1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus wont let me access task manager

Discussion in 'Virus & Other Malware Removal' started by carlos75, Mar 15, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Hi Tech support guy, a sneaky virus has got into my laptop and it wont let me open the task manager. When I press ctrl/alt/delete the task manager flashes up and disappears. Ive tried all the methods other than ctrl/alt/delete and none of them work. Also CCleaner wont work. Ive tried also to go into safe mode and it starts to load but then freezes. I noticed this strange file on my laptop: Ikeext.etl. Ive deleted it but I still have problems. Ive run AVG virus a couple of times and nothing came up. I also ran an online virus scanner from Trend Micro and that also didnt find anything. But I know it still must be there because my computer isnt working properly. Im using Windows 7 - 64bit.

    Cheers - Carlos
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Hi. I tried to attach all the txt file in one reply but it said it went over the word limit, so I will attach the FRST file in this reply and the other two (Addition and Shortcut) in another reply.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by carlos (administrator) on JIM on 17-03-2015 12:07:01
    Running from C:\Users\carlos\Desktop
    Loaded Profiles: carlos (Available profiles: carlos)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (SafeApp Software, LLC) C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    () C:\ProgramData\nvxasync\cvxasync.exe
    () C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    () C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-06-09] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-30] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-28] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2087424 2008-11-04] (Vodafone)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Regedit32] => C:\Windows\SysWOW64\regedit.exe [398336 2009-07-14] (Microsoft Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575896 2014-09-07] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-20] (Hewlett-Packard Company)
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Run: [nvxasync] => C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe [142678528 2015-03-13] ()
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\MountPoints2: {9b075131-4a4d-11e0-beab-78acc05c3288} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142678528 2015-03-13] () <==== ATTENTION
    Startup: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
    ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
    Startup: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/14
    URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    URLSearchHook: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    SearchScopes: HKLM -> DefaultScope {859BB0A2-DA65-429A-8405-E7FB37B60072} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {1B969E6C-2389-4006-987A-6A7021B8BC3B} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    SearchScopes: HKLM -> {859BB0A2-DA65-429A-8405-E7FB37B60072} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {859BB0A2-DA65-429A-8405-E7FB37B60072} URL = http://www.startsearcher.com/?q={searchTerms}&src=IETB
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {1B969E6C-2389-4006-987A-6A7021B8BC3B} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    SearchScopes: HKLM-x32 -> {859BB0A2-DA65-429A-8405-E7FB37B60072} URL = http://www.startsearcher.com/?q={searchTerms}&src=IETB
    SearchScopes: HKLM-x32 -> {8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {8848ECB5-1131-4D52-886D-41A581D7DD9C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN26054671121853919&UM=1
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6} URL =
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-11-04] (Yahoo! Inc.)
    BHO-x32: VideoFileDownload -> {0931BD3F-547E-45C1-B133-D0E995645DBA} -> C:\Program Files (x86)\OApps\bho_project.dll No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-27] (Adobe Systems Incorporated)
    BHO-x32: VideoFileDownload -> {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} -> C:\Program Files (x86)\OApps\bho_project.dll No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2013-10-10] (Perfect World Entertainment Inc)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
    BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09] (Conduit Ltd.)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-11-04] (Yahoo! Inc)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Yahoo!Xtra Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-11-04] (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09] (Conduit Ltd.)
    Toolbar: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll [2014-08-08] (AVG Secure Search)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 202.180.64.10 202.180.64.11

    FireFox:
    ========
    FF ProfilePath: C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\mtmlza66.default-1426224594831
    FF Homepage: https://www.google.co.nz/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-06] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-06] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-06] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.1.0\\npsitesafety.dll No File
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2013-10-10] (Perfect World Entertainment Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-27] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-03-11] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-03-27] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-03-11] (Citrix Systems, Inc.)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.surfvox.com/
    CHR StartupUrls: Default -> "hxxp://www.surfvox.com/"
    CHR DefaultSearchKeyword: Default -> surfvox.com
    CHR DefaultSearchURL: Default -> http://www.google.com/?cx=partner-pub-0900663996874144%3A6813731868&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.surfvox.com%2F&ref=&ss=
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
    CHR Extension: (Google Drive) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
    CHR Extension: (YouTube) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
    CHR Extension: (Google Search) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
    CHR Extension: (Skype Click to Call) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-27]
    CHR Extension: (Google Wallet) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
    CHR Extension: (Gmail) - C:\Users\carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
    CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
    S3 GSService; C:\Windows\SysWOW64\GSService.exe [252928 2012-05-31] () [File not signed]
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-30] ()
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-20] (Hewlett-Packard Company) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 Registry Helper Service; C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe [83328 2010-08-25] (SafeApp Software, LLC)
    S3 SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [260608 2012-06-01] (SMServer) [File not signed]
    R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-11-04] (Vodafone) [File not signed]
    R2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-08-08] (AVG Secure Search)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-08-08] (AVG Technologies)
    R3 MP4ConverterAudio; C:\Windows\System32\drivers\MP4ConverterAudio.sys [34088 2012-06-05] (Windows (R) Win 7 DDK provider)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-15] () [File not signed]
    U3 a12uzf7y; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-17 12:07 - 2015-03-17 12:08 - 00026513 _____ () C:\Users\carlos\Desktop\FRST.txt
    2015-03-17 12:03 - 2015-03-17 12:04 - 02095616 _____ (Farbar) C:\Users\carlos\Desktop\FRST64.exe
    2015-03-16 12:06 - 2015-03-16 12:06 - 00000822 _____ () C:\Users\carlos\Desktop\CCleaner.lnk
    2015-03-15 17:02 - 2015-03-15 17:02 - 00439857 _____ () C:\Users\carlos\AppData\Local\census.cache
    2015-03-15 17:02 - 2015-03-15 17:02 - 00209262 _____ () C:\Users\carlos\AppData\Local\ars.cache
    2015-03-15 16:58 - 2015-03-15 16:58 - 00000010 _____ () C:\Users\carlos\AppData\Local\sponge.last.runtime.cache
    2015-03-14 11:37 - 2015-03-14 11:37 - 00003288 ____N () C:\bootsqm.dat
    2015-03-14 11:35 - 2015-03-14 11:35 - 00000000 __SHD () C:\found.005
    2015-03-14 00:12 - 2015-03-14 00:12 - 00000036 _____ () C:\Users\carlos\AppData\Local\housecall.guid.cache
    2015-03-14 00:11 - 2015-03-14 00:11 - 02494944 _____ (Trend Micro Inc.) C:\Users\carlos\Desktop\HousecallLauncher64.exe
    2015-03-13 16:41 - 2015-03-17 12:07 - 00000000 ____D () C:\FRST
    2015-03-13 15:41 - 2015-03-16 22:53 - 00000448 _____ () C:\Windows\setupact.log
    2015-03-13 15:41 - 2015-03-13 15:41 - 00000592 _____ () C:\Windows\PFRO.log
    2015-03-13 15:41 - 2015-03-13 15:41 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-13 15:38 - 2015-03-14 00:06 - 00000000 _RSHD () C:\ProgramData\nvxasync
    2015-03-13 15:38 - 2015-03-13 15:38 - 00000000 ____D () C:\Users\carlos\AppData\Roaming\chportu
    2015-03-13 15:37 - 2015-03-14 00:06 - 00000000 _RSHD () C:\Users\carlos\AppData\Roaming\nvxasync
    2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-04 19:19 - 2015-03-04 19:19 - 00001279 _____ () C:\Users\carlos\Downloads\URLLink(2).acsm
    2015-03-03 15:58 - 2015-03-03 15:58 - 00001588 _____ () C:\Users\carlos\Downloads\URLLink(1).acsm
    2015-02-28 17:09 - 2015-02-28 17:09 - 00001585 _____ () C:\Users\carlos\Downloads\URLLink.acsm
    2015-02-28 17:01 - 2015-02-28 17:01 - 00889416 _____ (Microsoft Corporation) C:\Users\carlos\Downloads\dotNetFx40_Full_setup (1).exe
    2015-02-28 16:59 - 2015-02-28 16:59 - 00889416 _____ (Microsoft Corporation) C:\Users\carlos\Downloads\dotNetFx40_Full_setup.exe
    2015-02-28 16:56 - 2015-02-28 16:56 - 08132576 _____ (Adobe Systems Incorporated) C:\Users\carlos\Downloads\ADE_4.0_Installer.exe
    2015-02-28 16:31 - 2015-02-28 16:31 - 00000000 ____D () C:\Users\carlos\Desktop\politics
    2015-02-28 16:30 - 2015-02-28 16:31 - 00000000 ____D () C:\Users\carlos\Desktop\UO
    2015-02-20 12:53 - 2015-03-15 23:50 - 00000000 ____D () C:\Users\carlos\Desktop\nz_htg_Karitane
    2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
    2015-02-17 23:14 - 2015-02-17 23:14 - 00000000 ____D () C:\Users\carlos\Downloads\Download

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-17 12:05 - 2014-07-30 12:39 - 00000000 ____D () C:\ProgramData\MFAData
    2015-03-17 12:02 - 2011-06-15 21:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-17 12:01 - 2012-04-07 11:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-17 12:01 - 2010-11-10 21:41 - 01116936 _____ () C:\Windows\WindowsUpdate.log
    2015-03-17 01:39 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-17 00:38 - 2013-12-04 08:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef05ad3a498d8.job
    2015-03-16 12:06 - 2014-05-27 12:25 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-15 23:51 - 2011-03-04 01:41 - 00000000 ____D () C:\Users\carlos\AppData\Roaming\Adobe
    2015-03-14 11:38 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-14 00:37 - 2011-03-14 00:27 - 00000000 ____D () C:\Users\carlos\AppData\Local\CrashDumps
    2015-03-13 19:20 - 2012-05-01 18:06 - 00000000 ____D () C:\Users\carlos\AppData\Roaming\Azureus
    2015-03-13 15:41 - 2012-05-01 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-13 14:52 - 2013-09-02 12:17 - 00000000 ____D () C:\Users\carlos\AppData\Roaming\HpUpdate
    2015-03-13 12:17 - 2014-12-31 18:16 - 00000000 ____D () C:\Users\carlos\Desktop\uni2015
    2015-03-05 23:45 - 2012-09-01 14:06 - 00000000 ____D () C:\personal
    2015-03-04 19:39 - 2013-07-15 15:42 - 00000000 ____D () C:\Users\carlos\Documents\My Digital Editions
    2015-02-28 17:08 - 2013-07-15 15:43 - 00000000 ____D () C:\Users\carlos\AppData\Local\Adobe_Systems_Incorporate
    2015-02-28 17:08 - 2010-07-15 12:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-02-28 17:06 - 2011-03-21 22:36 - 00784996 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-28 17:06 - 2009-07-14 18:13 - 00784996 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-28 10:28 - 2014-05-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-28 10:28 - 2012-08-21 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
    2015-02-28 10:28 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
    2015-02-28 10:28 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-02-27 17:41 - 2012-03-07 18:57 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcarlos
    2015-02-27 17:41 - 2012-03-07 18:57 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcarlos.job
    2015-02-27 13:45 - 2014-07-30 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-02-27 13:30 - 2011-03-04 01:26 - 00000000 ____D () C:\Users\carlos

    ==================== Files in the root of some directories =======

    2011-10-31 20:43 - 2011-10-31 01:44 - 4063779446 _____ () C:\Program Files\DDO_US_FP_U8P3_042011.zip
    2012-08-12 14:31 - 2012-08-12 14:35 - 94572544 _____ () C:\Program Files\savscfxpstudent11.exe
    2011-03-29 20:03 - 2011-03-29 20:03 - 0000235 _____ () C:\Users\carlos\AppData\Roaming\fixpermissions.bat
    2015-03-15 17:02 - 2015-03-15 17:02 - 0209262 _____ () C:\Users\carlos\AppData\Local\ars.cache
    2015-03-15 17:02 - 2015-03-15 17:02 - 0439857 _____ () C:\Users\carlos\AppData\Local\census.cache
    2011-10-31 02:09 - 2011-10-31 02:09 - 0000094 _____ () C:\Users\carlos\AppData\Local\fusioncache.dat
    2015-03-14 00:12 - 2015-03-14 00:12 - 0000036 _____ () C:\Users\carlos\AppData\Local\housecall.guid.cache
    2013-02-26 10:04 - 2013-02-26 10:04 - 0000218 _____ () C:\Users\carlos\AppData\Local\recently-used.xbel
    2013-03-31 05:37 - 2013-03-31 05:37 - 0000017 _____ () C:\Users\carlos\AppData\Local\resmon.resmoncfg
    2015-03-15 16:58 - 2015-03-15 16:58 - 0000010 _____ () C:\Users\carlos\AppData\Local\sponge.last.runtime.cache
    2013-09-02 12:14 - 2013-09-02 12:14 - 0000057 _____ () C:\ProgramData\Ament.ini
    2008-08-20 15:45 - 2008-08-20 15:45 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
    2008-11-12 13:51 - 2008-11-12 13:51 - 0135882 ____R () C:\ProgramData\DeviceManager.xml.rc4
    2012-01-23 15:42 - 2012-01-23 15:50 - 0001337 _____ () C:\ProgramData\hpzinstall.log
    2010-11-10 21:50 - 2010-11-10 21:50 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-07-15 12:58 - 2010-07-15 12:59 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-11-10 21:49 - 2010-11-10 21:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-07-15 12:51 - 2010-07-15 12:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-11-10 21:49 - 2010-11-10 21:49 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-11-10 21:50 - 2010-11-10 21:50 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-07-15 12:51 - 2010-07-15 12:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-07-15 12:53 - 2010-07-15 12:58 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-11-10 21:50 - 2010-11-10 21:50 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Files to move or delete:
    ====================
    C:\Users\carlos\GoogleEarthSetup.exe


    Some content of TEMP:
    ====================
    C:\Users\carlos\AppData\Local\Temp\i4jdel0.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


    LastRegBack: 2015-02-27 13:14

    ==================== End Of Log ============================
     
  4. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Ok I tried to attach them both in one reply but it went over word count again so I will attach addition in this one and shortcut on the next

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by carlos at 2015-03-17 12:09:11
    Running from C:\Users\carlos\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe Connect 9 Add-in (HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Reader 9.5.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
    ArcGIS 10.1 Desktop Tutorial Data (HKLM-x32\...\ArcGIS 10.1 Desktop Tutorial Data) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.1 Desktop Tutorial Data (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
    ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
    AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
    CoffeeCup Free HTML Editor (HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\CoffeeCup Free HTML Editor) (Version: - )
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.04.801 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 01.13.04.8015 - Atari, Inc.)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
    HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
    HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
    iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
    Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MP4-Converter 4.3.8 (HKLM-x32\...\MP4-Converter_is1) (Version: 4.3.8 - cyan soft ltd)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
    Registry Helper (HKLM-x32\...\Registry Helper) (Version: - SafeApp Software, LLC) <==== ATTENTION
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Sengoku Demo version 1.0 (HKLM-x32\...\{1FB41358-FB2F-4D6D-9BB1-5BEB2ABA8456}}_is1) (Version: 1.0 - Paradox Interactive)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
    Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
    SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
    Teach2000 version 8.53 (HKLM-x32\...\Teach2000.7 XP - The Troolean Edition_is1) (Version: 8.53 - basement.nl)
    THE SETTLERS - Heritage of Kings (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
    Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version: - Electronic Arts)
    UOAssist (HKLM-x32\...\UOAssist) (Version: - )
    UOMagic 7 (HKLM-x32\...\ST6UNST #1) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
    Vodafone Mobile Connect Lite (HKLM-x32\...\{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}) (Version: 9.3.6.12095 - Vodafone)
    VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
    Vuze Remote Toolbar (HKLM-x32\...\Vuze_Remote Toolbar) (Version: 6.9.0.16 - Vuze Remote) <==== ATTENTION
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo!Xtra Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    15-01-2015 17:39:55 Scheduled Checkpoint
    25-01-2015 16:56:16 Installed AVG 2015
    13-02-2015 21:32:58 Scheduled Checkpoint

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {06222D1F-F128-474D-8C19-9BA0D43B082E} - System32\Tasks\HPCeeScheduleForcarlos => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
    Task: {07B65462-3CBC-4B73-B828-60EBA8E9B9FE} - System32\Tasks\{2F82AF6B-1424-42E3-91A9-145B52F88090} => pcalua.exe -a C:\Users\carlos\Downloads\CoffeeFreeHTML10.exe -d C:\Users\carlos\Downloads
    Task: {07C71D04-B2F1-4B34-B31F-B366606F29CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
    Task: {1991642A-8849-4C72-8254-E323798DDCB1} - System32\Tasks\{B314F440-7160-4E8F-8A29-8157D239BC30} => pcalua.exe -a C:\Users\carlos\Downloads\UOAssist.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {3366D847-7A41-4F3C-B851-28BBC83EE7B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {44F51A43-8C2C-43DE-B415-1C7A63948159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {604DBC62-FA39-4505-943C-8BE9B4C59011} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {61051F05-12E8-473E-A4C9-75ADAE124EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {6C2A2B5A-B529-431A-A056-0718817D58BB} - System32\Tasks\GoogleUpdateTaskMachineCore1cef05ad3a498d8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {9082468A-5980-431E-807E-9E45543266D8} - System32\Tasks\Adobe Flash Player Updater
    Task: {A0142B50-E692-44A8-8CB0-00015E873D39} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {DC03FF10-A402-42DF-B1E2-0AD7C63A56A0} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {EC9704E6-21C0-4674-B2C4-D099DE3DC152} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {F8920383-C069-4F00-B91B-CD9830AB85C9} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef05ad3a498d8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForcarlos.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2010-06-30 15:00 - 2010-06-30 15:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2014-08-08 12:17 - 2014-08-08 12:17 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
    2010-06-19 12:26 - 2010-06-19 12:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2015-03-13 15:38 - 2015-03-13 15:37 - 142678528 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
    2015-03-13 15:37 - 2015-03-13 15:37 - 142678528 __RSH () C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe
    2014-08-08 12:17 - 2014-09-07 19:33 - 02575896 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    2010-06-19 12:26 - 2010-06-19 12:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-06-19 12:26 - 2010-06-19 12:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2014-08-08 12:17 - 2014-08-08 12:17 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2009-07-14 10:03 - 2009-07-14 14:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-08-08 12:17 - 2014-09-07 19:33 - 00577560 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 202.180.64.10 - 202.180.64.11

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4031979200-3753117910-1413392079-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-4031979200-3753117910-1413392079-1006 - Limited - Enabled)
    carlos (S-1-5-21-4031979200-3753117910-1413392079-1000 - Administrator - Enabled) => C:\Users\carlos
    Guest (S-1-5-21-4031979200-3753117910-1413392079-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: AVWW3OTT IDE Controller
    Description: AVWW3OTT IDE Controller
    Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard mass storage controllers)
    Service: a12uzf7y
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3040522

    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3040522

    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3039523

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3039523

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3038509

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3038509

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 05:50:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6302


    System errors:
    =============
    Error: (03/17/2015 00:00:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 01:52:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 05:50:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (07/15/2012 01:31:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2338 seconds with 840 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
    Percentage of memory in use: 68%
    Total physical RAM: 1978.91 MB
    Available physical RAM: 620.8 MB
    Total Pagefile: 5125.55 MB
    Available Pagefile: 823.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:281.49 GB) (Free:75.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:16.3 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 1B0FDEFE)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End Of Log ============================
     
  5. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Ok I tried to attach them both in one reply but it went over word count again so I will attach addition in this one and shortcut on the next

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by carlos at 2015-03-17 12:09:11
    Running from C:\Users\carlos\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe Connect 9 Add-in (HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Reader 9.5.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
    ArcGIS 10.1 Desktop Tutorial Data (HKLM-x32\...\ArcGIS 10.1 Desktop Tutorial Data) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.1 Desktop Tutorial Data (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
    ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
    AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
    CoffeeCup Free HTML Editor (HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\CoffeeCup Free HTML Editor) (Version: - )
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.04.801 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 01.13.04.8015 - Atari, Inc.)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
    HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
    HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
    iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
    Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MP4-Converter 4.3.8 (HKLM-x32\...\MP4-Converter_is1) (Version: 4.3.8 - cyan soft ltd)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
    Registry Helper (HKLM-x32\...\Registry Helper) (Version: - SafeApp Software, LLC) <==== ATTENTION
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Sengoku Demo version 1.0 (HKLM-x32\...\{1FB41358-FB2F-4D6D-9BB1-5BEB2ABA8456}}_is1) (Version: 1.0 - Paradox Interactive)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
    Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
    SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
    Teach2000 version 8.53 (HKLM-x32\...\Teach2000.7 XP - The Troolean Edition_is1) (Version: 8.53 - basement.nl)
    THE SETTLERS - Heritage of Kings (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
    Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version: - Electronic Arts)
    UOAssist (HKLM-x32\...\UOAssist) (Version: - )
    UOMagic 7 (HKLM-x32\...\ST6UNST #1) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
    Vodafone Mobile Connect Lite (HKLM-x32\...\{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}) (Version: 9.3.6.12095 - Vodafone)
    VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
    Vuze Remote Toolbar (HKLM-x32\...\Vuze_Remote Toolbar) (Version: 6.9.0.16 - Vuze Remote) <==== ATTENTION
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo!Xtra Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    15-01-2015 17:39:55 Scheduled Checkpoint
    25-01-2015 16:56:16 Installed AVG 2015
    13-02-2015 21:32:58 Scheduled Checkpoint

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {06222D1F-F128-474D-8C19-9BA0D43B082E} - System32\Tasks\HPCeeScheduleForcarlos => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
    Task: {07B65462-3CBC-4B73-B828-60EBA8E9B9FE} - System32\Tasks\{2F82AF6B-1424-42E3-91A9-145B52F88090} => pcalua.exe -a C:\Users\carlos\Downloads\CoffeeFreeHTML10.exe -d C:\Users\carlos\Downloads
    Task: {07C71D04-B2F1-4B34-B31F-B366606F29CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
    Task: {1991642A-8849-4C72-8254-E323798DDCB1} - System32\Tasks\{B314F440-7160-4E8F-8A29-8157D239BC30} => pcalua.exe -a C:\Users\carlos\Downloads\UOAssist.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {3366D847-7A41-4F3C-B851-28BBC83EE7B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {44F51A43-8C2C-43DE-B415-1C7A63948159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {604DBC62-FA39-4505-943C-8BE9B4C59011} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {61051F05-12E8-473E-A4C9-75ADAE124EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {6C2A2B5A-B529-431A-A056-0718817D58BB} - System32\Tasks\GoogleUpdateTaskMachineCore1cef05ad3a498d8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {9082468A-5980-431E-807E-9E45543266D8} - System32\Tasks\Adobe Flash Player Updater
    Task: {A0142B50-E692-44A8-8CB0-00015E873D39} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {DC03FF10-A402-42DF-B1E2-0AD7C63A56A0} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {EC9704E6-21C0-4674-B2C4-D099DE3DC152} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {F8920383-C069-4F00-B91B-CD9830AB85C9} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef05ad3a498d8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForcarlos.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2010-06-30 15:00 - 2010-06-30 15:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2014-08-08 12:17 - 2014-08-08 12:17 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
    2010-06-19 12:26 - 2010-06-19 12:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2015-03-13 15:38 - 2015-03-13 15:37 - 142678528 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
    2015-03-13 15:37 - 2015-03-13 15:37 - 142678528 __RSH () C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe
    2014-08-08 12:17 - 2014-09-07 19:33 - 02575896 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    2010-06-19 12:26 - 2010-06-19 12:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-06-19 12:26 - 2010-06-19 12:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2014-08-08 12:17 - 2014-08-08 12:17 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-05-20 07:05 - 2010-05-20 07:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2009-07-14 10:03 - 2009-07-14 14:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-08-08 12:17 - 2014-09-07 19:33 - 00577560 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2010-02-10 14:58 - 2010-02-10 14:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 202.180.64.10 - 202.180.64.11

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4031979200-3753117910-1413392079-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-4031979200-3753117910-1413392079-1006 - Limited - Enabled)
    carlos (S-1-5-21-4031979200-3753117910-1413392079-1000 - Administrator - Enabled) => C:\Users\carlos
    Guest (S-1-5-21-4031979200-3753117910-1413392079-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: AVWW3OTT IDE Controller
    Description: AVWW3OTT IDE Controller
    Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard mass storage controllers)
    Service: a12uzf7y
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3040522

    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3040522

    Error: (03/16/2015 06:41:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3039523

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3039523

    Error: (03/16/2015 06:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3038509

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3038509

    Error: (03/16/2015 06:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/16/2015 05:50:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6302


    System errors:
    =============
    Error: (03/17/2015 00:00:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 00:00:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/17/2015 01:52:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 06:41:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/16/2015 05:50:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (07/15/2012 01:31:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2338 seconds with 840 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
    Percentage of memory in use: 68%
    Total physical RAM: 1978.91 MB
    Available physical RAM: 620.8 MB
    Total Pagefile: 5125.55 MB
    Available Pagefile: 823.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:281.49 GB) (Free:75.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:16.3 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 1B0FDEFE)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End Of Log ============================
     
  6. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Here is the final txt file - shortcut

    Users shortcut scan result (x64) Version: 11-03-2015
    Ran by carlos at 2015-03-17 12:11:15
    Running from C:\Users\carlos\Desktop
    Boot Mode: Normal
    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)



    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk -> C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge CS3\Bridge.exe (Adobe Systems, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Device Central CS3\DeviceCentral.exe (Adobe Systems)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe (Adobe Systems, Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe (Adobe Systems Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk -> C:\Program Files (x86)\Inkscape\inkscape.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk -> C:\Windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk -> C:\Program Files (x86)\Online Services\Omnifone\MusicStation.exe (Omnifone Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk -> C:\Program Files\Paint.NET\PaintDotNet.exe (dotPDN LLC)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk -> C:\Program Files (x86)\NCH Software\Switch\switch.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk -> C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone\Vodafone Mobile Connect.lnk -> C:\Windows\Installer\{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}\VodafoneConnectionMa_B9D0823E49B04B5B9B0C5415624F0666.exe (Macrovision Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone\Vodafone SMS.lnk -> C:\Windows\Installer\{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}\SMS_B9D0823E49B04B5B9B0C5415624F0666.exe (Macrovision Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Backup Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Bolt PDF Printer.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\CD, DVD, BluRay Burner.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Classic FTP Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Doxillion Document Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Encryption and Decryption Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Express Zip File Compression.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Text-to-Speech Reader.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Typing Expander Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Uploader Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UOMagic 7\UOMagic 7.LNK -> C:\Program Files (x86)\UOMagic\UOMagic.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Check online for updates.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\support\autoupdate\SHoKAutoUpdate.exe (Blue Byte Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Check system requirements.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\support\Detection\s5detection.exe (Blue Byte Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Play THE SETTLERS - Heritage of Kings.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\bin\SettlersHoK.exe (Blue Byte Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\View Readme.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\support\Manual\ReadMe.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Manual\Show online manual.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\support\Manual\Manual.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teach2000\Teach2000.lnk -> C:\Program Files (x86)\Teach2000\Teach2000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus\SoftStylus ReadMe.lnk -> C:\Program Files (x86)\SoftStylus\readme.htm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus\SoftStylus.lnk -> C:\Program Files (x86)\SoftStylus\Stylus.exe (Motorola Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sengoku Demo\Sengoku Demo.lnk -> C:\Games\Paradox Interactive\Sengoku Demo\Sengoku.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sengoku Demo\Uninstall Sengoku Demo.lnk -> C:\Games\Paradox Interactive\Sengoku Demo\unins000.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper\Registry Helper Help.lnk -> C:\Program Files (x86)\Registry Helper\help.chm (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper\Registry Helper.lnk -> C:\Program Files (x86)\Registry Helper\RegistryHelper.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper\Visit our Website.lnk -> C:\Program Files (x86)\Registry Helper\Registry Helper.url (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\RichText.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\PictureViewer.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\QTPlayer.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Arc.lnk -> C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe (Perfect World Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Repair Arc.lnk -> C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcRepair.exe (Perfect World Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk -> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter\Buy Now.lnk -> C:\Program Files (x86)\MP4-Converter\buynow.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter\MP4-Converter CDRipper.lnk -> C:\Program Files (x86)\MP4-Converter\CDRipper.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter\MP4-Converter Help.lnk -> C:\Program Files (x86)\MP4-Converter\MP4-Converter.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter\MP4-Converter Support Wizard.lnk -> C:\Program Files (x86)\MP4-Converter\SupportWizard.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter\MP4-Converter.lnk -> C:\Program Files (x86)\MP4-Converter\MP4-Converter.exe (Sound)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger Configuration Wizard.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Documentation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Documentation\NotebookDocs.exe (Hewlett-Packard)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Power Manager.lnk -> C:\Windows\Installer\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}\_03D45F53FC9AA1EFAD10B8.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Wireless Assistant.lnk -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\Help.lnk -> C:\Program Files (x86)\HP\HP Deskjet 1050 J410 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 1050 J410 series\bin\HPScan.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetupLauncher.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\ProductSupportShortcut.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\AdvisorVideo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\AdvisorVideo\Doc.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star\Power Saving.lnk -> C:\Windows\Installer\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}\_FA5007C6DF56413F6D252E.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DT.gadget (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\CyberLink DVD Suite.lnk -> C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDirector.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk -> C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\CD Audio Burn Recorder.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\CD Audio Rip Extractor.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Crescendo Music Notation.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Dictation Recorder.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\DJ Mixing Software.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Multitrack Mixer.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Record to CD or Mp3 Wizard.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Converter.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Editor.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Recorder.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Streaming Audio Recorder.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Streaming Audio Server.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Text-to-Speech Reader.lnk -> C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcCatalog 10.1.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\ArcCatalog.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcGIS Administrator.lnk -> C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISAdmin.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcGlobe 10.1.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\ArcGlobe.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcMap 10.1.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\ArcMap.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcScene 10.1.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\ArcScene.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Python 2.7\Python (command line).lnk -> C:\Python27\ArcGIS10.1\python.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Python 2.7\Python Manuals.lnk -> C:\Python27\ArcGIS10.1\Doc\python272.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Desktop Tools\ArcGIS Document Defragmenter.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\Tools\DocDefragmenter.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Desktop Tools\MXD Doctor.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\Tools\MXDDoctor.exe (Esri)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcGIS for Desktop Help\ArcGIS for Desktop Resource Center.lnk -> C:\Program Files (x86)\ArcGIS\Desktop10.1\help\HelpOnline.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\uninstall.exe (Adobe Systems Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 2.0 Configuration.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AB0DB0C2-2420-4AD5-975C-864046D807A3}\PlayTasks\0\Ultima Online Classic Client.lnk -> C:\Users\carlos\Downloads\Electronic Arts\Ultima Online Classic\UO.exe (Bioware, an EA Studio)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{A5C9971A-7502-48D2-8111-04580E67E958}\PlayTasks\0\Ultima Online Enhanced Client.lnk -> C:\Program Files (x86)\Electronic Arts\Ultima Online Enhanced\uopatch.exe (Bioware, an EA Studio)
    Shortcut: C:\ProgramData\Media Center Programs\UO.lnk -> C:\Users\carlos\Downloads\Electronic Arts\Ultima Online Classic\GDF\UO-MCE.mcl ()
    Shortcut: C:\ProgramData\Media Center Programs\uopatch.lnk -> C:\Program Files (x86)\Electronic Arts\Ultima Online Enhanced\GDF\uopatch-MCE.mcl ()
    Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\Users\carlos\Links\Desktop.lnk -> C:\Users\carlos\Desktop ()
    Shortcut: C:\Users\carlos\Links\Downloads.lnk -> C:\Users\carlos\Downloads ()
    Shortcut: C:\Users\carlos\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\Users\carlos\Desktop\Downloads.lnk -> C:\Users\carlos\Downloads ()
    Shortcut: C:\Users\carlos\Desktop\music - Shortcut.lnk -> C:\music ()
    Shortcut: C:\Users\carlos\Desktop\My Playlists - Shortcut.lnk -> C:\music\Morbid_Angel\Alters_of_Madness\My Playlists ()
    Shortcut: C:\Users\carlos\Desktop\Ultima Online Enhanced Client.lnk -> C:\Program Files (x86)\Electronic Arts\Ultima Online Enhanced\uopatch.exe (Bioware, an EA Studio)
    Shortcut: C:\Users\carlos\Desktop\UO\Ultima Online Classic Client.lnk -> C:\Users\carlos\Downloads\Electronic Arts\Ultima Online Classic\UO.exe (Bioware, an EA Studio)
    Shortcut: C:\Users\carlos\Desktop\uni2015\Adobe Digital Editions 4.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software\CoffeeCup Free HTML Editor.lnk -> C:\Users\carlos\AppData\Roaming\CoffeeCup Software\CoffeeCup Free HTML Editor\Coffee.exe (CoffeeCup Software)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk -> C:\Program Files (x86)\Inkscape\inkscape.exe (No File)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MP4-Converter.lnk -> C:\Program Files (x86)\MP4-Converter\MP4-Converter.exe (Sound)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk -> C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\Users\carlos\AppData\Local\Microsoft\Windows\GameExplorer\{9040819C-2CD9-4785-B7F0-059AF0898D67}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe (No File)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=snapfish&pf=cnnb&locale=en_nz&bd=all&c=104


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -Iskins
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist - force update check.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.) -> /Update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist - uninstall.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.) -> /Uninstall
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Register product.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\support\Register\RegistrationReminder.exe (Blue Byte Software) -> -g THE SETTLERS - Heritage of Kings -l english -i 2057
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Uninstall THE SETTLERS - Heritage of Kings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus\SoftStylus Tutorial.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\SoftStylus\sstlsimgs.dll",RunLocalizedTutorial C:\Program Files (x86)\SoftStylus\
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus\SoftStylus User Manual.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\SoftStylus\sstlsimgs.dll",RunLocalizedUserManual C:\Program Files (x86)\SoftStylus\
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftStylus\Uninstall SoftStylus.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {AC20F304-F02A-473E-BDE7-2400FC7429ED}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {57752979-A1C9-4C02-856B-FBB27AC4E02C} /qf
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Uninstall Arc.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe (Perfect World Entertainment) -> -runfromtemp -l0x0409 -removeonly
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x0800
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {F294770E-F869-400F-81C3-614B5F13CA54}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HP Setup.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> DESKTOP
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Agatha Christie - Death on the Nile.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\DeathOnTheNile-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Escape Rosecliff Island.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Escape Rosecliff Island\EscapeRosecliffIsland-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Jewel Quest - Heritage.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest - Heritage\JewelQuestHeritage-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\Plants vs. Zombies-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Death on the Nile.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\DeathOnTheNile-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Escape Rosecliff Island.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Escape Rosecliff Island\EscapeRosecliffIsland-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest - Heritage.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest - Heritage\JewelQuestHeritage-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\Plants vs. Zombies-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9\Online registration.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\OLRSubmission\OLRSubmission.exe () -> /LANG:Enu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Python 2.7\IDLE (Python GUI).lnk -> C:\Python27\ArcGIS10.1\pythonw.exe () -> "C:\Python27\ArcGIS10.1\Lib\idlelib\idle.pyw"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\Python 2.7\Module Docs.lnk -> C:\Python27\ArcGIS10.1\pythonw.exe () -> "C:\Python27\ArcGIS10.1\Tools\scripts\pydocgui.pyw"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS\ArcGIS for Desktop Help\ArcGIS 10.1 for Desktop Help.lnk -> C:\Windows\SysWOW64\hh.exe (Microsoft Corporation) -> C:\Program Files (x86)\ArcGIS\Desktop10.1\Help\ArcInfoMain.chm
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fdf91770-af7e-4c8d-bfd2-b40f6a1b7481}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f64371e9-e863-40ab-8ecd-dbd1e79683bf}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\Plants vs. Zombies-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f41abb66-f415-4c77-a2ae-917b23460332}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e5541345-a785-4e1e-906e-5bf6068ba4c0}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dcf8c30f-84f6-4475-829d-2dea8d873786}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c44af186-ce1f-41b7-94d3-def66a94aeeb}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c43df059-6e6b-4e7b-bc68-da6d01418966}\PlayTasks\0\Agatha Christie - Death on the Nile.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\DeathOnTheNile-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{bd4b5b33-e05f-4ba5-b182-f1ff7ea5c382}\PlayTasks\0\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9a3546c9-c2c2-4959-a9b9-a47e8c7e990c}\PlayTasks\0\Escape Rosecliff Island.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Escape Rosecliff Island\EscapeRosecliffIsland-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7b3b2cd8-870b-4735-b686-7895f269f110}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5fe74c0f-3b4e-4d19-ba1a-45d1ca676438}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{30def35c-d3ad-4223-b63a-d88752f22c68}\PlayTasks\0\Jewel Quest - Heritage.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest - Heritage\JewelQuestHeritage-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{203727b9-3ead-4178-bb5e-eaaf7beb9d38}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=Registration
    ShortcutWithArgument: C:\Users\carlos\Downloads\Electronic Arts\Ultima Online Classic\GDF\UO-MCE.lnk -> C:\Users\carlos\Downloads\Electronic Arts\Ultima Online Classic\UO.exe (Bioware, an EA Studio) -> -mce
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist - force update check.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.) -> /Update
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UOAssist\UOAssist - uninstall.lnk -> C:\Program Files (x86)\UOAssist\UOAssist.exe (Tugsoft, Inc.) -> /Uninstall
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
    ShortcutWithArgument: C:\Users\carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\TheSettlers.com.url -> hxxp://www.thesettlers.com/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Ubi.com.url -> hxxp:\\www.ubi.com
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teach2000\Website - Manual.url -> hxxp://www.teach2000.org/manual.php
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teach2000\Website - Teach2000.url -> hxxp://www.teach2000.org/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teach2000\Website - vocatrain.com.url -> hxxp://www.vocatrain.com/
    InternetURL: C:\Users\carlos\Favorites\uni\Current Students, University of Otago, New Zealand.url -> hxxp://www.otago.ac.nz/currentstudents/
    InternetURL: C:\Users\carlos\Favorites\uni\Sign In.url -> https://adfs.student.otago.ac.nz/ad...F&id=260563&whr=student.otago.ac.nz&CBCXT=out
    InternetURL: C:\Users\carlos\Favorites\grep\Grepolis (2) - Cezary Launch Pad 3.url -> hxxp://en43.grepolis.com/game/index?login=1&p=3431868&ts=1383788847
    InternetURL: C:\Users\carlos\Favorites\grep\Grepolis Intel Grepolis Stats Grepolis Maps Grepolis Tools en43.url -> hxxp://grepointel.com/track.php?server=en43&pn=Cuchalainn&rt=overview_hr&dow=all
    InternetURL: C:\Users\carlos\Favorites\grep\Grepolis Stats.url -> hxxp://www.grepostats.com/world/en43/index
    InternetURL: C:\Users\carlos\Favorites\fight\Watch Fights MMA Videos - UFC Videos WEC Videos Strikeforce Videos DREAM Videos.url -> hxxp://www.mma-core.com/videos/fights
    InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_NZ&bd=all&c=104
    InternetURL: C:\Users\Default\Favorites\HP\Snapfish.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=snapfish&pf=cnnb&locale=en_nz&bd=all&c=104

    ==================== End of log =============================
     
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please remove he following programs:

    Vuze Remote Toolbar
    Registry Helper​


    Please download the attached fixlist.txt file (see below), and save it in the same directory as FRST.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • The computer will restart. Allow it to.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      1. Enable free trial of Malwarebytes Anti-Malware Premium
      2. Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.
     

    Attached Files:

  8. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Hi Tech Support Guy, here are the .txt files you requested: Fixlog; JRT; Adwcleaner.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by carlos at 2015-03-18 11:52:51 Run:1
    Running from C:\Users\carlos\Desktop
    Loaded Profiles: carlos (Available profiles: carlos)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM-x32\...\Run: [Regedit32] => C:\Windows\SysWOW64\regedit.exe [398336 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Run: [nvxasync] => C:\Users\carlos\AppData\Roaming\nvxasync\nvxasync.exe [142678528 2015-03-13] ()
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\MountPoints2: {9b075131-4a4d-11e0-beab-78acc05c3288} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142678528 2015-03-13] () <==== ATTENTION
    Startup: C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
    ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
    URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    URLSearchHook: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {859BB0A2-DA65-429A-8405-E7FB37B60072} URL = http://www.startsearcher.com/?q={searchTerms}&src=IETB
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {8848ECB5-1131-4D52-886D-41A581D7DD9C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN2605467 1121853919&UM=1
    SearchScopes: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> {8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6} URL =
    BHO-x32: VideoFileDownload -> {0931BD3F-547E-45C1-B133-D0E995645DBA} -> C:\Program Files (x86)\OApps\bho_project.dll No File
    BHO-x32: VideoFileDownload -> {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} -> C:\Program Files (x86)\OApps\bho_project.dll No File
    BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09] (Conduit Ltd.)
    C:\Program Files (x86)\Vuze_Remote
    Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09] (Conduit Ltd.)
    Toolbar: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-4031979200-3753117910-1413392079-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts:
    CHR HomePage: Default -> hxxp://www.surfvox.com/
    CHR StartupUrls: Default -> "hxxp://www.surfvox.com/"
    CHR DefaultSearchKeyword: Default -> surfvox.com
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Users\carlos\AppData\Local\Temp\i4jdel0.exe
    C:\Users\carlos\AppData\Roaming\nvxasync
    DeleteJunctionsIndirectory: C:\Windows\system64
    Task: {07B65462-3CBC-4B73-B828-60EBA8E9B9FE} - System32\Tasks\{2F82AF6B-1424-42E3-91A9-145B52F88090} => pcalua.exe -a C:\Users\carlos\Downloads\CoffeeFreeHTML10.exe -d C:\Users\carlos\Downloads
    Task: {07C71D04-B2F1-4B34-B31F-B366606F29CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
    Task: {1991642A-8849-4C72-8254-E323798DDCB1} - System32\Tasks\{B314F440-7160-4E8F-8A29-8157D239BC30} => pcalua.exe -a C:\Users\carlos\Downloads\UOAssist.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    C:\ProgramData\nvxasync
    EMPTYTEMP:
    Reboot:
    End

    *****************

    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Regedit32 => value deleted successfully.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync => value deleted successfully.
    "HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b075131-4a4d-11e0-beab-78acc05c3288}" => Key deleted successfully.
    HKCR\CLSID\{9b075131-4a4d-11e0-beab-78acc05c3288} => Key not found.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
    C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk => Moved successfully.
    C:\Program Files (x86)\fliptoast\fliptoast.exe not found.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value not found.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{859BB0A2-DA65-429A-8405-E7FB37B60072}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{859BB0A2-DA65-429A-8405-E7FB37B60072} => Key not found.
    "HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8848ECB5-1131-4D52-886D-41A581D7DD9C}" => Key deleted successfully.
    HKCR\CLSID\{8848ECB5-1131-4D52-886D-41A581D7DD9C} => Key not found.
    "HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6}" => Key deleted successfully.
    HKCR\CLSID\{8DB7640E-3EDA-4F16-9045-8DD0F5FF1BA6} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0931BD3F-547E-45C1-B133-D0E995645DBA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
    HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
    "C:\Program Files (x86)\Vuze_Remote" => File/Directory not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value not found.
    HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKU\S-1-5-21-4031979200-3753117910-1413392079-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value deleted successfully.
    HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000008\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000008\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Hosts was reset successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
    C:\Users\carlos\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
    C:\Users\carlos\AppData\Roaming\nvxasync => Moved successfully.
    "C:\Windows\system64" => Deleting reparse point and unlocking started.
    "C:\Windows\system64" => Deleting reparse point and unlocking done.
    "C:\Windows\system64" => Deleting reparse point and unlocking completed.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07B65462-3CBC-4B73-B828-60EBA8E9B9FE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07B65462-3CBC-4B73-B828-60EBA8E9B9FE}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{2F82AF6B-1424-42E3-91A9-145B52F88090} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F82AF6B-1424-42E3-91A9-145B52F88090}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07C71D04-B2F1-4B34-B31F-B366606F29CF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07C71D04-B2F1-4B34-B31F-B366606F29CF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1991642A-8849-4C72-8254-E323798DDCB1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1991642A-8849-4C72-8254-E323798DDCB1}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{B314F440-7160-4E8F-8A29-8157D239BC30} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B314F440-7160-4E8F-8A29-8157D239BC30}" => Key deleted successfully.
    C:\ProgramData\nvxasync => Moved successfully.
    EmptyTemp: => Removed 251.9 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 11:54:47 ====


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.5 (03.17.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by carlos on Wed 18/03/2015 at 12:05:20.49
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2504091
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3289075
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{828B376B-F2F6-4778-928C-E29EC877535E}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-B589F2DE.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\flexnet"
    Successfully deleted: [Folder] "C:\Users\carlos\AppData\Roaming\getrighttogo"
    Successfully deleted: [Folder] "C:\Users\carlos\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\carlos\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\carlos\appdata\locallow\pricegong"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
    Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
    Successfully deleted: [Folder] "C:\Program Files (x86)\smartdl"
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{07117F1B-5D4B-45EA-A93B-93077EB678CD}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{16CD8FEB-EC00-48D1-B61F-CFF312EDC00E}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{1AE06118-0CAA-4725-BA98-DC351027D6C1}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{26735C0A-81B6-44E7-8D15-0AE34860F0A2}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{2700A327-D7EB-45D6-91D5-A10AEDAAE85A}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{2C9BC347-A3E4-4767-A788-678DDDF08A81}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{433A5F04-AF62-4188-9883-186927CBBE1B}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{456D4B37-6F34-421A-A079-C365FF8B8945}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{487E29A6-3220-421B-9332-F012232796FD}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{49270B1D-FBE4-4808-95A3-4AABC9EEAD3A}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{4946A9B1-B951-48D3-98DC-23739D9213CC}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{4BE0C88D-6553-4B75-9296-489C26035BC6}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{4F0FA3DC-A542-45B2-BCAC-358DDA1EFB27}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{574B51B5-7C5F-4925-A2DD-AA32AFA4CF1E}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{58BD4D50-BD38-4C4B-AF7A-887542CF6547}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{5CE692E5-7D2B-4582-B4C2-BC852E338671}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{5F3818F8-3F10-49E2-9E35-04D7307EF534}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{71A3ECF8-BB8C-403D-BC5B-DB0E4EE13A63}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{7278E142-83B8-46E5-8934-BB41E4EB3C4B}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{7B49DDFE-F386-4670-B1D0-60E62C50C471}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{7C702D6E-5876-4C15-81F0-CFB5DD92B54E}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{8A49D60F-8CEB-4F98-A148-211516D51833}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{8A960A55-7B36-431A-AFA5-5C7D6571543C}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{91380085-F419-4492-9E79-F525D3A6D4E3}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{9A85F905-A0BD-45D9-AF71-B172518EF9D9}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{9B7E27F7-79E4-4016-A26C-BD0B59F06E99}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{A253CDE1-0A3A-4286-8EA9-97C2BB9B8CC7}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{A68AC000-5601-4392-B145-B63B6479B040}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{AC078B98-4525-4663-8F20-9358D7AE6D73}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{AF5D8FBB-9BD8-4F7F-92C8-DE0AC848C4A3}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{B00619B5-70FC-4E87-B186-57C1337F31DC}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{BCCA185F-EE5A-4B25-9C6B-FF8B8FAB051A}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{DEA9E519-BE32-4D4C-A1ED-F7F8F951AE39}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{E115A2F0-CB9A-4118-ABBE-487A8AADB5BB}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{E6C65C97-0C48-4313-9010-DA4B63620382}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{E91AA495-4A4B-40F3-8598-AA97A6EEE61E}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{EC9C8519-F15D-45FE-85EE-32D22A635416}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{EDD74C6C-6459-413E-9D08-8107330D06A4}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{F395D77D-F9E0-48EC-918B-AF0C7DBC86D4}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{FD128FD2-361F-4209-A390-A8497EE9F3E4}
    Successfully deleted: [Empty Folder] C:\Users\carlos\appdata\local\{FF19A64D-D51F-4104-9A5E-FD47FA404F70}



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 18/03/2015 at 12:13:55.92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v4.112 - Logfile created 18/03/2015 at 12:21:42
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-15.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : carlos - JIM
    # Running from : C:\Users\carlos\Desktop\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : Registry Helper Service
    Service Deleted : YahooAUService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\Registry Helper
    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper
    Folder Deleted : C:\Program Files (x86)\1ClickDownload
    Folder Deleted : C:\Program Files (x86)\File Type Assistant
    Folder Deleted : C:\Program Files (x86)\Registry Helper
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx
    File Deleted : C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\juolg08t.default\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object
    Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Surf Canyon
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Registry Helper
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.16750

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page Redirect Cache]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [blank]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [NavigationFailure]

    -\\ Mozilla Firefox v36.0.1 (x86 en-GB)


    -\\ Google Chrome v41.0.2272.89


    *************************

    AdwCleaner[R0].txt - [6601 bytes] - [18/03/2015 12:17:49]
    AdwCleaner[S0].txt - [6394 bytes] - [18/03/2015 12:21:42]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6453 bytes] ##########


    I ran the Malwareby program as requested but it didnt find anything. I also noted after I rebooted I was prompted for a Windows Activation Key, but was given the option "Not now" which I chose. I've also noticed at the bottom right corner of my desktop a message which reads: Windows 7, Build 7601, This copy of windows is not genuine. I got the laptop brand new from Harvey Norman, is this industry standard or should I contact them in regards to this?

    Regards - Carlos
     
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    This problem may occur because a specific system setting is removed when a program runs with administrative credentials. The removal of this system setting may cause a BIOS validation check to fail. The BIOS validation check is part of the system activation process. Therefore, you may be prompted to activate Windows.

    First, go to Microsoft Updates and install any update available. If that does not help, Go to Start, right click on Computer and select Properties. Select activate Windows now. It will be a good idea to have the Product Key Handy, in case it is ask for.

    Has the previous issue gone?

    Keep me posted.
     
  10. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Hi Tech Support Guy, Thankyou the previous issue has gone. Should I change all my passwords?

    regards

    Carlos
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The computer was infected with Trojan Zero Access. Changing your passwords should be a good idea.

    Lets remove the tools used in the cleaning of this machine.

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      [​IMG]
    3. Click Run

    Here are some suggestions.

    1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
    2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    For information and guidelines to follow to prevent future infections you can read this article by Miekiemoes.

    Best wishes! [​IMG]
     
  12. carlos75

    carlos75 Thread Starter

    Joined:
    Mar 15, 2015
    Messages:
    8
    Thankyou ever so much for your time and support. I will happily make a donation to your site and will more than likely see you again in the future.

    Kindest Regards

    Carlos
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You are welcome. :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144834

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice