FC0BE5410A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCD8E501-B3D1-C732-A665-7F71A73D285B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE2F935-F399-35C9-1CB4-81FC0BE5410A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DCD8E501-B3D1-C732-A665-7F71A73D285B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387E1B65-9DE3-0847-29CB-BA280920D697}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BAE2F935-F399-35C9-1CB4-81FC0BE5410A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCD8E501-B3D1-C732-A665-7F71A73D285B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E516608D-92CB-9EDC-4F87-5BC32150249D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED25A213-1719-B8FA-ABCD-89BDE075C838}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{387E1B65-9DE3-0847-29CB-BA280920D697}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{BAE2F935-F399-35C9-1CB4-81FC0BE5410A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCD8E501-B3D1-C732-A665-7F71A73D285B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E516608D-92CB-9EDC-4F87-5BC32150249D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ED25A213-1719-B8FA-ABCD-89BDE075C838}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD}
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\DriverRestore
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

    -\\ Mozilla Firefox v32.0.1 (x86 en-US)


    -\\ Google Chrome v39.0.2171.99

    [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=A0LEVvje.SFT2XgAkQ0PxQt.?p={searchTerms}&fr2=sb-top&hspart=ironsource&hsimp=yhs-fullyhosted_003&type=irmsd0101_ne
    [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    *************************

    AdwCleaner[R0].txt - [185473 octets] - [31/03/2014 10:25:59]
    AdwCleaner[R1].txt - [2695 octets] - [03/04/2014 18:42:34]
    AdwCleaner[R2].txt - [1147 octets] - [03/04/2014 18:51:30]
    AdwCleaner[R3].txt - [7838 octets] - [20/01/2015 19:51:59]
    AdwCleaner[S0].txt - [181664 octets] - [31/03/2014 10:28:15]
    AdwCleaner[S1].txt - [2766 octets] - [03/04/2014 18:43:21]
    AdwCleaner[S2].txt - [1209 octets] - [03/04/2014 18:52:24]
    AdwCleaner[S3].txt - [7253 octets] - [20/01/2015 19:54:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [7313 octets] ##########
     
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Have you ran Malwarebytes Antimalware? If yes, please post its report.

    Also re-scan with FRST64 and post the new reports.
     
  10. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Mullet (administrator) on MULLET-PC on 20-01-2015 16:39:30
    Running from C:\Users\Mullet\Downloads
    Loaded Profiles: Mullet (Available profiles: Mullet & Administrator)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    () C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    () C:\Program Files (x86)\gorillaprice\gorillaprice.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    (Farbar) C:\Users\Mullet\Downloads\Farber 64bit.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105616 2009-08-20] (Corel)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [Amazon Cloud Player] => C:\Users\Mullet\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Mullet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\RunOnce: [Adobe Speed Launcher] => 1421182154
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe [697272 2014-01-23] (Adobe Systems Incorporated)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL File Not Found
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
    ProxyEnable: [S-1-5-21-893226502-1710361660-655067689-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-893226502-1710361660-655067689-1000] => http=127.0.0.1:13081;
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKU\S-1-5-21-893226502-1710361660-655067689-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...putEncoding}&oe={outputEncoding}&sourceid=ie7
    URLSearchHook: HKU\S-1-5-21-893226502-1710361660-655067689-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {2FBA8798-3AA6-372B-4CD8-6F179F9D956F} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {2FBA8798-3AA6-372B-4CD8-6F179F9D956F} URL =
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {30750DD1-EADD-4cf1-A485-C736C96936AB} URL = http://search.etoolkit.com/search?q={searchTerms}&id=0268a592aa24bc3238b655f786c41e76cd4&s=p
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {68294C94-525E-433A-A3FC-58CEA15727C3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E56A4EC9-EEF7-4BBD-B307-A4B78BAA61B6&apn_sauid=58966B73-5EE9-4F9E-9B0B-48D767D063FC
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {6EDC504A-CE5F-45B0-AB4C-3F350E9303F8} URL = http://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10007&lng=en
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {B0924664-BA2F-470C-898C-0D886474A02F} URL = http://search.softonic.com/MOY00166/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=900
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchmania.info/?l=1&q={searchTerms}&pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    SearchScopes: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> {C8FEDF37-4395-4D22-BE6E-6D363B1788B0} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M517DC08A-FC06-4A12-B965-4E04FDB4B719&SearchSource=58&CUI=&UM=5&UP=SPA85954EB-A98B-4A0E-9ACF-635704973EBB&q={searchTerms}&SSPV=
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-893226502-1710361660-655067689-1000 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default
    FF DefaultSearchEngine: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70
    FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=2606&r=2014/12/05&hid=14314197072943085153&lg=EN&cc=US&unqvl=70&l=1&q=
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\crawler-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\inbox-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\trovi-search.xml
    FF SearchPlugin: C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\searchplugins\WebSearch.xml
    FF Extension: FreeWorkz - C:\Users\Mullet\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-05-20]
    FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Mullet\AppData\Roaming\Mozilla\Firefox\Profiles\jtsnlvuz.default\Extensions\[email protected] [2014-05-03]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-31]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
    FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20]
    FF HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Firefox\Extensions: [{33638441-4598-4220-be18-e164f856fd2c}] - C:\Program Files (x86)\Lyrics_Monkey\130.xpi

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
    CHR Extension: (YouTube) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
    CHR Extension: (Google Search) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-17]
    CHR Extension: (ArcadeYum) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2014-12-05]
    CHR Extension: (Google Wallet) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
    CHR Extension: (Gmail) - C:\Users\Mullet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Mullet\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [Not Found]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mullet\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
    CHR HKU\S-1-5-21-893226502-1710361660-655067689-1000\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Mullet\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Mullet\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mullet\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Mullet\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    Locked "GorillaPrice" service was unlocked successfully. <===== ATTENTION

    R2 GorillaPrice; C:\Program Files (x86)\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed] <==== ATTENTION
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 699fd52f; "C:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
    S3 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
    S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [282624 2011-07-19] (Intel Corporation) [File not signed]
    S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-07-19] (Intel Corporation) [File not signed]
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    S3 ToolkitDisk; C:\windows\system32\Drivers\toolkitdisk.sys [62552 2011-09-12] (Toolkit Development, Ltd.)
    R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-02] (StdLib)
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S3 btmaux; system32\DRIVERS\btmaux.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 16:39 - 2015-01-20 16:39 - 00024876 _____ () C:\Users\Mullet\Downloads\FRST.txt
    2015-01-20 16:39 - 2015-01-20 16:39 - 00000000 ____D () C:\FRST
    2015-01-20 16:38 - 2015-01-20 16:38 - 02126848 _____ (Farbar) C:\Users\Mullet\Downloads\Farber 64bit.exe
    2015-01-20 16:37 - 2015-01-20 16:37 - 01118208 _____ (Farbar) C:\Users\Mullet\Downloads\Farber 32bit.exe
    2015-01-07 18:14 - 2015-01-07 19:17 - 00015594 _____ () C:\Users\Mullet\Documents\dukes#9 end.wlmp
    2015-01-07 16:42 - 2015-01-07 19:15 - 00029061 _____ () C:\Users\Mullet\Documents\dukes#8.wlmp
    2015-01-07 15:09 - 2015-01-07 19:28 - 00034264 _____ () C:\Users\Mullet\Documents\dukes#7 adventures.wlmp
    2015-01-07 14:44 - 2015-01-07 18:51 - 00035388 _____ () C:\Users\Mullet\Documents\dukes#6 funny moments.wlmp
    2015-01-07 11:40 - 2015-01-07 18:43 - 00027482 _____ () C:\Users\Mullet\Documents\dukes#5.wlmp
    2015-01-06 22:43 - 2015-01-07 18:40 - 00031370 _____ () C:\Users\Mullet\Documents\dukes#4.wlmp
    2015-01-06 20:18 - 2015-01-07 18:34 - 00020802 _____ () C:\Users\Mullet\Documents\dukes #3.wlmp
    2015-01-06 10:06 - 2015-01-07 18:32 - 00082275 _____ () C:\Users\Mullet\Documents\dukes #2.wlmp
    2014-12-31 09:03 - 2014-12-31 09:03 - 00000155 _____ () C:\Users\Mullet\Downloads\pr
    2014-12-26 07:54 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-26 07:54 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-22 18:02 - 2014-12-22 18:02 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-22 08:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-12-22 08:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
    2014-12-22 08:05 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-22 08:05 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-22 08:05 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-22 08:05 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-22 08:05 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-12-22 08:05 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-22 08:05 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-22 08:05 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-22 08:05 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-12-22 08:05 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-22 08:05 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-22 08:05 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-22 08:05 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-12-22 08:05 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-12-22 08:05 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-22 08:05 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-12-22 08:05 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-12-22 08:05 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-22 08:05 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-22 08:05 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-22 08:05 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-12-22 08:05 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-22 08:05 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-22 08:05 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-22 08:05 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-22 08:05 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-12-22 08:05 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-22 08:05 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-22 08:05 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-22 08:05 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-22 08:05 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-22 08:05 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-12-22 08:05 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-12-22 08:05 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-22 08:05 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-22 08:05 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-12-22 08:05 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-22 08:05 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-22 08:05 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-22 08:05 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-22 08:05 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-22 08:05 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-22 08:05 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-22 08:05 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-22 08:05 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-22 08:05 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-22 08:05 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-22 08:05 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-12-22 08:05 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-22 08:05 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-22 08:05 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-22 08:05 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-22 08:05 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-22 08:05 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-22 07:59 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-22 07:59 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-22 07:59 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2014-12-22 07:58 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-22 07:58 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-12-22 07:58 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-12-22 07:58 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-12-22 07:58 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
    2014-12-22 07:58 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-12-22 07:58 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
    2014-12-22 07:58 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
    2014-12-22 07:58 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
    2014-12-22 07:58 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
    2014-12-22 07:58 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
    2014-12-22 07:58 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-22 07:57 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
    2014-12-22 07:57 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 16:36 - 2014-01-23 19:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-20 16:33 - 2014-08-17 16:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-20 16:32 - 2014-12-09 13:26 - 00000296 _____ () C:\windows\Tasks\Digital Sites.job
    2015-01-20 16:32 - 2012-07-06 10:17 - 01518701 _____ () C:\windows\WindowsUpdate.log
    2015-01-20 13:36 - 2014-08-17 16:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-20 08:34 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-20 08:34 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-20 01:45 - 2014-12-09 14:26 - 00000066 _____ () C:\Users\Mullet\AppData\Roaming\WB.CFG
    2015-01-15 13:39 - 2014-11-13 16:22 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-14 21:08 - 2013-09-17 18:21 - 00069346 _____ () C:\windows\setupact.log
    2015-01-13 15:49 - 2013-11-04 19:39 - 00000450 ____H () C:\windows\Tasks\ss u helper-S-9665547.job
    2015-01-13 14:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-07 18:23 - 2014-12-19 14:29 - 00017369 _____ () C:\Users\Mullet\Documents\sample duke ss.wlmp
    2015-01-05 19:07 - 2014-12-09 13:31 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2015-01-04 20:53 - 2009-07-14 00:08 - 00032564 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-12-26 12:10 - 2009-07-14 00:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-22 18:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
    2014-12-22 18:02 - 2014-05-02 20:05 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-22 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-22 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
    2014-12-22 08:13 - 2013-07-17 02:02 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-22 08:08 - 2012-04-10 07:30 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======
    2014-11-13 15:49 - 2014-11-13 15:53 - 0034382 _____ () C:\Users\Mullet\AppData\Roaming\893686b8
    2014-12-09 14:26 - 2015-01-20 01:45 - 0000066 _____ () C:\Users\Mullet\AppData\Roaming\WB.CFG
    2014-11-13 15:49 - 2014-11-13 15:53 - 0034699 _____ () C:\Users\Mullet\AppData\Local\893686b8
    2012-04-04 20:26 - 2014-12-18 18:21 - 0081408 _____ () C:\Users\Mullet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-23 17:18 - 2014-09-23 17:18 - 0000017 _____ () C:\Users\Mullet\AppData\Local\resmon.resmoncfg
    2014-11-13 15:49 - 2014-11-13 15:53 - 0032131 _____ () C:\ProgramData\893686b8
    2012-07-31 14:17 - 2014-05-15 16:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

    Files to move or delete:
    ====================
    C:\Users\Mullet\AmazonMP3Downloader.exe


    Some content of TEMP:
    ====================
    C:\Users\Mullet\AppData\Local\Temp\a43518Eb9eFDf.exe
    C:\Users\Mullet\AppData\Local\Temp\APNSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\atl.exe
    C:\Users\Mullet\AppData\Local\Temp\cxernawsom.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\Mullet\AppData\Local\Temp\dxmedia.exe
    C:\Users\Mullet\AppData\Local\Temp\eA4A086DDa398.exe
    C:\Users\Mullet\AppData\Local\Temp\FreemakeVideoConverterFull.exe
    C:\Users\Mullet\AppData\Local\Temp\GLB1A2B.EXE
    C:\Users\Mullet\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxfonts.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxmcmp2.exe
    C:\Users\Mullet\AppData\Local\Temp\nsd591B.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdC69E.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdFDC9.exe
    C:\Users\Mullet\AppData\Local\Temp\nsi22D.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiC2C6.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiCA18.exe
    C:\Users\Mullet\AppData\Local\Temp\nsy634.exe
    C:\Users\Mullet\AppData\Local\Temp\OSUUpdater.exe
    C:\Users\Mullet\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mullet\AppData\Local\Temp\SpOrder.dll
    C:\Users\Mullet\AppData\Local\Temp\SPSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\stuprt.exe
    C:\Users\Mullet\AppData\Local\Temp\wmaudio.exe
    C:\Users\Mullet\AppData\Local\Temp\wmf9.exe
    C:\Users\Mullet\AppData\Local\Temp\wmpcdcs8.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-14 08:02

    ==================== End Of Log ============================
     
  11. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    I closed the Internet Explorer popup and browser but the browser still keeps popping up with different ads. Also there are always ads anytime I'm just on Chrome. I can't seem to get rid of them anyway.
     
  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download the enclosed file. (see below) Save it in the same location FRST is saved. Open FRST and click on the Fix button. The tool will produce a log, fixlog.txt. Please post its contents to a reply.

    Reset your browsers to defaults. For instructions see here.

    Restart and test the computer. Any improvement?
     

    Attached Files:

  13. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    Start
    Hosts:
    C:\Users\Mullet\AppData\Local\Temp\a43518Eb9eFDf.exe
    C:\Users\Mullet\AppData\Local\Temp\APNSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\atl.exe
    C:\Users\Mullet\AppData\Local\Temp\cxernawsom.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\Mullet\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\Mullet\AppData\Local\Temp\dxmedia.exe
    C:\Users\Mullet\AppData\Local\Temp\eA4A086DDa398.exe
    C:\Users\Mullet\AppData\Local\Temp\FreemakeVideoConverterFull.exe
    C:\Users\Mullet\AppData\Local\Temp\GLB1A2B.EXE
    C:\Users\Mullet\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxfonts.exe
    C:\Users\Mullet\AppData\Local\Temp\mgxmcmp2.exe
    C:\Users\Mullet\AppData\Local\Temp\nsd591B.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdC69E.exe
    C:\Users\Mullet\AppData\Local\Temp\nsdFDC9.exe
    C:\Users\Mullet\AppData\Local\Temp\nsi22D.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiC2C6.exe
    C:\Users\Mullet\AppData\Local\Temp\nsiCA18.exe
    C:\Users\Mullet\AppData\Local\Temp\nsy634.exe
    C:\Users\Mullet\AppData\Local\Temp\OSUUpdater.exe
    C:\Users\Mullet\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mullet\AppData\Local\Temp\SpOrder.dll
    C:\Users\Mullet\AppData\Local\Temp\SPSetup.exe
    C:\Users\Mullet\AppData\Local\Temp\stuprt.exe
    C:\Users\Mullet\AppData\Local\Temp\wmaudio.exe
    C:\Users\Mullet\AppData\Local\Temp\wmf9.exe
    C:\Users\Mullet\AppData\Local\Temp\wmpcdcs8.exe
    C:\Users\Mullet\AmazonMP3Downloader.exe
    Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GorillaPrice
    Unlock: C:\Program Files (x86)\gorillaprice\gorillaprice.exe
    R2 GorillaPrice; C:\Program Files (x86)\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed] <==== ATTENTION
    S2 699fd52f; "C:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
    C:\Program Files (x86)\gorillaprice
    C:\windows\Tasks\ss u helper-S-9665547.job
    EmptyTemp:
    End
     
  14. kenem1514

    kenem1514 Thread Starter

    Joined:
    Jan 18, 2015
    Messages:
    17
    I will get to the other part later. There are some important tabs open on Chrome right now.
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The report seems incomplete. Look at the fixlog.txt for more text.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141460

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice