1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Upon entering Windows password, screen goes black and does not load

Discussion in 'Virus & Other Malware Removal' started by jb23, Jan 18, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 4085 Mb
    Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 598268 MB, Free - 444904 MB; D: Total - 12108 MB, Free - 2206 MB;
    Motherboard: MSI, Boston
    Antivirus: Kaspersky Internet Security, Not Updated


    Problem:

    I clicked on an email and opened an attachment from someone I thought I knew, but turned out to be a virus (I assume.) I now cannot get past the log-in screen for windows. Upon entering my password at the log-in screen, the screen simply turns black. I have ran MBAM 2-3 times with no change in performance after removing the located viruses. Any help would be appreciated.
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome. :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Justin (administrator) on JUSTIN-PC on 19-01-2015 20:51:17
    Running from C:\Users\Justin\Downloads
    Loaded Profiles: Justin (Available profiles: Justin & Kaci)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
    HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [Google Update] => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\RunOnce: [Application Restart #3] => C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\MountPoints2: {a9af6a84-a409-11de-ae15-806e6f6e6963} - E:\AT&T_High_Speed_Internet_Service.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-04] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {E5AE975A-DDB2-4086-80FC-E566E6976F24} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {C70A4FFC-0A59-41D5-B476-AAB000E6FF73} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> DefaultScope {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5AF511D0-E2C2-4D2F-BFEB-AA6C5CAD4DAD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: WOT - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-20]
    FF Extension: Ghostery - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\[email protected] [2013-08-02]
    FF Extension: NoScript - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-07]
    FF Extension: Adblock Plus - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-07]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-01-18]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]y.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-25]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-23]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (Google Update) - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
    CHR Extension: (Kaspersky Protection) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-18]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
    CHR Extension: (Motive Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-07-06]
    CHR Extension: (SiteAdvisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-06]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-07-06]
    CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
    CHR Extension: (Anti-Banner) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
    CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-04-03]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-09-25]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
    CHR StartMenuInternet: Google Chrome - C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
    S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
    S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
    S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-16] (Alcatel-Lucent) [File not signed]
    S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S4 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-20] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
    S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
    S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
    S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
    S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
    S4 LMIRfsClientNP; No ImagePath
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-10-22] (CACE Technologies, Inc.)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15208 2009-06-17] (Secunia) [File not signed]
    S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [12584 2010-06-15] (SMART Technologies ULC)
    S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [15784 2010-06-15] (SMART Technologies ULC)
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [18432 2010-06-15] (SMART Technologies ULC) [File not signed]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-19 20:51 - 2015-01-19 20:51 - 00029605 _____ () C:\Users\Justin\Downloads\FRST.txt
    2015-01-19 20:50 - 2015-01-19 20:51 - 00000000 ____D () C:\FRST
    2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
    2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64(1).exe
    2015-01-18 21:40 - 2015-01-18 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-18 21:13 - 2015-01-18 21:13 - 00509440 _____ (Tech Support Guy System) C:\Users\Justin\Downloads\SysInfo.exe
    2015-01-07 17:34 - 2015-01-07 17:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-06 22:05 - 2015-01-06 22:05 - 02428928 _____ () C:\Users\Justin\Downloads\image (16).jpeg
    2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (15).jpeg
    2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (14).jpeg
    2014-12-31 10:09 - 2014-12-31 10:09 - 00000000 ____D () C:\Windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
    2014-12-31 10:07 - 2014-12-31 10:08 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\Justin\Downloads\LeapFrogConnectSetup_TagJunior.exe
    2014-12-30 21:40 - 2014-12-30 21:41 - 03850458 _____ () C:\Users\Justin\Downloads\NewJewelryIsHere_S15_4up

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-19 20:47 - 2013-07-07 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-19 14:27 - 2013-11-20 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-01-19 14:27 - 2010-01-06 16:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
    2015-01-19 14:26 - 2014-09-18 17:48 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kaci.job
    2015-01-19 14:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-19 14:25 - 2009-07-13 23:51 - 00047073 _____ () C:\Windows\setupact.log
    2015-01-14 13:06 - 2009-11-18 03:20 - 01593514 _____ () C:\Windows\PFRO.log
    2015-01-07 17:51 - 2009-09-17 23:18 - 01231715 _____ () C:\Windows\WindowsUpdate.log
    2015-01-07 17:38 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-07 17:38 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-07 17:35 - 2010-01-26 19:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
    2015-01-07 17:31 - 2014-10-22 17:59 - 00000000 ____D () C:\Users\Justin\AppData\Local\NETGEARGenie
    2015-01-07 14:13 - 2013-07-10 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-06 20:47 - 2011-08-21 15:03 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for Justin.job
    2015-01-06 20:28 - 2010-01-06 16:22 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
    2015-01-06 20:17 - 2014-09-18 17:48 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Kaci.job
    2015-01-06 20:17 - 2014-09-18 17:48 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Kaci.job
    2015-01-05 12:54 - 2011-10-31 14:12 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-05 12:54 - 2009-11-02 11:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-04 21:32 - 2014-08-25 18:55 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
    2015-01-04 21:32 - 2014-08-25 18:55 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
    2015-01-04 20:24 - 2012-07-06 14:10 - 00000000 ____D () C:\Users\Justin\Documents\StoryBook Creator Projects
    2014-12-31 10:21 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-31 10:10 - 2010-12-05 23:06 - 00036976 _____ () C:\Windows\DPINST.LOG
    2014-12-31 10:02 - 2009-11-02 11:49 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2014-12-30 12:50 - 2013-12-25 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

    ==================== Files in the root of some directories =======
    2011-05-12 20:33 - 2011-08-22 18:12 - 0001854 _____ () C:\Users\Justin\AppData\Roaming\GhostObjGAFix.xml
    2009-11-01 22:13 - 2009-11-01 22:13 - 2925193 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.0
    2009-11-01 22:13 - 2009-11-01 22:13 - 0846608 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.JPG
    2009-11-01 22:13 - 2009-11-01 22:13 - 3150367 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.0
    2009-11-01 22:13 - 2009-11-01 22:13 - 0903122 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.JPG
    2009-11-11 18:29 - 2009-11-11 18:29 - 2654292 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.0
    2009-11-11 18:29 - 2009-11-11 18:29 - 0554658 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.JPG
    2012-09-08 15:54 - 2012-09-08 15:54 - 0170225 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.0
    2012-09-08 15:54 - 2012-09-08 15:54 - 0173790 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.JPG
    2011-12-22 21:43 - 2011-12-22 21:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-09-15 22:18 - 2010-10-18 22:08 - 0006211 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Justin\AppData\Local\Temp\autorun.dll
    C:\Users\Justin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Justin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Justin\AppData\Local\Temp\ose00000.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-5.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-6.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-7.exe
    C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\Kaci\AppData\Local\Temp\GUR1C78.exe
    C:\Users\Kaci\AppData\Local\Temp\luajava-1.1.dll
    C:\Users\Kaci\AppData\Local\Temp\Shockwave_Installer_FF.exe
    C:\Users\Kaci\AppData\Local\Temp\sp64126.exe
    C:\Users\Kaci\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 19:49

    ==================== End Of Log ============================
     
  4. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by Justin at 2015-01-19 20:52:31
    Running from C:\Users\Justin\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
    CM-Uploader (HKLM\...\{7DEDB721-D107-4282-8C7E-B1B29CA63605}) (Version: 2.0.4601 - Creative Memories)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    ConvertXtoDVD 4.0.12.327 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
    Creative Memories StoryBook Creator Plus 3 (HKLM-x32\...\{95ED1AC3-DF2A-4719-B029-909C0875CD8F}) (Version: 3.0 - Caspedia Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
    Font Management System (HKLM-x32\...\Font Management System4.2.0.0) (Version: 4.2.0.0 - Summitsoft Corporation)
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
    House of Cards (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 6.0.12230.783 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
    HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
    iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.220 - Sun Microsystems, Inc.)
    JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
    LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
    LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
    LeapFrog LeapReader Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
    LeapFrog Tag Junior Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
    LightScribe Applications (HKLM-x32\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
    Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
    Pizza Chef (x32 Version: 2.2.0.87 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Secunia PSI (HKLM-x32\...\Secunia PSI) (Version: - )
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    StoryBook Creator 4.0 (HKLM\...\{EC445D66-B081-474E-948C-52E1EC48A414}) (Version: 4.0.5045 - Panstoria, Inc.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)
    VMware View Client (HKLM\...\{6248C52A-5236-4C07-9BD5-393C40A42316}) (Version: 5.2.1.937772 - VMware, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    29-11-2014 19:57:25 Scheduled Checkpoint
    07-12-2014 17:54:09 Scheduled Checkpoint
    14-12-2014 03:01:07 Windows Update
    18-12-2014 03:00:34 Windows Update
    25-12-2014 12:59:18 Scheduled Checkpoint
    04-01-2015 19:55:52 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2013-06-28 20:44 - 00449886 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05454A8F-AE55-4F9E-A7A3-C7ECB8B02942} - System32\Tasks\{4A117842-9C3D-4228-9804-302FE92B2FED} => pcalua.exe -a C:\Users\Justin\Downloads\HijackThis.exe -d C:\Users\Justin\Downloads
    Task: {05DB04E9-C9F1-4E77-ABED-51BFC7E6CBBE} - System32\Tasks\HPCeeScheduleForJustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {12705675-3AA5-455B-865D-2AD47D07D9BD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
    Task: {1388247F-30EF-472F-95C8-7CCD70AA17AF} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
    Task: {17A39DE8-BC77-4AF9-BD7E-682676EF554B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
    Task: {19DF2FE1-DDE1-402C-BFE5-F877B53EA675} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {22F59F80-60AC-4CA5-A926-831C66334E6E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {248C777B-56EA-4EC2-AABD-478CDC306EFE} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
    Task: {3021B6E9-3D02-425F-92B9-0D31153FDEA6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
    Task: {34DEEE6E-D4A4-47E4-8338-167795161D1D} - System32\Tasks\Norton Security Scan for Justin => C:\PROGRA~2\NORTON~2\Engine\351~1.6\Nss.exe
    Task: {3A0A1EC4-9F63-430D-8766-A894FC89EC16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {515A816A-A5A3-45DB-B50C-8A25201B781B} - System32\Tasks\{6B08924F-42FC-42E7-9048-22AA3465324F} => pcalua.exe -a "C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZR0OJXB\install_flash_player[2].exe" -d C:\Windows\system32
    Task: {5189A621-2144-470B-AB2A-05AA429F4439} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {682D899D-EDDF-464C-8561-14854B0F8902} - System32\Tasks\RNUpgradeHelperLogonPrompt_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: {7C140AA2-1F0B-4750-BEE8-7E0123BEBCBA} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files (x86)\Secunia\PSI\psi.exe [2009-08-21] (Secunia)
    Task: {8310C05C-24FD-4859-9D2E-155F50F2EF37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {95471D0B-D923-4B1F-8479-55C06B54F8B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
    Task: {9A39E4FC-29BB-4F15-B41A-FAE0358368CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3521969671-2636067396-303416300-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
    Task: {9DD235BF-C5EE-4972-80CC-9C86EEC1A8D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {A02497C3-90D2-4504-B493-7843AB685EAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {A46AE414-CF52-4A35-9990-8F7DCBD49BE8} - System32\Tasks\RNUpgradeHelperResumePrompt_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: {A83B65EE-AFAF-4774-B612-C7B54786A731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {B3080600-AB65-44E3-B630-31F97842651C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {B73EC4B2-48FC-4BF2-9226-78AA24C85214} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {CEB1BB0E-90D8-4F32-B397-738EB960F8E4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3521969671-2636067396-303416300-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
    Task: {CED110A7-156E-4064-82E2-2E7E02C61AEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3521969671-2636067396-303416300-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
    Task: {D2DFBFC1-F18E-41C2-B3BB-5930017902E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1764B1M0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {E4AADEF2-8D0A-4920-9C41-9290630C8FF6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3521969671-2636067396-303416300-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
    Task: {EC78868C-357F-46A4-B4FF-F84C25D636BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {EF2AE458-8300-4A5C-B3EB-6ABDDEAAEBB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F5FE6851-E913-4D51-88B7-619295714E94} - System32\Tasks\ReclaimerUpdateXML_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: {FDBC82E0-24B0-4225-8657-5EAF1A59EF4B} - System32\Tasks\ReclaimerUpdateFiles_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core.job => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Norton Security Scan for Justin.job => C:\PROGRA~2\NORTON~2\Engine\351~1.6\Nss.exe
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
    Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: C:\Windows\Tasks\ReclaimerUpdateXML_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-01-18 21:40 - 2015-01-18 21:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Justin\Downloads\Collection Verbiage.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Justin\Downloads\Diva Dollar Show.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42803227.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87485735.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42803227.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87485735.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3521969671-2636067396-303416300-500 - Administrator - Disabled)
    Guest (S-1-5-21-3521969671-2636067396-303416300-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3521969671-2636067396-303416300-1007 - Limited - Enabled)
    Justin (S-1-5-21-3521969671-2636067396-303416300-1000 - Administrator - Enabled) => C:\Users\Justin
    Kaci (S-1-5-21-3521969671-2636067396-303416300-1001 - Administrator - Enabled) => C:\Users\Kaci

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/19/2015 01:48:35 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/19 13:48:31 -0500 JUSTIN-PC Kaci MESSAGE IP Protection stopped successfully

    Error: (01/19/2015 01:48:31 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/19 13:48:28 -0500 JUSTIN-PC Kaci MESSAGE Stopping IP protection

    Error: (01/18/2015 10:57:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (01/13/2015 10:14:23 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:20 -0500 JUSTIN-PC (null) MESSAGE IP Protection stopped successfully

    Error: (01/13/2015 10:14:19 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:16 -0500 JUSTIN-PC (null) MESSAGE Stopping IP protection

    Error: (01/13/2015 10:14:16 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:13 -0500 JUSTIN-PC (null) MESSAGE Starting database refresh

    Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

    Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.

    Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

    Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.


    System errors:
    =============
    Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (01/19/2015 08:47:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (01/19/2015 01:48:35 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/19 13:48:31 -0500 JUSTIN-PC Kaci MESSAGE IP Protection stopped successfully

    Error: (01/19/2015 01:48:31 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/19 13:48:28 -0500 JUSTIN-PC Kaci MESSAGE Stopping IP protection

    Error: (01/18/2015 10:57:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description:
    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.

    Error: (01/13/2015 10:14:23 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:20 -0500 JUSTIN-PC (null) MESSAGE IP Protection stopped successfully

    Error: (01/13/2015 10:14:19 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:16 -0500 JUSTIN-PC (null) MESSAGE Stopping IP protection

    Error: (01/13/2015 10:14:16 PM) (Source: MBAMService) (EventID: 1) (User: )
    Description: MBAMService2015/01/13 22:14:13 -0500 JUSTIN-PC (null) MESSAGE Starting database refresh

    Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

    Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.

    Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

    Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-18 19:31:16.289
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-18 19:31:16.289
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-18 19:31:16.289
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-18 19:15:06.966
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-18 19:15:06.950
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-18 19:15:06.950
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-14 16:04:31.975
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-14 16:04:31.959
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-14 16:04:31.959
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-14 15:44:33.393
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
    Percentage of memory in use: 25%
    Total physical RAM: 4085.18 MB
    Available physical RAM: 3039.28 MB
    Total Pagefile: 8168.54 MB
    Available Pagefile: 7190.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:584.25 GB) (Free:434.34 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Install_Wizard) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=584.2 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Users shortcut scan result (x64) Version: 19-01-2015
    Ran by Justin at 2015-01-19 20:53:54
    Running from C:\Users\Justin\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)



    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk -> C:\Program Files (x86)\Adobe\Acrobat_com\Acrobat_com.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk -> C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\ConvertXtoDVD 4.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe (VSO Software SARL)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\l glp license.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\lgpl-2.1.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\Uninstall ConvertXToDVD.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware View Client.lnk -> C:\Program Files\VMware\VMware View\Client\bin\wswc.exe (VMware, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Regulatory and Safety Information.lnk -> C:\hp\documentation\Regulatory_EN.xps ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety & Comfort Guide.lnk -> C:\hp\documentation\SCG_en-US.xps ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\hp\documentation\usglgt_EN.xps ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Check for Updates Online.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FMSUpdate.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Font Management System Help File.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystemM.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Font Management System.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystem.exe (Summitsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Product Showcase.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\Summitsoft Products.exe (Macromedia, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Register Online....lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FRegister.exe (Summitsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken Online Backup.lnk -> C:\Program Files (x86)\Quicken\QuickenOLBackupLauncher.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk -> C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe (PC-Doctor, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP support information.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Information\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Juno Dial-up.lnk -> C:\Program Files (x86)\JunoPreloader\Juno Offer!.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\MSN.lnk -> C:\Program Files (x86)\Online Services\MSN90\msnsusii.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero Dial-up.lnk -> C:\Program Files (x86)\NetZeroPreloader\NetZero Offer!.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Norton Security Scan.lnk -> C:\Program Files (x86)\Norton Security Scan\Engine\3.5.1.6\Nss.exe (Symantec Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Uninstall Norton Security Scan.lnk -> C:\Program Files (x86)\Norton Security Scan\Engine\3.5.1.6\InstWrap.exe (Symantec Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\uninst.exe (LeapFrog Enterprises, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\End User License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\en\license.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security Help.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\en\kis\context.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Visit Kaspersky Lab on the Web.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kl.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MediaSmart Demo\HP MediaSmart Demo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart Demo\Project Files\HP MediaSmart Demo.exe (HP)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\hp\HP Software Update\hpwucli.exe (Hewlett-Packard)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart DVD.lnk -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Help.lnk -> C:\Program Files (x86)\hp\HP Deskjet 3050A J611 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Scan.lnk -> C:\Program Files (x86)\hp\HP Deskjet 3050A J611 series\bin\HPScan.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\ProductSupportShortcut.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\WirelessEasyShortcut.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\AdvisorVideo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\AdvisorVideo\Doc.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\WebUpdater.lnk -> C:\Program Files (x86)\Garmin\WebUpdater\WebUpdater.exe (GARMIN Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\FileASSASSIN.lnk -> C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\Uninstall.lnk -> C:\Program Files (x86)\FileASSASSIN\uninst.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\Storybook Creator 4\Storybook Creator 4.lnk -> C:\Program Files\Creative Memories\StoryBook Creator 4.0\StorybookCreator4.exe (Creative Memories)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\Storybook Creator 3.0.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.exe (Caspedia Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\Storybook Creator Help.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\User's Guide.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\UserGuide.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\ProgramData\Hewlett-Packard\Netzero\launchnz.lnk -> C:\Program Files (x86)\NetZeroPreloader\NetZero Offer!.exe ()
    Shortcut: C:\ProgramData\Hewlett-Packard\msn\launchmsn.lnk -> C:\Program Files (x86)\Online Services\MSN90\msnsusii.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Hewlett-Packard\Juno\launchjuno.lnk -> C:\Program Files (x86)\JunoPreloader\Juno Offer!.exe ()
    Shortcut: C:\ProgramData\Hewlett-Packard\HP Advisor\HP Advisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\Links\Desktop.lnk -> C:\Users\Justin\Desktop ()
    Shortcut: C:\Users\Justin\Links\Downloads.lnk -> C:\Users\Justin\Downloads ()
    Shortcut: C:\Users\Justin\Desktop\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
    Shortcut: C:\Users\Justin\Desktop\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060529 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060529.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060566 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060566.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060569 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060569.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060570 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060570.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060571 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060571.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\updated\P1060573 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060573.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2560 - Shortcut.lnk -> G:\2014 - April\IMG_2560.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2624 - Shortcut.lnk -> G:\2014 - April\IMG_2624.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2651 - Shortcut.lnk -> G:\2014 - April\IMG_2651.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050867 - Shortcut.lnk -> G:\2014 - April\P1050867.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050888 - Shortcut.lnk -> G:\2014 - April\P1050888.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050889 - Shortcut.lnk -> G:\2014 - April\P1050889.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050899 - Shortcut.lnk -> G:\2014 - April\P1050899.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050902 - Shortcut.lnk -> G:\2014 - April\P1050902.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050908 - Copy - Shortcut.lnk -> G:\2014 - April\P1050908 - Copy.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050913 - Shortcut.lnk -> G:\2014 - April\P1050913.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050915 - Shortcut.lnk -> G:\2014 - April\P1050915.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050920 - Shortcut.lnk -> G:\2014 - April\P1050920.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050956 - Shortcut.lnk -> G:\2014 - April\P1050956.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050957 - Shortcut.lnk -> G:\2014 - April\P1050957.JPG (No File)
    Shortcut: C:\Users\Justin\Desktop\Shutter\P1050973 - Shortcut.lnk -> G:\2014 - April\P1050973.JPG (No File)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk -> C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\Links\Desktop.lnk -> C:\Users\Justin\Desktop ()
    Shortcut: C:\Users\Kaci\Links\Downloads.lnk -> C:\Users\Justin\Downloads ()
    Shortcut: C:\Users\Kaci\Desktop\ConvertXtoDVD 4.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe (VSO Software SARL)
    Shortcut: C:\Users\Kaci\Desktop\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Kaci\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
    Shortcut: C:\Users\Kaci\Desktop\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
    Shortcut: C:\Users\Kaci\Desktop\Home\Inspection Response - Shortcut.lnk -> C:\Users\Kaci\Documents\Inspection Response.pdf ()
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\Public\Desktop\FileASSASSIN.lnk -> C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)
    Shortcut: C:\Users\Public\Desktop\Font Management System.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystem.exe (Summitsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\ePrintCenterShortcut.url ()
    Shortcut: C:\Users\Public\Desktop\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
    Shortcut: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
    Shortcut: C:\Users\Public\Desktop\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
    Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Public\Desktop\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
    Shortcut: C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
    Shortcut: C:\Users\Public\Desktop\Storybook Creator 3.0.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.exe (Caspedia Corporation)
    Shortcut: C:\Users\Public\Desktop\Storybook Creator 4.lnk -> C:\Program Files\Creative Memories\StoryBook Creator 4.0\StorybookCreator4.exe (Creative Memories)
    Shortcut: C:\Users\Public\Desktop\VMware View Client.lnk -> C:\Program Files\VMware\VMware View\Client\bin\wswc.exe (VMware, Inc.)


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=quickenfc&pf=cndt&locale=en_us&bd=pavilion&c=94
    ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Real\RealPlayer\History\http---www.real.com-realplayer-startup.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.real.com/realplayer/startup


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\Drivers\Remove Driver (Compatibility Mode).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /remove /removeatip "Run compatibility mode for burning... Please reboot aftwerwards!"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Uninstall Font Management System.lnk -> C:\Windows\Font Management System\uninstall.exe () -> "/U:C:\Program Files (x86)\Summitsoft\Font Management System\Uninstall\uninstall.xml"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) -> -det
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Sound Troubleshooter.lnk -> C:\Program Files\PC-Doctor for Windows\troubleshooter\RunTroubleshooter.exe () -> audio
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=GETONLINE
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe () -> /design
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Remove Kaspersky Internet Security.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /src startmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x0900
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {1B77E249-B8D5-4E5E-8848-693ACEF84E6D}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Update IP Address.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard\HP Setup.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> DESKTOP
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\House of Cards.lnk -> C:\Program Files (x86)\HP Games\House of Cards\House of Cards Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dca1986f-ee34-41f3-a1d0-41885134c622}\PlayTasks\0\House of Cards.lnk -> C:\Program Files (x86)\HP Games\House of Cards\House of Cards Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{db99c2dc-ace4-4f72-aea0-be38b40c0540}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d8201099-7318-4611-910a-78b4e5a8bcbd}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d63c8f23-b235-41a1-999d-c7d8ea1a7c80}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d5396f9a-d968-4717-a850-6e1fb9eebb00}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d4db71bf-5157-4a48-ae2d-0f87a09662f8}\PlayTasks\0\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d1ca6a92-4cb1-4fc3-855f-abcf7338c07f}\PlayTasks\0\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c4214208-dae1-4741-81f3-a33e5789871d}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c1d16e94-defe-4995-ac31-0c3605c3bd6a}\PlayTasks\0\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b2a0720f-164e-4de1-ba1e-9f9ef1af828f}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b03b05fa-e678-49c4-8911-14bb1ffb93a4}\PlayTasks\0\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{aacdcf98-5492-455c-860e-81f724b5d1c8}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{95dd4657-16e4-4196-af57-4b232798c304}\PlayTasks\0\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{92cf6136-d411-4c68-90a2-d5cd990b28df}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8d5e214b-2900-42fb-9c52-4e969eaf0724}\PlayTasks\0\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{818653a5-8b98-4557-9b27-c5b8ddb2e5bf}\PlayTasks\0\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{76d22521-9769-45ec-96be-443fba84dfe3}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ecf0829-012e-4d51-942e-0db591aa7769}\PlayTasks\0\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{594df207-8e5f-4fbe-b9b3-192e148488e7}\PlayTasks\0\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{51941625-bded-4dcd-bea7-a123606ce41c}\PlayTasks\0\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4d9b912b-2ccd-47a4-be64-0457d0223236}\PlayTasks\0\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3d575eb6-89ab-4fad-8221-5cba8974c31d}\PlayTasks\0\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{39937aab-1cce-4767-8ab7-7fc855bf0068}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2faf760b-5d2c-4ae8-a546-8b5b9621e8cb}\PlayTasks\0\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2e90e3c5-229c-4672-93aa-f0d111356749}\PlayTasks\0\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2d41118d-a406-44a4-af44-1ac89665bde6}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2d1d6a5e-af2b-4e7d-9da2-b7447e942fe5}\PlayTasks\0\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2a8d90cf-9553-41e5-876f-2bdb163c1757}\PlayTasks\0\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1c5d3cd4-c3b4-49de-924b-b81e80af47f1}\PlayTasks\0\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1a097108-4d65-46f0-b3d3-12c91ea56fdd}\PlayTasks\0\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{11d01edd-046f-4922-8502-8eefb0480bc8}\PlayTasks\0\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\SDP\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=REGISTRATION
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=GETONLINE
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Justin\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) -> -safebanking
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
    ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{5ecf0829-012e-4d51-942e-0db591aa7769}\PlayTasks\0\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
    ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{2a8d90cf-9553-41e5-876f-2bdb163c1757}\PlayTasks\0\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{11d01edd-046f-4922-8502-8eefb0480bc8}\PlayTasks\0\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Kaci\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) -> -safebanking
    ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP ePrint\Uninstall Product Software.lnk -> C:\Program Files (x86)\hp\csiInstaller\2794875B-6CCF-48B8-84A5-5B10DB98BEE6\Setup.exe (Hewlett-Packard) -> /Uninstall
    ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
    ShortcutWithArgument: C:\Users\Public\Desktop\Play HP Games.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
    ShortcutWithArgument: C:\Users\Public\Desktop\RealPlayer.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop


    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\ProgramData\Intuit\Quicken\Sku\RPM\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
    InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Premier\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
    InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Hab\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
    InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Deluxe\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
    InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\Encore.url -> https://asp.spectrumk12.com/IN/WCJS/Encore/EncoreCBLWebUI/Login.aspx
    InternetURL: C:\Users\Justin\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
    InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
    InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
    InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
    InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
    InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\Justin\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Justin\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Justin\Favorites\Links\AOL.com - News, Sports, Weather, Entertainment, Stocks & Local.url -> hxxp://hp-desktop.aol.com/
    InternetURL: C:\Users\Justin\Favorites\Links\HP - See What's Hot.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=webslice&tp=iefavbar&pf=cndt&locale=en_us&bd=pavilion&c=94
    InternetURL: C:\Users\Justin\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Justin\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Justin\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Justin\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\Spectrum K12 School Solutions - Login.url -> https://asp.spectrumk12.com/IN/WCJS/Encore/EncoreCBLWebUI/Login.aspx
    InternetURL: C:\Users\Kaci\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
    InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
    InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
    InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
    InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
    InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\Kaci\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Kaci\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Kaci\Favorites\Links\HP - See What's Hot.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=webslice&tp=iefavbar&pf=cndt&locale=en_us&bd=pavilion&c=94
    InternetURL: C:\Users\Kaci\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Kaci\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Kaci\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
    InternetURL: C:\Users\Kaci\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94

    ==================== End of log =============================
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    At the black screen, press Ctrl+Alt+Delete. Bring the task manager and run Explorer.exe as a new task. Does it bring the user graphic interface?

    Download the enclosed file. (see below) Save it in the same location FRST is saved. Launch FRST and click on the Fix button. The tool will produce a log, fixlog.txt. Please post it in your next reply.
     

    Attached Files:

  7. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by Justin at 2015-01-20 20:28:21 Run:1
    Running from C:\Users\Justin\Downloads
    Loaded Profiles: Justin (Available profiles: Justin & Kaci)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    Content of fixlist:
    *****************
    start
    HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
    HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
    HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE [x]
    AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll [2260480 2009-03-05] ()
    AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll [2260480 2009-03-05] ()
    SearchScopes: HKLM - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    2013-06-06 16:21 - 2013-06-06 16:21 - 00017319 ____H C:\Users\Kaci\Downloads\~WRL0005.tmp
    C:\Users\Kaci\Downloads\~WRL0005.tmp
    end
    *****************

    HKU\HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
    HKU\HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE [x] => Value not found.
    "AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll [2260480 2009-03-05] ()" => Value Data not found.
    "AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll [2260480 2009-03-05] ()" => Value Data not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
    \\SearchScopes: HKCU - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File => Key not found.
    HKCR\Wow6432Node\CLSID\BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File => Key not found.
    \\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value not found.
    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
    \\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value not found.
    HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
    "C:\Users\Kaci\Downloads\~WRL0005.tmp" => File/Directory not found.
    "C:\Users\Kaci\Downloads\~WRL0005.tmp" => File/Directory not found.

    ==== End of Fixlog 20:28:22 ====
     
  8. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    In regards to your last question "At the black screen, press Ctrl+Alt+Delete. Bring the task manager and run Explorer.exe as a new task. Does it bring the user graphic interface?", do you mean to restart the computer and log on normally without going through safe mode? If so, what do you mean by bringing the user graphic interface?
     
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Yes. In normal mode, at the black screen, try this hint. When Explorer.exe is ran, the Graphic Interface should engaged, meaning, your desktop and icons should appear.
     
  10. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    When I hit Ctrl+Alt+Del, it shoes Explorer.exe as a process already running.
    The desktop came up, yet no icons. For what it's worth,this process of getting to the desktop seemed very slow.
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I don't see any shortcuts under justin. Lets try Combofix.

    Please download ComboFix from Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    -----------------------------------------------------------​
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------​
    4. Close any open browsers.
    5. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    6. Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    7. If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      • Double click on combofix.exe & follow the prompts.
      • Install the Recovery Console if prompted.
      • When finished, it will produce a report for you.
      • Please post the "C:\ComboFix.txt" .
      • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  12. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    ComboFix 15-01-18.01 - Justin 01/21/2015 18:28:50.1.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.3349 [GMT -5:00]
    Running from: c:\users\Justin\Downloads\ComboFix.exe
    AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
    SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\6D59.tmp
    c:\users\Justin\AppData\Roaming\.#
    c:\users\Kaci\AppData\Roaming\inst.exe
    c:\users\Kaci\AppData\Roaming\vso_ts_preview.xml
    c:\users\Kaci\Documents\C5B8658E.tmp
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\wpcap.dll
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    -------\Service_pcCMService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-21 to 2015-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-20 01:50 . 2015-01-21 01:28 -------- d-----w- C:\FRST
    2014-12-31 15:09 . 2014-12-31 15:09 -------- d-----w- c:\windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-07 16:02 . 2014-07-22 01:38 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-12-14 08:06 . 2009-11-03 01:58 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-12-14 00:13 . 2013-07-10 17:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-14 00:13 . 2013-07-10 17:26 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-13 05:09 . 2014-12-17 20:29 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-13 03:33 . 2014-12-17 20:29 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-04 02:50 . 2014-12-13 23:59 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-04 02:50 . 2014-12-13 23:59 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-04 02:50 . 2014-12-13 23:59 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-04 02:50 . 2014-12-13 23:59 830976 ----a-w- c:\windows\system32\appraiser.dll
    2014-12-04 02:50 . 2014-12-13 23:59 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-04 02:50 . 2014-12-13 23:59 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-04 02:44 . 2014-12-13 23:59 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-01 23:28 . 2014-12-13 23:59 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-11-27 01:43 . 2014-12-13 23:59 389296 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-22 03:13 . 2014-12-13 23:59 25059840 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-22 03:06 . 2014-12-13 23:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-22 03:06 . 2014-12-13 23:59 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-22 02:50 . 2014-12-13 23:59 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-22 02:50 . 2014-12-13 23:59 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-22 02:49 . 2014-12-13 23:59 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-22 02:49 . 2014-12-13 23:59 2885120 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-22 02:48 . 2014-12-13 23:59 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-22 02:41 . 2014-12-13 23:59 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-22 02:40 . 2014-12-13 23:59 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-22 02:37 . 2014-12-13 23:59 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-22 02:35 . 2014-12-13 23:59 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-22 02:34 . 2014-12-13 23:59 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-22 02:34 . 2014-12-13 23:59 6039552 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-22 02:26 . 2014-12-13 23:59 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-22 02:22 . 2014-12-13 23:59 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-22 02:20 . 2014-12-13 23:59 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-22 02:14 . 2014-12-13 23:59 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 02:09 . 2014-12-13 23:59 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-22 02:08 . 2014-12-13 23:59 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-22 02:07 . 2014-12-13 23:59 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-22 02:07 . 2014-12-13 23:59 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-22 02:06 . 2014-12-13 23:59 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05 . 2014-12-13 23:59 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-22 02:05 . 2014-12-13 23:59 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-22 01:54 . 2014-12-13 23:59 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-22 01:49 . 2014-12-13 23:59 718848 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-22 01:49 . 2014-12-13 23:59 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-22 01:47 . 2014-12-13 23:59 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-22 01:46 . 2014-12-13 23:59 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-22 01:43 . 2014-12-13 23:59 14412800 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-22 01:40 . 2014-12-13 23:59 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29 . 2014-12-13 23:59 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-22 01:28 . 2014-12-13 23:59 2358272 ----a-w- c:\windows\system32\wininet.dll
    2014-11-22 01:22 . 2014-12-13 23:59 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21 . 2014-12-13 23:59 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:15 . 2014-12-13 23:59 1548288 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-22 01:03 . 2014-12-13 23:59 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-22 01:00 . 2014-12-13 23:59 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-11 03:09 . 2014-12-13 23:59 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-11 03:08 . 2014-11-21 22:55 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-21 22:55 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-12-13 23:59 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44 . 2014-11-21 22:55 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-21 22:55 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-11 01:46 . 2014-12-13 23:59 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    2014-11-08 03:16 . 2014-12-13 23:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-11-08 02:45 . 2014-12-13 23:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-10-30 02:03 . 2014-12-13 23:55 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-10-30 01:45 . 2014-12-13 23:55 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-10-25 01:57 . 2014-11-13 04:27 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-13 04:27 67584 ----a-w- c:\windows\SysWow64\packager.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
    "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-06-11 596480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-03 296056]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2014-07-11 118272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
    R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
    R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
    R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    R4 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]
    R4 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NPF
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10 00:13]
    .
    2015-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
    - c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 07:03]
    .
    2015-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
    - c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 07:03]
    .
    2014-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core.job
    - c:\users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 19:29]
    .
    2015-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
    - c:\users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 19:29]
    .
    2015-01-05 c:\windows\Tasks\HPCeeScheduleForJustin.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
    .
    2014-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKCU-Run-WinPatrol - c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    SafeBoot-42803227.sys
    SafeBoot-87485735.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
    AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Secunia\PSI\psi.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2015-01-21 18:45:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-01-21 23:45
    .
    Pre-Run: 466,629,562,368 bytes free
    Post-Run: 467,144,278,016 bytes free
    .
    - - End Of File - - 890470CBC299A78DAEA4F9D2499F3338
    D8A52EE1AA79BECDEFE158CAD368052E
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Still unable to load in Normal Mode?

    Please rescan with FRST and post its reports.
     
  14. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    It did load this last time after the automatic restart from Combofix.
     
  15. jb23

    jb23 Thread Starter

    Joined:
    Jun 28, 2013
    Messages:
    27
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Justin (administrator) on JUSTIN-PC on 21-01-2015 20:28:43
    Running from C:\Users\Justin\Downloads
    Loaded Profiles: Justin (Available profiles: Justin & Kaci)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
    HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {E5AE975A-DDB2-4086-80FC-E566E6976F24} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {C70A4FFC-0A59-41D5-B476-AAB000E6FF73} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> DefaultScope {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5AF511D0-E2C2-4D2F-BFEB-AA6C5CAD4DAD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: WOT - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-20]
    FF Extension: Ghostery - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\[email protected] [2013-08-02]
    FF Extension: NoScript - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-07]
    FF Extension: Adblock Plus - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-07]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-01-19]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-25]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-23]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1087;&#1077;&#1088;&#1077;&#1074;&#1110;&#1088;&#1082;&#1080; &#1087;&#1086;&#1089;&#1080;&#1083;&#1072;&#1085;&#1100; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1042;&#1110;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1072; &#1082;&#1083;&#1072;&#1074;&#1110;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1073;&#1083;&#1086;&#1082;&#1091;&#1074;&#1072;&#1085;&#1085;&#1103; &#1085;&#1077;&#1073;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1080;&#1093; &#1074;&#1077;&#1073;-&#1089;&#1072;&#1081;&#1090;&#1110;&#1074; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Ch&#7863;n qu&#7843;ng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1041;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1110; &#1087;&#1083;&#1072;&#1090;&#1077;&#1078;&#1110; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (Google Update) - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
    CHR Extension: (Kaspersky Protection) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-18]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
    CHR Extension: (Motive Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-07-06]
    CHR Extension: (SiteAdvisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-06]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-07-06]
    CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
    CHR Extension: (Anti-Banner) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
    CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-04-03]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-09-25]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
    CHR StartMenuInternet: Google Chrome - C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
    S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S4 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-20] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
    S4 LMIRfsClientNP; No ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15208 2009-06-17] (Secunia) [File not signed]
    S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [12584 2010-06-15] (SMART Technologies ULC)
    S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [15784 2010-06-15] (SMART Technologies ULC)
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [18432 2010-06-15] (SMART Technologies ULC) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 18:45 - 2015-01-21 18:45 - 00024884 _____ () C:\ComboFix.txt
    2015-01-21 18:26 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-01-21 18:26 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-01-21 18:26 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-01-21 18:26 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-01-21 18:26 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-01-21 18:26 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-01-21 18:26 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-01-21 18:26 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-01-21 18:21 - 2015-01-21 18:45 - 00000000 ____D () C:\Qoobox
    2015-01-21 18:21 - 2015-01-21 18:42 - 00000000 ____D () C:\Windows\erdnt
    2015-01-21 18:20 - 2015-01-21 18:20 - 00001434 _____ () C:\Users\Justin\Desktop\ComboFix - Shortcut.lnk
    2015-01-21 18:18 - 2015-01-21 18:18 - 05608785 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
    2015-01-21 18:12 - 2015-01-21 18:12 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
    2015-01-20 20:33 - 2015-01-20 20:33 - 00001414 _____ () C:\Users\Justin\Desktop\FRST64 - Shortcut.lnk
    2015-01-19 21:58 - 2015-01-19 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-19 20:53 - 2015-01-19 20:53 - 00096627 _____ () C:\Users\Justin\Downloads\Shortcut.txt
    2015-01-19 20:51 - 2015-01-21 20:29 - 00029893 _____ () C:\Users\Justin\Downloads\FRST.txt
    2015-01-19 20:50 - 2015-01-21 20:28 - 00000000 ____D () C:\FRST
    2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
    2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64(1).exe
    2015-01-18 21:13 - 2015-01-18 21:13 - 00509440 _____ (Tech Support Guy System) C:\Users\Justin\Downloads\SysInfo.exe
    2015-01-07 17:34 - 2015-01-07 17:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-06 22:05 - 2015-01-06 22:05 - 02428928 _____ () C:\Users\Justin\Downloads\image (16).jpeg
    2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (15).jpeg
    2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (14).jpeg
    2014-12-31 10:09 - 2014-12-31 10:09 - 00000000 ____D () C:\Windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
    2014-12-31 10:07 - 2014-12-31 10:08 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\Justin\Downloads\LeapFrogConnectSetup_TagJunior.exe
    2014-12-30 21:40 - 2014-12-30 21:41 - 03850458 _____ () C:\Users\Justin\Downloads\NewJewelryIsHere_S15_4up

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 20:27 - 2010-01-06 16:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
    2015-01-21 20:13 - 2013-07-10 12:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-21 20:13 - 2013-07-10 12:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-21 20:13 - 2013-07-10 12:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-21 20:13 - 2013-07-10 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-21 19:50 - 2009-09-17 23:18 - 01330085 _____ () C:\Windows\WindowsUpdate.log
    2015-01-21 19:35 - 2010-01-26 19:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
    2015-01-21 18:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 18:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 18:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2015-01-21 18:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2015-01-21 18:37 - 2013-11-20 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-01-21 18:36 - 2009-11-18 03:20 - 01594468 _____ () C:\Windows\PFRO.log
    2015-01-21 18:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-21 18:36 - 2009-07-13 23:51 - 00047185 _____ () C:\Windows\setupact.log
    2015-01-21 18:34 - 2009-07-13 21:34 - 20447232 _____ () C:\Windows\system32\config\system.bak
    2015-01-21 18:34 - 2009-07-13 21:34 - 100925440 _____ () C:\Windows\system32\config\software.bak
    2015-01-21 18:34 - 2009-07-13 21:34 - 05767168 _____ () C:\Windows\system32\config\default.bak
    2015-01-21 18:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2015-01-21 18:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2015-01-19 20:53 - 2013-07-01 18:20 - 00038744 _____ () C:\Users\Justin\Downloads\Addition.txt
    2015-01-19 20:47 - 2013-07-07 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-07 17:31 - 2014-10-22 17:59 - 00000000 ____D () C:\Users\Justin\AppData\Local\NETGEARGenie
    2015-01-06 20:28 - 2010-01-06 16:22 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
    2015-01-05 12:54 - 2011-10-31 14:12 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-05 12:54 - 2009-11-02 11:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-04 21:32 - 2014-08-25 18:55 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
    2015-01-04 21:32 - 2014-08-25 18:55 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
    2015-01-04 20:24 - 2012-07-06 14:10 - 00000000 ____D () C:\Users\Justin\Documents\StoryBook Creator Projects
    2014-12-31 10:21 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-31 10:10 - 2010-12-05 23:06 - 00036976 _____ () C:\Windows\DPINST.LOG
    2014-12-31 10:02 - 2009-11-02 11:49 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2014-12-30 12:50 - 2013-12-25 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

    ==================== Files in the root of some directories =======
    2011-05-12 20:33 - 2011-08-22 18:12 - 0001854 _____ () C:\Users\Justin\AppData\Roaming\GhostObjGAFix.xml
    2009-11-01 22:13 - 2009-11-01 22:13 - 2925193 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.0
    2009-11-01 22:13 - 2009-11-01 22:13 - 0846608 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.JPG
    2009-11-01 22:13 - 2009-11-01 22:13 - 3150367 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.0
    2009-11-01 22:13 - 2009-11-01 22:13 - 0903122 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.JPG
    2009-11-11 18:29 - 2009-11-11 18:29 - 2654292 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.0
    2009-11-11 18:29 - 2009-11-11 18:29 - 0554658 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.JPG
    2012-09-08 15:54 - 2012-09-08 15:54 - 0170225 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.0
    2012-09-08 15:54 - 2012-09-08 15:54 - 0173790 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.JPG
    2011-12-22 21:43 - 2011-12-22 21:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-09-15 22:18 - 2010-10-18 22:08 - 0006211 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-21 19:24

    ==================== End Of Log ============================
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141464

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice