Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware : ads, redirects, opens surveys in Chrome and Firefox


  • This topic is locked This topic is locked
8 replies to this topic

#1 Shannacat

Shannacat

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:10:41 PM

Posted 01 July 2014 - 03:23 PM

The infection occured when "updating MediaFire desktop" window appreared.  I was using MediFire at the time, but when I tried to close the window using "x", it would not close.  I unplugged the computer from power asap, but not soon enough.  Immediately ran virus & malware scan (using System Mechanic - recommended by a Dell tech a few years ago) and nothing was found.  Attempted to uninstall MediaFire Desktop using "Programs - Uninstall MediaFire" and Control panel uninstall.  Not successful.  Set computer back using "system restore", but the MediaFire update survived.

 

Ads appeared and redirects were common in Chrome and Firefox away from general as well as helpful (anti-malware) sites.  Some of the redirects were to what looked like Adobe but the link was not correct.  Search pages replaced with garbage.  Survey pages opened.  Computer user feels like a dope.

 

Ran Malware Bytes, AdwCleaner, Hitman Pro but the malware persists.

 

Thank yuo for any help you might offer.

Shanna Rendon

 

 

 

DDS:DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Shanna at 13:46:11 on 2014-07-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.8686 [GMT -6:00]
.
AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mlauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\Roxio Burn.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Shanna\Downloads\adwcleaner_3.214 (1).exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [GoToMeeting] "C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [GoogleChromeAutoLaunch_DE8D5291F9E005A4A2DE5EA906DCC3E5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Shanna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8A443B21-E4F3-4856-A30A-4A80F2AA9D80} - hxxp://192.168.1.12/DTPickerWrap.CAB
DPF: {D75CC892-8952-4F6A-B082-FF1103E0D5A7} - hxxp://192.168.1.12/WRControlLite.CAB
TCP: NameServer = 69.144.127.53 68.116.46.115 71.9.127.107
TCP: Interfaces\{4C57FB8D-A9C5-4B00-8AA6-C85111E2BC77} : DHCPNameServer = 69.144.127.53 68.116.46.115 71.9.127.107
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97} - MSIEXEC /i {5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97} REINSTALL="Advertised1" REINSTALLMODE=us SETDEFAULTS="1" IGNORE_FTDI="1" /qn /quiet
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\hds0q9j4.default-1404002839316\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Shanna\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-5-5 56336]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2013-5-5 28304]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2013-5-5 20112]
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [2014-5-21 61120]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-4-24 30752]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-6-12 46376]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2013-5-5 27792]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2012-6-20 457360]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2014-5-30 91784]
R2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2012-8-24 173408]
R2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2013-4-24 1504608]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2012-7-11 22160]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-10-15 311184]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 hasplms;Sentinel LDK License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-6-28 127752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-23 13336]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-1-29 1168960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-27 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-27 860472]
R2 mfmonitor;mfmonitor;C:\Windows\System32\drivers\mfmonitor_x64.sys [2014-1-29 20696]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-4-24 82160]
R2 RoxioBurnLauncher;Roxio Burn Launcher;C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [2012-7-5 535184]
R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [2014-6-25 172544]
R2 UniversalCommunicationServer;Universal Communication Server;C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [2013-7-10 90496]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-8-24 121696]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-8-24 119136]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-22 116240]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-1-10 53104]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-27 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-27 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-27 63704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-22 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-22 295424]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/05/05 12:12:39;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch14;Roxio Hard Drive Watcher 14;C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [2012-7-18 341136]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-22 19456]
S3 RoxMediaDB14;RoxMediaDB14;C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [2012-7-18 1096848]
S3 SydexFDD;Sydex Diskette Driver;C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS [2014-5-4 13359]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-22 57856]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-8-24 181600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-24 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-22 203776]
S4 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2013-12-4 5454640]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-07-01 19:30:35    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{534AEDF8-15A3-4342-9D14-45D43BF603BF}\offreg.dll
2014-07-01 19:27:13    --------    d-----w-    C:\Program Files\SupraSavings
2014-07-01 14:47:51    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{534AEDF8-15A3-4342-9D14-45D43BF603BF}\mpengine.dll
2014-06-29 01:45:58    --------    d-----w-    C:\Program Files\HitmanPro
2014-06-29 01:44:53    --------    d-----w-    C:\ProgramData\HitmanPro
2014-06-29 01:01:03    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-06-29 01:00:40    --------    d-----w-    C:\AdwCleaner
2014-06-27 22:42:50    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-27 22:42:37    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-27 22:42:37    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-27 22:42:37    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-06-27 22:42:37    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-06-27 22:42:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 19:22:08    --------    d-----w-    C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF
2014-06-24 19:23:03    --------    d-----w-    C:\Users\Shanna\AppData\Local\Bernina DesignWorks 2.0
2014-06-21 03:58:43    --------    d-----w-    C:\Users\Shanna\AppData\Local\Macromedia
2014-06-15 21:41:40    --------    d-sh--w-    C:\Users\Shanna\AppData\Local\EmieUserList
2014-06-15 21:41:40    --------    d-sh--w-    C:\Users\Shanna\AppData\Local\EmieSiteList
2014-06-12 21:46:43    --------    d-----w-    C:\ProgramData\5d44516733b4b94e
2014-06-12 21:46:37    --------    d-----w-    C:\Users\Shanna\AppData\Local\Packages
2014-06-12 20:57:56    --------    d-----w-    C:\Users\Shanna\AppData\Local\Amazon Music
2014-06-12 19:05:34    46376    ----a-w-    C:\Windows\System32\drivers\netfilter64.sys
2014-06-10 22:10:53    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-10 22:10:53    424448    ----a-w-    C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-06-21 03:58:32    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-21 03:58:32    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 06:41:16    20696    ----a-w-    C:\Windows\System32\drivers\mfmonitor_x64.sys
2014-05-30 17:42:22    4683144    ----a-w-    C:\Windows\System32\hasplms.exe
2014-05-30 17:42:22    4683144    ----a-w-    C:\Windows\System32\aksllmtp.exe
2014-05-30 17:42:22    331608    ----a-w-    C:\Windows\System32\drivers\hardlock.sys
2014-05-30 17:42:20    70536    ----a-w-    C:\Windows\System32\akshhl31.dll
2014-05-30 17:42:20    162264    ----a-w-    C:\Windows\System32\drivers\aksfridge.sys
2014-05-30 17:42:18    91784    ----a-w-    C:\Windows\System32\drivers\aksdf.sys
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-14 06:19:14    17352880    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-06 22:40:56    61120    ----a-w-    C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-22 19:48:16    376832    ----a-w-    C:\Windows\SysWow64\MPIWIN32.DLL
2014-04-15 08:34:10    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 13:46:41.49 ===============
 



BC AdBot (Login to Remove)

 


m

#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:41 AM

Posted 01 July 2014 - 08:11 PM

:welcome:
 
Download AdwCleaner from here or from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
 
AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
 
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
 
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Shannacat

Shannacat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:10:41 PM

Posted 01 July 2014 - 10:22 PM

Master Surgeon General,

 

Ran AdwCleaner and it found nothing this time, but ran it earlier today will send both logs:

Most recent log:

 

# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Shanna - HYPERDRIVE
# Running from : C:\Users\Shanna\Desktop\AdwCleaner\AdwCleaner 2014 07 01\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files\SupraSavings
Folder Found : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\hds0q9j4.default-1404002839316\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.easylifeapp.com/
Found [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm

*************************

AdwCleaner[R0].txt - [4527 octets] - [28/06/2014 19:00:46]
AdwCleaner[R1].txt - [1609 octets] - [01/07/2014 13:01:36]
AdwCleaner[R2].txt - [1468 octets] - [01/07/2014 20:59:04]
AdwCleaner[S0].txt - [5141 octets] - [28/06/2014 19:01:59]
AdwCleaner[S1].txt - [2224 octets] - [01/07/2014 13:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1648 octets] ##########

 

AdwCleaner log from ~8 hours ealier today:

 AdwCleaner v3.214 - Report created 01/07/2014 at 13:19:16
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Shanna - HYPERDRIVE
# Running from : C:\Users\Shanna\Downloads\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 64af91bf

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
File Deleted : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\hds0q9j4.default-1404002839316\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=113597&tt=2912_2&babsrc=SP_ss&mntrId=26f12ed2000000000000c6cb387556f5
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M84B687B1-AC73-48D7-A300-5B8FC276D1EB&SearchSource=58&CUI=&UM=5&UP=SPA6B665E0-5DDE-4DC2-909C-695C72703484&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.easylifeapp.com/
Deleted [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm

*************************

AdwCleaner[R0].txt - [4527 octets] - [28/06/2014 19:00:46]
AdwCleaner[R1].txt - [1609 octets] - [01/07/2014 13:01:36]
AdwCleaner[S0].txt - [5141 octets] - [28/06/2014 19:01:59]
AdwCleaner[S1].txt - [2084 octets] - [01/07/2014 13:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2144 octets] ##########
 

Farbar Recovery Scan Tool

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014
Ran by Shanna (administrator) on HYPERDRIVE on 01-07-2014 21:03:02
Running from C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
(BERNINA International AG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mcomm.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mlauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\Roxio Burn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SMTrayNotify.exe
() C:\Users\Shanna\Desktop\AdwCleaner\AdwCleaner 2014 07 01\AdwCleaner.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Runonce: [SMRequiresRestart] -  [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)
HKU\S-1-5-21-89600652-2559728348-341990306-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-89600652-2559728348-341990306-1001\...\Run: [GoToMeeting] => C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe [40304 2014-03-25] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-89600652-2559728348-341990306-1001\...\Run: [GoogleChromeAutoLaunch_DE8D5291F9E005A4A2DE5EA906DCC3E5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-89600652-2559728348-341990306-1001\...\MountPoints2: {7c6de5df-1bc8-11e3-93ea-b8ac6fcccd06} - I:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1MediaFireIconError -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} =>  No File
ShellIconOverlayIdentifiers: 1MediaFireIconSynched -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} =>  No File
ShellIconOverlayIdentifiers: 1MediaFireIconSyncing -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} =>  No File
ShellIconOverlayIdentifiers: MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk /p \??\C:autocheck autochk /p \??\I:autocheck smrgdf C:\Users\Shanna\AppData\Roaming\iolo\

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {8A443B21-E4F3-4856-A30A-4A80F2AA9D80} http://192.168.1.12/DTPickerWrap.CAB
DPF: HKLM-x32 {D75CC892-8952-4F6A-B082-FF1103E0D5A7} http://192.168.1.12/WRControlLite.CAB
Tcpip\Parameters: [DhcpNameServer] 69.144.127.53 68.116.46.115 71.9.127.107

FireFox:
========
FF ProfilePath: C:\Users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\hds0q9j4.default-1404002839316
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Shanna\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Adblock Plus - C:\Users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\hds0q9j4.default-1404002839316\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://my.yahoo.com/", "hxxp://www.bernina.com/en-US/Experience/Free-Downloads/USA/ImperialTulip82008", "file:///C:/Users/Shanna/Downloads/BERNINA-SoftwareExtravaganza-Consumer-Jul2014-Bonus.pdf", "hxxp://www.betterinvesting.org/BI/Templates/Members/MembersHome.aspx?NRMODE=Published&NRNODEGUID=%7bF371C016-70EB-407F-92C9-C754D7ED35B6%7d&NRORIGINALURL=%2fMembers%2fdefault%2ehtm&NRCACHEHINT=Guest", "hxxp://ssg.betterinvesting.org/ssgplus/study.aspx?studyid=37492", "https://groups.yahoo.com/neo/groups/BerninaV7Software/conversations/topics/6417;_ylc=X3oDMTM2NGgxNm83BF9TAzk3MzU5NzE1BGdycElkAzgxNjE2Mzc2BGdycHNwSWQDMTcwNTA2Mjk4NQRtc2dJZAM2NTM2BHNlYwNkbXNnBHNsawN2dHBjBHN0aW1lAzE0MDA2NjA2ODcEdHBjSWQDNjQxNw--", "https://www.mediafire.com/folder/4t17936lps5u9/01_Bernina_Software_V6_01-33", "https://www.google.com/", "hxxp://www.favequilts.com/tag/Table-Runner-Quilt-Patterns/page/2", "https://www.dropbox.com/s/enyooldrnsbufdt/005%20Endlessly%20Ecstatic.zip", "hxxp://www.joann.com/search?q=silhouette%20blade", "https://chrome.google.com/webstore/category/themes?hl=en", "hxxp://search.easylifeapp.com/"
CHR Extension: (Bejeweled) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-06-21]
CHR Extension: (Google Docs) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-30]
CHR Extension: (Google Search) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (AdBlock) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-21]
CHR Extension: (Pin It Button) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-21]
CHR Extension: (Wolfram Alpha) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\idggmlekajlpkppfjdadikipagekmfdn [2014-06-26]
CHR Extension: (Send to Kindle (by Klip.me)) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan [2014-06-21]
CHR Extension: (Cute Kitten 2) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc [2014-06-21]
CHR Extension: (Quick Note) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-06-21]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-06-21]
CHR Extension: (Google Wallet) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Gmail) - C:\Users\Shanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-05-30] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-30] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5454640 2014-03-28] (MediaMall Technologies, Inc.)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
R2 SupraSavingsService64; C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90496 2013-05-02] (BERNINA International AG)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
S1 FileDisk; No ImagePath
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-05-30] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2014-06-19] (Windows ® Win 7 DDK provider)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [File not signed]
S2 wntpport; No ImagePath
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [61120 2014-05-06] (StdLib)
S0 jyrfc; System32\drivers\iufo.sys [X]
S0 mxrn; System32\drivers\hmdp.sys [X]
S0 oyjtgo; System32\drivers\lplnfk.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 xjmipi; System32\drivers\uqeptvby.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 21:01 - 2014-07-01 21:03 - 00000000 ____D () C:\FRST
2014-07-01 15:56 - 2014-07-01 15:56 - 00000000 _____ () C:\Windows\system32\smrgdf.txt
2014-07-01 14:00 - 2014-07-01 14:00 - 00024041 _____ () C:\Users\Shanna\Desktop\DDS text.txt
2014-07-01 13:56 - 2014-07-01 13:56 - 00016299 _____ () C:\Users\Shanna\Desktop\dds file 1 2014 07.txt
2014-07-01 13:46 - 2014-07-01 13:46 - 00024041 _____ () C:\Users\Shanna\Desktop\dds.txt
2014-07-01 13:46 - 2014-07-01 13:46 - 00016299 _____ () C:\Users\Shanna\Desktop\attach.txt
2014-07-01 13:37 - 2014-07-01 21:03 - 00000000 ____D () C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
2014-07-01 13:33 - 2014-07-01 13:33 - 01346519 _____ () C:\Users\Shanna\Downloads\adwcleaner_3.214 (1).exe
2014-07-01 13:30 - 2014-07-01 20:55 - 00000000 ____D () C:\Users\Shanna\Desktop\AdwCleaner
2014-07-01 13:27 - 2014-07-01 13:40 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-01 12:53 - 2014-07-01 12:53 - 01346519 _____ () C:\Users\Shanna\Downloads\adwcleaner_3.214.exe
2014-07-01 10:37 - 2014-07-01 10:37 - 05212874 _____ (Swearware) C:\Users\Shanna\Downloads\ComboFix.exe
2014-07-01 10:36 - 2014-07-01 10:36 - 00688992 ____R (Swearware) C:\Users\Shanna\Downloads\dds.com
2014-06-30 10:47 - 2014-06-30 11:12 - 00000000 ____D () C:\Users\Shanna\Desktop\mediafire dll
2014-06-29 10:36 - 2014-06-30 08:10 - 00000000 ____D () C:\Users\Shanna\Desktop\MediaFire
2014-06-28 21:12 - 2014-06-28 21:12 - 00025600 _____ () C:\Users\Shanna\Downloads\crowns_004.art
2014-06-28 21:12 - 2014-06-28 21:12 - 00024064 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_004.art
2014-06-28 21:12 - 2014-06-28 21:12 - 00006812 _____ () C:\Users\Shanna\Downloads\crowns_004.exp
2014-06-28 21:11 - 2014-06-28 21:11 - 00010576 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_004.exp
2014-06-28 20:00 - 2014-06-28 20:00 - 00059450 _____ () C:\Users\Shanna\Documents\HitmanPro_20140628_1959.log
2014-06-28 19:59 - 2014-06-28 20:31 - 00000570 _____ () C:\Windows\system32\.crusader
2014-06-28 19:45 - 2014-06-28 19:45 - 00001891 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-28 19:45 - 2014-06-28 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-28 19:45 - 2014-06-28 19:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-28 19:44 - 2014-06-28 20:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-28 19:44 - 2014-06-28 19:44 - 11181544 _____ (SurfRight B.V.) C:\Users\Shanna\Downloads\HitmanPro_x64.exe
2014-06-28 19:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-28 19:00 - 2014-07-01 21:01 - 00000000 ____D () C:\AdwCleaner
2014-06-28 18:51 - 2014-06-28 18:51 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-28 18:51 - 2014-06-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-28 18:50 - 2014-07-01 20:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 18:50 - 2014-07-01 18:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 18:50 - 2014-06-28 18:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 18:50 - 2014-06-28 18:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 18:47 - 2014-06-28 18:47 - 00000000 ____D () C:\Users\Shanna\Desktop\Old Firefox Data
2014-06-28 12:40 - 2014-06-28 12:40 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Shanna\Downloads\mbam_premium.exe
2014-06-27 18:25 - 2014-06-27 18:27 - 187173663 _____ () C:\Users\Shanna\Downloads\BERNINA_V7_0R_Update.zip
2014-06-27 16:42 - 2014-07-01 17:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 16:42 - 2014-06-28 12:45 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 16:42 - 2014-06-28 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 16:42 - 2014-06-28 12:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 16:42 - 2014-06-27 16:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 16:42 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-27 16:42 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 16:42 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-27 16:37 - 2014-06-27 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Shanna\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 15:10 - 2014-06-27 15:10 - 00895120 _____ (Google Inc.) C:\Users\Shanna\Downloads\ChromeSetup.exe
2014-06-27 08:26 - 2014-06-27 11:20 - 00000000 ____D () C:\Users\Default\AppData\Roaming\iolo
2014-06-27 08:26 - 2014-06-27 11:20 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\iolo
2014-06-26 13:22 - 2014-06-27 08:24 - 00000000 ____D () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF
2014-06-25 09:16 - 2014-06-25 09:19 - 00000022 _____ () C:\Users\Shanna\Downloads\006 Bohemian Rhapsody.zip
2014-06-24 13:23 - 2014-06-24 13:29 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Bernina DesignWorks 2.0
2014-06-24 09:42 - 2014-06-24 09:42 - 00019030 _____ () C:\Users\Shanna\Downloads\chubbyfarm_horse.exp
2014-06-24 09:41 - 2014-06-24 09:41 - 00046592 _____ () C:\Users\Shanna\Downloads\chubbyfarm_horse.art
2014-06-24 09:41 - 2014-06-24 09:41 - 00022528 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_003.art
2014-06-24 09:41 - 2014-06-24 09:41 - 00008520 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_003.exp
2014-06-22 14:09 - 2014-06-22 14:09 - 00041757 _____ () C:\Users\Shanna\Downloads\message2013-12-09--13-01-21.wav
2014-06-22 11:46 - 2014-06-22 11:46 - 00047104 _____ () C:\Users\Shanna\Downloads\adorableapplique-744137-46131.ART
2014-06-22 11:46 - 2014-06-22 11:46 - 00014422 _____ () C:\Users\Shanna\Downloads\adorableapplique-744137-46134.exp
2014-06-21 15:45 - 2014-06-21 15:45 - 00121832 _____ () C:\Users\Shanna\Downloads\BURST-5-LARGE.zip
2014-06-21 15:45 - 2014-06-21 15:45 - 00072723 _____ () C:\Users\Shanna\Downloads\BURST-5-SMALL.zip
2014-06-20 21:58 - 2014-06-20 21:58 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Macromedia
2014-06-20 21:49 - 2014-06-21 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 21:49 - 2014-06-20 21:50 - 00000000 ____D () C:\Users\Shanna\AppData\Roaming\Mozilla
2014-06-20 21:49 - 2014-06-20 21:50 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Mozilla
2014-06-20 21:49 - 2014-06-20 21:49 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-20 21:49 - 2014-06-20 21:49 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-20 21:49 - 2014-06-20 21:49 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-20 21:43 - 2014-06-20 21:43 - 00003174 _____ () C:\Windows\System32\Tasks\{70F9F940-4D78-4804-A058-27A12B2B5509}
2014-06-20 07:48 - 2014-06-20 07:48 - 00813721 _____ () C:\Users\Shanna\Downloads\The Sofia skirt.zip
2014-06-19 17:38 - 2014-06-19 17:38 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork (1) (1).zip
2014-06-19 15:59 - 2014-06-19 16:00 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork (1).zip
2014-06-19 14:58 - 2014-06-19 14:58 - 00051712 _____ () C:\Users\Shanna\Downloads\adorableapplique-711298-33828.ART
2014-06-19 14:58 - 2014-06-19 14:58 - 00008896 _____ () C:\Users\Shanna\Downloads\adorableapplique-711298-33831.exp
2014-06-18 16:59 - 2014-06-18 16:59 - 57589462 _____ () C:\Users\Shanna\Downloads\06 Designing with CorelDRAW Essentials.wmv
2014-06-18 14:18 - 2014-06-18 14:19 - 00000237 _____ () C:\Users\Shanna\Downloads\1-7821407041036469552-146402f8d03.asx
2014-06-18 11:05 - 2014-06-18 11:05 - 02004544 _____ () C:\Users\Shanna\Downloads\BERNINAEmbrSoftware7-RunningWithBlackwork.zip
2014-06-18 10:46 - 2014-06-18 10:47 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 03346473 _____ () C:\Users\Shanna\Downloads\lgp010-instructions.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 01675962 _____ () C:\Users\Shanna\Downloads\lgp010-templates.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00510547 _____ () C:\Users\Shanna\Downloads\lgp010-colors.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00272737 _____ () C:\Users\Shanna\Downloads\lgp010art.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00207141 _____ () C:\Users\Shanna\Downloads\lgfd1401-colors.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00091435 _____ () C:\Users\Shanna\Downloads\lgp010dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00077535 _____ () C:\Users\Shanna\Downloads\lgfd1401-templates.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00075251 _____ () C:\Users\Shanna\Downloads\lgp010exp.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00013900 _____ () C:\Users\Shanna\Downloads\lgfd1401dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00011397 _____ () C:\Users\Shanna\Downloads\lgs03906dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00011226 _____ () C:\Users\Shanna\Downloads\lgfd1401exp.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00008904 _____ () C:\Users\Shanna\Downloads\lgs03906exp.zip
2014-06-17 11:59 - 2014-06-17 11:59 - 00002448 _____ () C:\Users\Shanna\Downloads\TRU Webinar #5_ Basic Introduction to CorelDraw (Beginner).ics
2014-06-15 17:37 - 2014-06-15 17:37 - 00497637 _____ () C:\Users\Shanna\Downloads\WORKING WITH ARTWORK.zip
2014-06-15 15:48 - 2014-06-15 15:48 - 00008057 _____ () C:\Users\Shanna\Downloads\G089.DST
2014-06-15 15:41 - 2014-06-15 15:41 - 00000000 __SHD () C:\Users\Shanna\AppData\Local\EmieUserList
2014-06-15 15:41 - 2014-06-15 15:41 - 00000000 __SHD () C:\Users\Shanna\AppData\Local\EmieSiteList
2014-06-15 14:00 - 2014-06-15 14:00 - 00006737 _____ () C:\Users\Shanna\Downloads\BERNINA-CrystalWork-JazziCrystals (2).zip
2014-06-14 14:59 - 2014-06-14 14:59 - 00001131 _____ () C:\Users\Shanna\Desktop\Amazon Music.lnk
2014-06-14 14:58 - 2014-06-14 14:58 - 38534152 _____ (Amazon) C:\Users\Shanna\Downloads\AmazonMusicInstaller.exe
2014-06-14 13:06 - 2014-06-14 13:06 - 00324931 _____ () C:\Users\Shanna\Downloads\FL_Installer (1).exe
2014-06-13 11:46 - 2014-06-13 11:46 - 00000000 _____ () C:\Windows\DEFMERGE.INI
2014-06-12 15:46 - 2014-06-27 16:26 - 00000000 ____D () C:\ProgramData\5d44516733b4b94e
2014-06-12 15:46 - 2014-06-12 15:46 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Packages
2014-06-12 13:05 - 2014-06-12 13:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 10:17 - 2014-06-12 10:17 - 00030720 _____ () C:\Users\Shanna\Downloads\Spiral (1).Draw
2014-06-11 08:26 - 2014-06-11 08:26 - 00016884 _____ () C:\Users\Shanna\Downloads\adorableapplique-865474-70494.exp
2014-06-11 08:20 - 2014-06-11 08:20 - 00069632 _____ () C:\Users\Shanna\Downloads\adorableapplique-865474-70490.ART
2014-06-10 16:11 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:11 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:11 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 16:11 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:11 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 16:11 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:11 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 16:11 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:11 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:11 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 16:11 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 16:11 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 16:11 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 16:11 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:11 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 16:11 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:11 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:11 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:11 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 16:11 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:11 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:11 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 16:11 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:11 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:11 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 16:11 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:11 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:11 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:11 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:11 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 16:11 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:11 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 16:11 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 16:11 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 16:11 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:11 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:11 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 16:11 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:11 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:11 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:11 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:11 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:11 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:11 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 16:11 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:11 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:11 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:11 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:11 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:11 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:11 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 16:11 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 16:11 - 2014-05-08 03:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 16:11 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 16:11 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 16:11 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 16:11 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 16:11 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 16:11 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 16:11 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 16:11 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 16:11 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 16:11 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 16:11 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 16:11 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 16:11 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:10 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 16:10 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-01 21:03 - 2014-07-01 21:01 - 00000000 ____D () C:\FRST
2014-07-01 21:03 - 2014-07-01 13:37 - 00000000 ____D () C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
2014-07-01 21:01 - 2014-06-28 19:00 - 00000000 ____D () C:\AdwCleaner
2014-07-01 20:55 - 2014-07-01 13:30 - 00000000 ____D () C:\Users\Shanna\Desktop\AdwCleaner
2014-07-01 20:55 - 2014-06-28 18:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-01 20:54 - 2013-04-24 17:08 - 00000000 ____D () C:\Users\Shanna\Documents\Outlook Files
2014-07-01 20:40 - 2014-03-13 10:56 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-89600652-2559728348-341990306-1001.job
2014-07-01 20:19 - 2013-04-23 16:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-01 18:55 - 2014-06-28 18:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-01 17:37 - 2014-06-27 16:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 15:56 - 2014-07-01 15:56 - 00000000 _____ () C:\Windows\system32\smrgdf.txt
2014-07-01 15:56 - 2009-07-13 23:10 - 01151398 _____ () C:\Windows\WindowsUpdate.log
2014-07-01 14:37 - 2013-05-04 20:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-01 14:00 - 2014-07-01 14:00 - 00024041 _____ () C:\Users\Shanna\Desktop\DDS text.txt
2014-07-01 13:56 - 2014-07-01 13:56 - 00016299 _____ () C:\Users\Shanna\Desktop\dds file 1 2014 07.txt
2014-07-01 13:46 - 2014-07-01 13:46 - 00024041 _____ () C:\Users\Shanna\Desktop\dds.txt
2014-07-01 13:46 - 2014-07-01 13:46 - 00016299 _____ () C:\Users\Shanna\Desktop\attach.txt
2014-07-01 13:40 - 2014-07-01 13:27 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-01 13:34 - 2009-07-13 22:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 13:34 - 2009-07-13 22:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 13:33 - 2014-07-01 13:33 - 01346519 _____ () C:\Users\Shanna\Downloads\adwcleaner_3.214 (1).exe
2014-07-01 13:28 - 2014-05-03 08:28 - 00000000 ____D () C:\Users\Shanna\AppData\Roaming\DropboxMaster
2014-07-01 13:28 - 2013-05-19 12:38 - 00000000 ___RD () C:\Users\Shanna\Dropbox
2014-07-01 13:28 - 2013-05-19 12:36 - 00000000 ____D () C:\Users\Shanna\AppData\Roaming\Dropbox
2014-07-01 13:27 - 2013-10-23 15:21 - 00007316 _____ () C:\Windows\error.log
2014-07-01 13:27 - 2013-04-24 17:32 - 00000408 _____ () C:\Windows\SysWOW64\iolo.ini
2014-07-01 13:27 - 2013-04-24 17:32 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-07-01 13:27 - 2013-04-24 17:32 - 00000392 _____ () C:\Windows\SysWOW64\iolo.ini.txt
2014-07-01 13:27 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 13:27 - 2009-07-13 22:51 - 00038722 _____ () C:\Windows\setupact.log
2014-07-01 13:26 - 2013-10-23 15:21 - 00004901 _____ () C:\Windows\errord.log
2014-07-01 13:26 - 2013-04-23 17:48 - 00631558 _____ () C:\Windows\PFRO.log
2014-07-01 12:53 - 2014-07-01 12:53 - 01346519 _____ () C:\Users\Shanna\Downloads\adwcleaner_3.214.exe
2014-07-01 10:37 - 2014-07-01 10:37 - 05212874 _____ (Swearware) C:\Users\Shanna\Downloads\ComboFix.exe
2014-07-01 10:36 - 2014-07-01 10:36 - 00688992 ____R (Swearware) C:\Users\Shanna\Downloads\dds.com
2014-07-01 08:51 - 2013-04-23 16:31 - 00000000 ____D () C:\Users\Shanna
2014-06-30 11:12 - 2014-06-30 10:47 - 00000000 ____D () C:\Users\Shanna\Desktop\mediafire dll
2014-06-30 10:23 - 2009-07-13 23:08 - 00025378 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-30 08:10 - 2014-06-29 10:36 - 00000000 ____D () C:\Users\Shanna\Desktop\MediaFire
2014-06-29 14:54 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2014-06-29 13:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-29 06:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-06-28 21:12 - 2014-06-28 21:12 - 00025600 _____ () C:\Users\Shanna\Downloads\crowns_004.art
2014-06-28 21:12 - 2014-06-28 21:12 - 00024064 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_004.art
2014-06-28 21:12 - 2014-06-28 21:12 - 00006812 _____ () C:\Users\Shanna\Downloads\crowns_004.exp
2014-06-28 21:11 - 2014-06-28 21:11 - 00010576 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_004.exp
2014-06-28 20:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-28 20:31 - 2014-06-28 19:59 - 00000570 _____ () C:\Windows\system32\.crusader
2014-06-28 20:00 - 2014-06-28 20:00 - 00059450 _____ () C:\Users\Shanna\Documents\HitmanPro_20140628_1959.log
2014-06-28 20:00 - 2014-06-28 19:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-28 19:45 - 2014-06-28 19:45 - 00001891 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-28 19:45 - 2014-06-28 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-28 19:45 - 2014-06-28 19:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-28 19:44 - 2014-06-28 19:44 - 11181544 _____ (SurfRight B.V.) C:\Users\Shanna\Downloads\HitmanPro_x64.exe
2014-06-28 18:51 - 2014-06-28 18:51 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-28 18:51 - 2014-06-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-28 18:50 - 2014-06-28 18:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 18:50 - 2014-06-28 18:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 18:50 - 2013-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-28 18:50 - 2013-04-24 14:08 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Deployment
2014-06-28 18:47 - 2014-06-28 18:47 - 00000000 ____D () C:\Users\Shanna\Desktop\Old Firefox Data
2014-06-28 12:45 - 2014-06-27 16:42 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 12:45 - 2014-06-27 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 12:45 - 2014-06-27 16:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 12:40 - 2014-06-28 12:40 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Shanna\Downloads\mbam_premium.exe
2014-06-28 08:10 - 2014-03-06 15:55 - 00165376 _____ () C:\Users\Shanna\Documents\Sites - User IDs.xls
2014-06-27 18:27 - 2014-06-27 18:25 - 187173663 _____ () C:\Users\Shanna\Downloads\BERNINA_V7_0R_Update.zip
2014-06-27 17:14 - 2013-04-24 17:25 - 00000000 ____D () C:\ProgramData\iolo
2014-06-27 16:56 - 2014-05-21 13:22 - 00000000 ____D () C:\temp
2014-06-27 16:42 - 2014-06-27 16:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 16:37 - 2014-06-27 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Shanna\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 16:26 - 2014-06-12 15:46 - 00000000 ____D () C:\ProgramData\5d44516733b4b94e
2014-06-27 15:10 - 2014-06-27 15:10 - 00895120 _____ (Google Inc.) C:\Users\Shanna\Downloads\ChromeSetup.exe
2014-06-27 11:20 - 2014-06-27 08:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\iolo
2014-06-27 11:20 - 2014-06-27 08:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\iolo
2014-06-27 08:24 - 2014-06-26 13:22 - 00000000 ____D () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF
2014-06-26 23:00 - 2013-05-05 10:51 - 00000000 ____D () C:\Users\Shanna\AppData\Local\CrashDumps
2014-06-26 17:32 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\Shanna\Documents\Quilting
2014-06-25 10:32 - 2014-04-22 14:56 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-25 10:16 - 2013-05-04 13:11 - 00000000 ____D () C:\Users\Shanna\Documents\Sewing
2014-06-25 09:19 - 2014-06-25 09:16 - 00000022 _____ () C:\Users\Shanna\Downloads\006 Bohemian Rhapsody.zip
2014-06-24 14:10 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 13:29 - 2014-06-24 13:23 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Bernina DesignWorks 2.0
2014-06-24 12:04 - 2014-01-10 12:49 - 00000000 ____D () C:\Users\Shanna\Documents\BERNINA
2014-06-24 10:40 - 2013-05-03 20:40 - 00000000 ____D () C:\Users\Shanna\Documents\BOD
2014-06-24 09:42 - 2014-06-24 09:42 - 00019030 _____ () C:\Users\Shanna\Downloads\chubbyfarm_horse.exp
2014-06-24 09:41 - 2014-06-24 09:41 - 00046592 _____ () C:\Users\Shanna\Downloads\chubbyfarm_horse.art
2014-06-24 09:41 - 2014-06-24 09:41 - 00022528 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_003.art
2014-06-24 09:41 - 2014-06-24 09:41 - 00008520 _____ () C:\Users\Shanna\Downloads\swirlycatfaces_003.exp
2014-06-22 17:17 - 2013-05-04 12:59 - 00000000 ____D () C:\Users\Shanna\Documents\My Scans
2014-06-22 14:09 - 2014-06-22 14:09 - 00041757 _____ () C:\Users\Shanna\Downloads\message2013-12-09--13-01-21.wav
2014-06-22 11:46 - 2014-06-22 11:46 - 00047104 _____ () C:\Users\Shanna\Downloads\adorableapplique-744137-46131.ART
2014-06-22 11:46 - 2014-06-22 11:46 - 00014422 _____ () C:\Users\Shanna\Downloads\adorableapplique-744137-46134.exp
2014-06-21 22:47 - 2014-06-20 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 16:00 - 2013-04-24 19:38 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Google
2014-06-21 15:45 - 2014-06-21 15:45 - 00121832 _____ () C:\Users\Shanna\Downloads\BURST-5-LARGE.zip
2014-06-21 15:45 - 2014-06-21 15:45 - 00072723 _____ () C:\Users\Shanna\Downloads\BURST-5-SMALL.zip
2014-06-21 15:35 - 2013-05-03 21:05 - 00000000 ____D () C:\Users\Shanna\Documents\Camtasia Studio
2014-06-21 15:16 - 2014-01-19 19:06 - 00000000 ____D () C:\Users\Shanna\Documents\Images for digitization
2014-06-21 15:02 - 2013-05-04 13:30 - 00442368 ___SH () C:\Users\Shanna\Documents\Thumbs.db
2014-06-20 21:58 - 2014-06-20 21:58 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Macromedia
2014-06-20 21:58 - 2013-04-23 16:11 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:58 - 2013-04-23 16:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 21:58 - 2013-04-23 16:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 21:50 - 2014-06-20 21:49 - 00000000 ____D () C:\Users\Shanna\AppData\Roaming\Mozilla
2014-06-20 21:50 - 2014-06-20 21:49 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Mozilla
2014-06-20 21:49 - 2014-06-20 21:49 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-20 21:49 - 2014-06-20 21:49 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-20 21:49 - 2014-06-20 21:49 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-20 21:43 - 2014-06-20 21:43 - 00003174 _____ () C:\Windows\System32\Tasks\{70F9F940-4D78-4804-A058-27A12B2B5509}
2014-06-20 07:48 - 2014-06-20 07:48 - 00813721 _____ () C:\Users\Shanna\Downloads\The Sofia skirt.zip
2014-06-19 17:38 - 2014-06-19 17:38 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork (1) (1).zip
2014-06-19 16:00 - 2014-06-19 15:59 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork (1).zip
2014-06-19 14:58 - 2014-06-19 14:58 - 00051712 _____ () C:\Users\Shanna\Downloads\adorableapplique-711298-33828.ART
2014-06-19 14:58 - 2014-06-19 14:58 - 00008896 _____ () C:\Users\Shanna\Downloads\adorableapplique-711298-33831.exp
2014-06-19 00:41 - 2014-01-29 15:49 - 00020696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\mfmonitor_x64.sys
2014-06-18 16:59 - 2014-06-18 16:59 - 57589462 _____ () C:\Users\Shanna\Downloads\06 Designing with CorelDRAW Essentials.wmv
2014-06-18 14:19 - 2014-06-18 14:18 - 00000237 _____ () C:\Users\Shanna\Downloads\1-7821407041036469552-146402f8d03.asx
2014-06-18 13:58 - 2013-05-08 18:16 - 00005632 _____ () C:\Users\Shanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-18 11:05 - 2014-06-18 11:05 - 02004544 _____ () C:\Users\Shanna\Downloads\BERNINAEmbrSoftware7-RunningWithBlackwork.zip
2014-06-18 10:47 - 2014-06-18 10:46 - 84167282 _____ () C:\Users\Shanna\Downloads\006 Running with Blackwork.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 03346473 _____ () C:\Users\Shanna\Downloads\lgp010-instructions.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 01675962 _____ () C:\Users\Shanna\Downloads\lgp010-templates.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00510547 _____ () C:\Users\Shanna\Downloads\lgp010-colors.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00272737 _____ () C:\Users\Shanna\Downloads\lgp010art.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00207141 _____ () C:\Users\Shanna\Downloads\lgfd1401-colors.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00091435 _____ () C:\Users\Shanna\Downloads\lgp010dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00077535 _____ () C:\Users\Shanna\Downloads\lgfd1401-templates.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00075251 _____ () C:\Users\Shanna\Downloads\lgp010exp.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00013900 _____ () C:\Users\Shanna\Downloads\lgfd1401dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00011397 _____ () C:\Users\Shanna\Downloads\lgs03906dst.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00011226 _____ () C:\Users\Shanna\Downloads\lgfd1401exp.zip
2014-06-17 18:16 - 2014-06-17 18:16 - 00008904 _____ () C:\Users\Shanna\Downloads\lgs03906exp.zip
2014-06-17 12:42 - 2014-05-04 12:59 - 00000000 ____D () C:\Users\Shanna\Documents\Craftsy Classes
2014-06-17 11:59 - 2014-06-17 11:59 - 00002448 _____ () C:\Users\Shanna\Downloads\TRU Webinar #5_ Basic Introduction to CorelDraw (Beginner).ics
2014-06-15 17:37 - 2014-06-15 17:37 - 00497637 _____ () C:\Users\Shanna\Downloads\WORKING WITH ARTWORK.zip
2014-06-15 16:33 - 2013-05-04 12:47 - 00000000 ____D () C:\Users\Shanna\Documents\Embroidery
2014-06-15 15:48 - 2014-06-15 15:48 - 00008057 _____ () C:\Users\Shanna\Downloads\G089.DST
2014-06-15 15:41 - 2014-06-15 15:41 - 00000000 __SHD () C:\Users\Shanna\AppData\Local\EmieUserList
2014-06-15 15:41 - 2014-06-15 15:41 - 00000000 __SHD () C:\Users\Shanna\AppData\Local\EmieSiteList
2014-06-15 14:58 - 2013-04-25 10:06 - 00000000 ____D () C:\Users\Shanna\Documents\Quicken
2014-06-15 14:00 - 2014-06-15 14:00 - 00006737 _____ () C:\Users\Shanna\Downloads\BERNINA-CrystalWork-JazziCrystals (2).zip
2014-06-14 14:59 - 2014-06-14 14:59 - 00001131 _____ () C:\Users\Shanna\Desktop\Amazon Music.lnk
2014-06-14 14:58 - 2014-06-14 14:58 - 38534152 _____ (Amazon) C:\Users\Shanna\Downloads\AmazonMusicInstaller.exe
2014-06-14 13:06 - 2014-06-14 13:06 - 00324931 _____ () C:\Users\Shanna\Downloads\FL_Installer (1).exe
2014-06-13 12:30 - 2014-03-28 12:59 - 00000000 ____D () C:\Users\Shanna\AppData\Roaming\eM Client
2014-06-13 11:46 - 2014-06-13 11:46 - 00000000 _____ () C:\Windows\DEFMERGE.INI
2014-06-13 11:46 - 2014-03-07 15:30 - 00000000 ____D () C:\My Designs - Embroidery Software 7
2014-06-13 11:45 - 2014-01-29 14:50 - 00002222 _____ () C:\Users\Public\Desktop\BERNINA Embroidery Software 7.lnk
2014-06-13 11:45 - 2014-01-29 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA Embroidery Software 7
2014-06-13 11:45 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files\Common Files\Wilcom
2014-06-13 08:50 - 2014-05-19 11:07 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-06-12 15:46 - 2014-06-12 15:46 - 00000000 ____D () C:\Users\Shanna\AppData\Local\Packages
2014-06-12 15:08 - 2014-05-29 09:59 - 05562355 _____ () C:\Users\Shanna\Desktop\Boosting Return.pptx
2014-06-12 13:05 - 2014-06-12 13:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 10:17 - 2014-06-12 10:17 - 00030720 _____ () C:\Users\Shanna\Downloads\Spiral (1).Draw
2014-06-12 10:06 - 2014-01-10 13:10 - 00000000 ____D () C:\Users\Shanna\Documents\Medical
2014-06-12 06:33 - 2014-03-13 10:57 - 00003600 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-89600652-2559728348-341990306-1001
2014-06-11 14:21 - 2013-05-03 20:41 - 00000000 ____D () C:\Users\Shanna\Documents\Camtasia Media
2014-06-11 08:41 - 2013-11-18 14:09 - 00000000 ____D () C:\Users\Shanna\Documents\Health Care
2014-06-11 08:41 - 2013-05-04 12:56 - 00000000 ____D () C:\Users\Shanna\Documents\Morningstar
2014-06-11 08:26 - 2014-06-11 08:26 - 00016884 _____ () C:\Users\Shanna\Downloads\adorableapplique-865474-70494.exp
2014-06-11 08:20 - 2014-06-11 08:20 - 00069632 _____ () C:\Users\Shanna\Downloads\adorableapplique-865474-70490.ART
2014-06-11 05:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:10 - 2013-08-15 09:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:06 - 2013-05-03 20:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:05 - 2013-04-24 16:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:03 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 11:23 - 2013-08-11 13:46 - 00000000 ____D () C:\Users\Shanna\Documents\CHRW study
2014-06-08 03:13 - 2014-06-10 16:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 16:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 16:40 - 2009-07-13 22:45 - 00675024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-01 08:17 - 2013-08-09 07:47 - 00000000 ____D () C:\Users\Shanna\Documents\BINC 2009

Some content of TEMP:
====================
C:\Users\Shanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmv26x.dll
C:\Users\Shanna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:51

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2014
Ran by Shanna at 2014-07-01 21:03:58
Running from C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat  9 Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat  9 Standard (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.04 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
AnnTheGran Catalog XPress 2.5 (HKLM-x32\...\InstallShield_{62A5DC36-4699-4498-A8FA-326DD2AA8FFB}) (Version: 2.5.0058 - Pulse Microsystems Ltd.)
AnnTheGran Catalog XPress 2.5 (x32 Version: 2.5.0058 - Pulse Microsystems Ltd.) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0803.2124 - )
AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden
BERNINA ART Design (x32 Version: 1.0.0148 - BERNINA) Hidden
BERNINA ART Design 1.0G (HKLM-x32\...\{B8A7CBED-E991-4979-B2E4-885F05E36347}) (Version: 1.0.0148 - BERNINA)
BERNINA DesignWorks (HKLM-x32\...\{5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97}) (Version: 2.0.7570.2013 - DRAWstitch LTD.)
BERNINA Embroidery Software 7 (HKLM-x32\...\{980D1FF7-C5EF-4911-A122-57CF7DFB3F63}) (Version: 18.0.114.7019 - BERNINA)
BERNINA Embroidery Software 7 (x32 Version: 18.0.57.6986 - Wilcom) Hidden
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.27.70 - BERNINA)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0803.2125.36577 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help English (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help French (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help German (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
ccc-utility64 (Version: 2010.0803.2125.36577 - ATI) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Color LaserJet 2600n (HKLM-x32\...\HP-Color LaserJet 2600n) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{FD3E08F9-266E-49A8-93C4-A116BA2CD20A}) (Version: 16.2.0.998 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 16.2.998 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.2.998 - Corel Corporation) Hidden
Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
CorelDRAW Essentials X6 - BR (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Common (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Connect (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Custom Data (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - DE (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Draw (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - EN (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - ES (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Extra Content (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Filters (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - FR (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - IPM (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - IT (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - JP (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - NL (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - PHOTO-PAINT (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Redist (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - Setup Files (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - VBA (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - VideoBrowser (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - VSTA (x32 Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Essentials X6 - WT (x32 Version: 16.2 -  Corel Corporation) Hidden
CorelDRAW Essentials X6 (HKLM-x32\...\_{07F8F15B-443E-438E-864A-C6154426EE38}) (Version: 16.2.0.998 - Corel Corporation)
CorelDRAW Essentials X6 (x32 Version: 16.2 - Corel Corporation) Hidden
Creative Vado HD Codec (HKLM-x32\...\Creative Vado HD Codec) (Version:  - Creative Technology Ltd)
Creative Vado HD Codec (x32 Version: 1.0.0.1 - Creative Technology Ltd) Hidden
Creator NXT Content (x32 Version: 14.0.024 - Roxio) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Ec On Pc V3.1 (HKLM-x32\...\{5F695602-3C87-4CB7-934B-C354EAB1A9AA}) (Version: 3.1.6.0 - BERNINA International AG, Steckborn, Switzerland)
eM Client (HKLM-x32\...\{E887D540-E434-47F4-ACD3-336D884F0618}) (Version: 6.0.20154.0 - eM Client Inc.)
Embrilliance Thumbnailer version 2.91 (HKLM\...\{FB3DDB57-3D50-4ED2-9D2B-10466EC778D0}_is1) (Version:  - BriTon Leap, Inc.)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Perfection V600 Photo Scanner Driver Update (HKLM-x32\...\{EBBE3D90-9344-43A7-A548-91BA02B3B7CD}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKCU\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
Hightail Express (HKLM-x32\...\{9453ED2E-3B9F-4683-BA6A-8FCB9F3E0065}) (Version: 2.14.1 - Hightail)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
HP MediaSmart Server (HKLM-x32\...\{8BC76277-4A32-4F41-8640-0F42D02945AC}) (Version: 1.3.6.21622 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
KODAK Share Button App (HKLM-x32\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (x32 Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (x32 Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
OESD .ARTsizer (x32 Version: 5.00.0000 - OESD) Hidden
OESD .ARTsizer 6.0T (HKLM-x32\...\{1D35F468-EBC5-4BEB-82CC-918DB910068C}) (Version: 13.0.0137 - OESD)
PlayLater (HKLM-x32\...\{894C4F0F-F323-4A2B-998F-F4661E27A841}) (Version: 1.4.5 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{9A813011-3B2D-42FE-8B9E-BB55553FBFD4}) (Version: 3.8.5 - MediaMall Technologies, Inc.)
Presentation Assistant V2.7.2 (HKLM-x32\...\Presentation Assistant_is1) (Version:  - www.presentation-assistant.com)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden
Roxio Burn (x32 Version: 2.0 - Roxio) Hidden
Roxio Central (x32 Version: 7.0.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator NXT (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
Roxio Creator NXT (x32 Version: 1.4.184 - Roxio) Hidden
Roxio Creator Premier (HKLM-x32\...\{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}) (Version: 10.3 - Roxio)
Roxio Creator Premier (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Premier 10 (x32 Version: 10.2.345 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Screencast.com Desktop Uploader (HKLM-x32\...\{0CCA1733-33F7-4F18-A3C6-C09517FD0253}) (Version: 1.4.0 - TechSmith Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Silhouette Studio (HKLM-x32\...\{0706D4E8-C4DD-408C-94DA-4F7E8B3BCC66}) (Version: 3.0.343 - Silhouette America)
Skins (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
Snagit 11 (HKLM-x32\...\{90D0FC4B-D653-4F49-BB97-A48C74A52E71}) (Version: 11.4.3 - TechSmith Corporation)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 26.1.77080 - Sonos, Inc.)
System Mechanic 11 Professional (x32 Version: 12.5.0 - ) Hidden
Toolkit 6 (HKLM-x32\...\{E2E8BDDE-6F1B-4A5D-870D-2748DA79360C}) (Version:  - )
Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
Unencrypt (HKLM-x32\...\{B822B85E-0CFB-433A-8DE4-8697AB303315}) (Version: 1.0.0.1 - BERNINA International AG)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WaveReader Ver 4-0 (HKLM-x32\...\{66B1AAF1-A06E-4169-8A7C-EC9FC53F1080}) (Version: 4.0.0023 - GE Security)
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.185.7427 - Wilcom)
Wilcom TrueSizer e3.0 (x32 Version: 17.0.185.7427 - Wilcom) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Home Server Connector (HKLM\...\{21E49794-7C13-4E84-8659-55BD378267D5}) (Version: 6.0.3436.0 - Microsoft Corporation)

==================== Restore Points  =========================

22-06-2014 01:08:54 Scheduled Checkpoint
22-06-2014 06:00:13 Windows Backup
23-06-2014 06:00:14 Windows Backup
24-06-2014 06:00:18 Windows Backup
24-06-2014 10:43:45 Windows Update
25-06-2014 06:00:13 Windows Backup
26-06-2014 06:00:14 Windows Backup
27-06-2014 06:00:19 Windows Backup
28-06-2014 01:16:28 Installed Dragon NaturallySpeaking 12.5 HF1.
28-06-2014 06:00:14 Windows Backup
29-06-2014 01:58:41 Checkpoint by HitmanPro
29-06-2014 01:59:38 Checkpoint by HitmanPro
29-06-2014 02:30:53 Checkpoint by HitmanPro
29-06-2014 06:00:16 Windows Backup
30-06-2014 06:00:16 Windows Backup
30-06-2014 17:02:41 Checkpoint by HitmanPro
01-07-2014 14:47:36 Windows Update
01-07-2014 14:51:12 Windows Backup

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {28BE0786-D6AE-48EE-AC16-3BF183CB4D76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {3643475E-920C-4C85-9F98-FEE5E3354DF3} - System32\Tasks\G2MUpdateTask-S-1-5-21-89600652-2559728348-341990306-1001 => C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3B32F9F7-34BC-404D-9F3A-F818CAD3F33C} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {50180115-67A1-4471-A988-CB7F67CA52C0} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-10-11] (Eastman Kodak Company)
Task: {800FED76-9EC5-45A8-A381-97ADED7E8F5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {89368980-3745-4E1F-8D98-80557F0E1FCD} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
Task: {9B2C584C-E717-49B7-952B-3A4E85EDF866} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {A602736B-8350-4E19-B690-1347D0DEC4AE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-89600652-2559728348-341990306-1001.job => C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-05 10:20 - 2012-12-06 12:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2011-04-10 16:26 - 2011-04-10 23:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2012-06-20 14:48 - 2012-06-20 14:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
2014-06-12 13:05 - 2014-06-12 13:05 - 00110080 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\nfapi.dll
2014-06-12 13:05 - 2014-06-12 13:05 - 00456192 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\ProtocolFilters.dll
2012-05-25 14:54 - 2012-05-25 14:54 - 00212480 _____ () C:\Program Files (x86)\BERNINA\DesignWorks\System\BerninaExt64.dll
2010-08-04 14:58 - 2010-08-04 14:58 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-03 20:24 - 2010-08-03 20:24 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-07-05 18:47 - 2012-07-05 18:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
2012-07-05 18:47 - 2012-07-05 18:47 - 01723024 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\Roxio Burn.exe
2014-07-01 20:52 - 2014-07-01 20:52 - 01346519 _____ () C:\Users\Shanna\Desktop\AdwCleaner\AdwCleaner 2014 07 01\AdwCleaner.exe
2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2014-07-01 13:27 - 2014-07-01 13:27 - 00043008 _____ () c:\users\shanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmv26x.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Shanna\AppData\Roaming\Dropbox\bin\libcef.dll
2013-05-05 10:41 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2013-05-05 10:41 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-02-12 04:50 - 2014-02-12 04:50 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2013-04-23 16:12 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-05 18:47 - 2012-07-05 18:47 - 00678544 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\BBEngineAS.dll
2012-05-22 18:01 - 2012-05-22 18:01 - 00723600 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\AS_Archive.dll
2014-06-28 18:51 - 2014-06-05 07:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-28 18:51 - 2014-06-05 07:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-28 18:51 - 2014-06-05 07:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-28 18:51 - 2014-06-05 07:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-28 18:51 - 2014-06-05 07:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: MediaFire Tray =>
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Shanna\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2014 06:41:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/01/2014 06:39:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 3038) (User: )
Description: The gatherer is unable to read the registry URL.

Context:  Application, SystemIndex Catalog


Details:
    (HRESULT : 0x0) (0x00000000)

Error: (07/01/2014 08:56:45 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (07/01/2014 08:44:10 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)


System errors:
=============
Error: (07/01/2014 01:28:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/01/2014 01:28:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218173.

Error: (07/01/2014 01:27:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk
jyrfc
mxrn
oyjtgo
xjmipi

Error: (07/01/2014 01:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
%%-2147467243

Error: (07/01/2014 01:27:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wntpport service failed to start due to the following error:
%%2

Error: (07/01/2014 08:44:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/01/2014 08:44:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/01/2014 08:44:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218173.

Error: (07/01/2014 08:41:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk
jyrfc
mxrn
oyjtgo
xjmipi

Error: (07/01/2014 08:41:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
%%-2147467243


Microsoft Office Sessions:
=========================
Error: (07/01/2014 06:41:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/01/2014 06:39:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:28:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
431

Error: (07/01/2014 01:27:48 PM) (Source: Windows Search Service) (EventID: 3038) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    (HRESULT : 0x0) (0x00000000)
URL

Error: (07/01/2014 08:56:45 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

Error: (07/01/2014 08:44:10 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)


CodeIntegrity Errors:
===================================
  Date: 2014-06-29 21:30:59.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:30:59.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:30:59.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:30:58.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:30:58.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:30:58.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:17:25.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:17:25.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:17:25.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 21:17:23.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Local Disk\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 12278.93 MB
Available physical RAM: 9334.73 MB
Total Pagefile: 24556.03 MB
Available Pagefile: 21065.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.59 GB) (Free:409.51 GB) NTFS
Drive d: (FeelsLikeSpring) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS
Drive e: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (OS) (Fixed) (Total:920.59 GB) (Free:737.38 GB) NTFS
Drive h: () (Removable) (Total:14.9 GB) (Free:13.69 GB) FAT32
Drive i: (Elements) (Fixed) (Total:1863.01 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 3AC50D3C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 90141106)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0008A108)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

Users shortcut scan result (x64) Version: 29-06-2014
Ran by Shanna at 2014-07-01 21:05:30
Running from C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\NatSpeakS_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk -> C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000004}\_SC_Distiller.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000004}\_SC_Acrobat_Standard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk -> C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk -> C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk -> C:\Program Files (x86)\eM Client\MailClient.exe (eM Client, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail.lnk -> C:\Program Files (x86)\Hightail\Express\Hightail.exe (Hightail)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MediaSmart Server.lnk -> C:\Windows\Installer\{8BC76277-4A32-4F41-8640-0F42D02945AC}\HPMSS.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaveReader.lnk -> C:\Program Files (x86)\WaveReader\WaveReader.exe (Impac Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server Console.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSConsoleClient.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center Connector.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\MCWHSSetup.93ABE70C_1ED9_4F96_8F50_7B4BE2A48469.ico (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilcom TrueSizer e3.0\Wilcom TrueSizer e3.0 Tools\Purge Recovery.lnk -> C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\PURREC.EXE (Wilcom Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit6\Toolkit 6 Manual.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\Toolkit 6 Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit6\Toolkit 6 Non-Admin.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\Toolkit6Server.exe (ICLUBcentral Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit6\Toolkit 6.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\toolkit6.exe (ICLUBcentral Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk -> C:\Windows\Installer\{5303CFB5-D635-44F0-A94B-9611E81F07C4}\CamtasiaIcons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk -> C:\Windows\Installer\{5303CFB5-D635-44F0-A94B-9611E81F07C4}\CamtasiaIcons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Snagit 11 Editor.lnk -> C:\Windows\Installer\{90D0FC4B-D653-4F49-BB97-A48C74A52E71}\Icon0E6ED661.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Snagit 11.lnk -> C:\Windows\Installer\{90D0FC4B-D653-4F49-BB97-A48C74A52E71}\Icon0E6ED660.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\System Mechanic Professional Help.lnk -> C:\Program Files (x86)\iolo\System Mechanic Professional\System_Mechanic.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\Search and Recover\Search and Recover Help.lnk -> C:\Program Files (x86)\iolo\System Mechanic Professional\Search and Recover\Search_and_Recover.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\Search and Recover\Search and Recover.lnk -> C:\Program Files (x86)\iolo\System Mechanic Professional\Search and Recover\SearchAndRecover.exe (iolo technologies, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\DriveScrubber\DriveScrubber Help.lnk -> C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\DriveScrubber\DriveScrubber.lnk -> C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe (iolo technologies, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos\Sonos.lnk -> C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette Studio\Silhouette Studio.lnk -> C:\Program Files (x86)\Silhouette Studio\Silhouette Studio.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screencast.com\Screencast.com Desktop Uploader.lnk -> C:\Windows\Installer\{0CCA1733-33F7-4F18-A3C6-C09517FD0253}\Icon9B1FCAC8.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Home.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Roxio Creator NXT.lnk -> C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\3D Photo Creator.lnk -> C:\Program Files (x86)\Roxio Creator NXT\3DPhotoCreator\3DPhotoCreator14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\Label Creator.lnk -> C:\Program Files (x86)\Roxio Creator NXT\Label Creator\RxLabelCreator14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\Music Disc Creator.lnk -> C:\Program Files (x86)\Roxio Creator NXT\AudioCore\MusicDiscCreator14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\MyDVD.lnk -> C:\Program Files (x86)\Roxio Creator NXT\VideoUI\MyDVD14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\PhotoSuite.lnk -> C:\Program Files (x86)\Roxio Creator NXT\PhotoSuite\PhotoSuite14.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\Sound Editor.lnk -> C:\Program Files (x86)\Roxio Creator NXT\AudioCore\SoundEdit14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\Video Copy & Convert.lnk -> C:\Program Files (x86)\Roxio Creator NXT\Video Convert\VideoConvert14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\VideoWave.lnk -> C:\Program Files (x86)\Roxio Creator NXT\VideoUI\VideoWave14.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\WinDVD.lnk -> C:\Program Files (x86)\Roxio Creator NXT\WinDVD\WinDVD.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Roxio BackOnTrack.lnk -> C:\Program Files (x86)\Roxio\BackOnTrack\App\BackOnTrack.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Quicken 2014.lnk -> C:\Program Files (x86)\Quicken\qw.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014\Quicken Online Backup.lnk -> C:\Program Files (x86)\Quicken\QuickenOLBackupLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation Assistant\Help.lnk -> C:\Program Files (x86)\Presentation Assistant\Help\LHHelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation Assistant\Presentation Assistant.lnk -> C:\Program Files (x86)\Presentation Assistant\PresentationA.exe (www.presentation-assistant.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation Assistant\Uninstall.lnk -> C:\Program Files (x86)\Presentation Assistant\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn\PlayOn Settings.lnk -> C:\Program Files (x86)\MediaMall\SettingsManager.exe (MediaMall Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn\User Guide.lnk -> C:\Program Files (x86)\MediaMall\User Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayLater\PlayLater.lnk -> C:\Program Files (x86)\MediaMall\PlayLater.exe (MediaMall Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayLater\User Guide.lnk -> C:\Program Files (x86)\MediaMall\PlayLaterUserGuide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OESD .ARTsizer\Delete Recovery Files.lnk -> C:\Program Files (x86)\OESD\ARTsizer\BIN\PURREC.EXE (Wilcom Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OESD .ARTsizer\OESD .ARTsizer.lnk -> C:\Program Files (x86)\OESD\ARTsizer\BIN\OESDARTsizerLoader.EXE (Wilcom Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool\Modem Diagnostic Tool.lnk -> C:\Windows\Installer\{0335701D-8E28-4A7F-B0EF-312974755BB2}\DModem.exe_1C89932F1D9D4776AD7A9156FF792539.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Color LaserJet 2600n\HP Color LaserJet 2600n Help.lnk -> C:\Windows\System32\spool\drivers\x64\3\SDhp2600.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Color LaserJet 2600n\HP Color LaserJet 2600n toolbox.lnk -> C:\Windows\System32\zhhp2600.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Color LaserJet 2600n\Readme.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Color LaserJet 2600n\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Color LaserJet 2600n\User Guide.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Color LaserJet 2600n\Guide.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Copy Utility.lnk -> C:\Program Files (x86)\Epson Software\Copy Utility\ECOPY.EXE (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Event Manager.lnk -> C:\Program Files (x86)\Epson Software\Event Manager\EProjManager.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Read Me\Copy Utility.lnk -> C:\Program Files (x86)\Epson Software\Copy Utility\DspReadMe.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\Perfection V600 User's Guide\Perfection V600 User's Guide.lnk -> C:\Program Files (x86)\epson\guide\pv600_e\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\Perfection V600 User's Guide\Uninstall Perfection V600 User's Guide.lnk -> C:\Program Files (x86)\epson\guide\pv600_e\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embrilliance\Thumbnailer\Thumbnailer.lnk -> C:\Program Files\Embrilliance\Thumbnailer\Thumbnail.exe (BriTon Leap, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embrilliance\Thumbnailer\Uninstall Thumbnailer.lnk -> C:\Program Files\Embrilliance\Thumbnailer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\NatSpeak_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\Dragon NaturallySpeaking Tools\Gather files for support.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\SuppPack_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\Dragon NaturallySpeaking Tools\Upgrade User Profiles.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\Upgrade_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\PowerDVD 9.5 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\Content.lnk -> C:\Users\Public\Documents\Corel\Content X6 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\Corel CONNECT X6.lnk -> C:\Program Files (x86)\Corel\CorelDRAW Essentials X6\Connect\Connect.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\Corel PHOTO-PAINT Essentials X6.lnk -> c:\Windows\Installer\{A2C0A6AE-CD26-428E-AF17-A6E1CA5383D1}\NewShortcut7_82FA92ECD15F4C25A217707238B0927B.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\CorelDRAW Essentials X6.lnk -> c:\Windows\Installer\{A8D31310-7153-49BC-B525-D19B35FBF236}\NewShortcut2_D378D0024B1E43EF8AEF8A3EB0E4A802.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\Duplexing Wizard.lnk -> c:\Windows\Installer\{A8D31310-7153-49BC-B525-D19B35FBF236}\NewShortcut4.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X6\Video Tutorials X6.lnk -> C:\Program Files (x86)\Corel\CorelDRAW Essentials X6\VideoBrowser\VideoBrowser.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA Embroidery Software 7\BERNINA Embroidery Software 7 Tools\Purge Recovery.lnk -> C:\Program Files (x86)\BERNINA\Embroidery Software 7\BIN\PURREC.EXE (Wilcom Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\BERNINA DesignWorks Manual.lnk -> C:\Program Files (x86)\BERNINA\DesignWorks\Bernina_DesignWorks.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\BERNINA DesignWorks Samples.lnk -> C:\Users\Public\Documents\BERNINA DesignWorks Samples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\BERNINA DesignWorks.lnk -> C:\Windows\Installer\{5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97}\MainExeP3_4701BD56BBA3489189ECA17D53C46445.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\USB Key Upgrade.lnk -> C:\Program Files (x86)\BERNINA\DesignWorks\Third-Party\Key Upgrade\upgrator.exe (Wings Systems Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA ART Design\BERNINA ART Design.lnk -> C:\Program Files (x86)\BERNINA\ART Design\BIN\ARTDesignLoader.EXE (Wilcom Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA ART Design\Delete Recovery Files.lnk -> C:\Program Files (x86)\BERNINA\ART Design\BIN\PURREC.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA ART Design\Revert.lnk -> C:\Program Files (x86)\BERNINA\ART Design\BIN\REVERT.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bernina\Unencrypt\deutsch_OESD-Encrypt-Utility-Inst-REV-10-DE.lnk -> C:\Program Files (x86)\BERNINA\Unencrypt\deutsch_OESD-Encrypt-Utility-Inst-REV-10-DE.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bernina\Unencrypt\english_OESD-Encrypt-Utility-Inst-REV-10-EN.lnk -> C:\Program Files (x86)\BERNINA\Unencrypt\english_OESD-Encrypt-Utility-Inst-REV-10-EN.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bernina\Unencrypt\francais_OESD-Encrypt-Utility-Inst-REV-10-FR.lnk -> C:\Program Files (x86)\BERNINA\Unencrypt\francais_OESD-Encrypt-Utility-Inst-REV-10-FR.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bernina\Unencrypt\OESD_Encrypt_Utility.lnk -> C:\Program Files (x86)\BERNINA\Unencrypt\OESD_Encrypt_Utility.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnnTheGran\Catalog XPress 2.5.lnk -> C:\Program Files (x86)\AnnTheGran\Catalog XPress 2.0\edb.exe (AnnTheGran.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk -> C:\Windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk -> C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint\Sprint0.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk -> C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\AnnTheGran Catalog XPress 2.5.lnk -> C:\Program Files (x86)\AnnTheGran\Catalog XPress 2.0\edb.exe (AnnTheGran.com)
Shortcut: C:\Users\Public\Desktop\BERNINA ART Design.lnk -> C:\Program Files (x86)\BERNINA\ART Design\BIN\ARTDesignLoader.EXE (Wilcom Pty Ltd)
Shortcut: C:\Users\Public\Desktop\BERNINA DesignWorks.lnk -> C:\Windows\Installer\{5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97}\MainExeP3_Desk_450FDE61B278411FB47DCFB6744904FF.exe (Macrovision Corporation)
Shortcut: C:\Users\Public\Desktop\Camtasia Studio 8.lnk -> C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe (TechSmith Corporation)
Shortcut: C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\NatSpeakD_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.)
Shortcut: C:\Users\Public\Desktop\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Hightail.lnk -> C:\Program Files (x86)\Hightail\Express\Hightail.exe (Hightail)
Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\Users\Public\Desktop\HP Color LaserJet 2600n toolbox.lnk -> C:\Windows\System32\zhhp2600.exe (No File)
Shortcut: C:\Users\Public\Desktop\HP MediaSmart Server.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart Server\ControlCenter.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OESD .ARTsizer.lnk -> C:\Program Files (x86)\OESD\ARTsizer\BIN\OESDARTsizerLoader.EXE (Wilcom Pty Ltd)
Shortcut: C:\Users\Public\Desktop\OESD_Encrypt_Utility.exe.lnk -> C:\Program Files (x86)\BERNINA\Unencrypt\OESD_Encrypt_Utility.exe ()
Shortcut: C:\Users\Public\Desktop\Perfection V600 User's Guide.lnk -> C:\Program Files (x86)\epson\guide\pv600_e\index.htm ()
Shortcut: C:\Users\Public\Desktop\PlayLater.lnk -> C:\Program Files (x86)\MediaMall\PlayLater.exe (MediaMall Technologies, Inc.)
Shortcut: C:\Users\Public\Desktop\PlayOn.lnk -> C:\Program Files (x86)\MediaMall\SettingsManager.exe (MediaMall Technologies, Inc.)
Shortcut: C:\Users\Public\Desktop\Presentation Assistant.lnk -> C:\Program Files (x86)\Presentation Assistant\PresentationA.exe (www.presentation-assistant.com)
Shortcut: C:\Users\Public\Desktop\Quicken Premier 2014.lnk -> C:\Program Files (x86)\Quicken\qw.exe ()
Shortcut: C:\Users\Public\Desktop\Roxio Creator Home.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe ()
Shortcut: C:\Users\Public\Desktop\Roxio Creator NXT.lnk -> C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe ()
Shortcut: C:\Users\Public\Desktop\Silhouette Studio.lnk -> C:\Program Files (x86)\Silhouette Studio\Silhouette Studio.exe ()
Shortcut: C:\Users\Public\Desktop\Snagit 11 Editor.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe (TechSmith Corporation)
Shortcut: C:\Users\Public\Desktop\Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Shortcut: C:\Users\Public\Desktop\Sonos.lnk -> C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.)
Shortcut: C:\Users\Public\Desktop\Thumbnailer.lnk -> C:\Program Files\Embrilliance\Thumbnailer\Thumbnail.exe (BriTon Leap, Inc.)
Shortcut: C:\Users\Public\Desktop\Toolkit 6 Manual.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\Toolkit 6 Manual.pdf ()
Shortcut: C:\Users\Public\Desktop\Toolkit 6.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\toolkit6.exe (ICLUBcentral Inc.)
Shortcut: C:\Users\Public\Desktop\WaveReader.lnk -> C:\Program Files (x86)\WaveReader\WaveReader.exe (Impac Technologies)
Shortcut: C:\Users\Shanna\Links\Desktop.lnk -> C:\Users\Shanna\Desktop ()
Shortcut: C:\Users\Shanna\Links\Downloads.lnk -> C:\Users\Shanna\Downloads ()
Shortcut: C:\Users\Shanna\Links\Dropbox.lnk -> C:\Users\Shanna\Dropbox ()
Shortcut: C:\Users\Shanna\Links\MediaFire.lnk -> C:\Users\Shanna\MediaFire (No File)
Shortcut: C:\Users\Shanna\Documents\redcursors.lnk -> C:\Users\Shanna\Downloads\redcursors.zip ()
Shortcut: C:\Users\Shanna\Documents\Manuals\Perfection V600 User's Guide.lnk -> C:\Program Files (x86)\epson\guide\pv600_e\index.htm ()
Shortcut: C:\Users\Shanna\Documents\Manuals\Toolkit 6 Manual.lnk -> C:\Program Files (x86)\ICLUBcentral\Toolkit6\Toolkit 6 Manual.pdf ()
Shortcut: C:\Users\Shanna\Documents\Audible\Downloads.lnk -> C:\Users\Public\Documents\Audible\Downloads (No File)
Shortcut: C:\Users\Shanna\Desktop\Amazon Music.lnk -> C:\Users\Shanna\AppData\Local\Amazon Music\Amazon Music.exe (Amazon)
Shortcut: C:\Users\Shanna\Desktop\Screencast.com Desktop Uploader.lnk -> C:\Windows\Installer\{0CCA1733-33F7-4F18-A3C6-C09517FD0253}\Icon9B1FCAC8.exe ()
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager\SanDisk SecureAccess Manager.lnk -> C:\Users\Shanna\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFire Desktop\MediaFire Desktop.lnk -> C:\Users\Shanna\AppData\Local\MediaFire Desktop\mf_watch.exe (No File)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFire Desktop\Uninstall MediaFire Desktop.lnk -> C:\Users\Shanna\AppData\Local\MediaFire Desktop\uninstall.exe (No File)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\Shanna\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk -> C:\Users\Shanna\AppData\Local\Amazon Music\Amazon Music.exe (Amazon)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Shanna\AppData\Local\Amazon Music\Uninstall.exe (Amazon)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\SendTo\AnnTheGran Catalog XPress 2.5.lnk -> C:\Program Files (x86)\AnnTheGran\Catalog XPress 2.0\edb.exe (AnnTheGran.com)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Shanna\Dropbox ()
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Camtasia Studio 8.lnk -> C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe (TechSmith Corporation)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Catalog XPress 2.5.lnk -> C:\Program Files (x86)\AnnTheGran\Catalog XPress 2.0\edb.exe (AnnTheGran.com)
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Quicken Premier 2011.lnk -> C:\Program Files (x86)\Quicken\qw.exe ()
Shortcut: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Shortcut: C:\Users\Shanna\AppData\Local\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Shanna\AppData\Local\Amazon Music\Uninstall.exe (Amazon)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilcom TrueSizer e3.0\Wilcom TrueSizer e3.0.lnk -> C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe (Wilcom Pty Ltd) -> TrueSizer.EXE EM 5100
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilcom TrueSizer e3.0\Wilcom TrueSizer e3.0 Tools\Revert.lnk -> C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\REVERT.EXE (Wilcom Pty Ltd) -> EM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilcom TrueSizer e3.0\Wilcom TrueSizer e3.0 Tools\Uninstall Wilcom TrueSizer e3.0.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{E801DDB4-3CFC-496E-9E04-781EC2445D82}\setup.exe (Wilcom) -> -runfromtemp -l0x0409  -uninst
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit6\unInstall Toolkit 6.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E2E8BDDE-6F1B-4A5D-870D-2748DA79360C}\Setup.exe"  -uninst
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\System Mechanic Professional.lnk -> C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) -> smcl/Launch
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\Audio.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Audio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\Copy.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Copy
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\Data.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Data
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\DVD and Video.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Video
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\Photo.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Photo
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier\Projects\Tools.lnk -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe () -> /Launch Tools
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\Triple Scoop Music.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Shanna\Music\Triple Scoop Music\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\3D Samples\3D Photo Samples.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Shanna\Pictures\Roxio 3D Samples\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT\Applications\3D Samples\3D Video Samples.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Shanna\Documents\Videos\Roxio 3D Samples\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Roxio Burn.lnk -> C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\Roxio Burn.exe () -> /STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OESD .ARTsizer\Revert.lnk -> C:\Program Files (x86)\OESD\ARTsizer\BIN\REVERT.EXE (Wilcom Pty Ltd) -> BE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting\Netwaiting.lnk -> C:\Program Files (x86)\Netwaiting\NetWaiting.exe (BVRP) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KODAK\KODAK Share Button App.lnk -> C:\Program Files (x86)\Kodak\KODAK Share Button App\ViewerApp.exe (Eastman Kodak Company) -> "\web\gg\statics\aboutwindow\aboutpage.htm" -h 400 -v 155
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Color LaserJet 2600n\Uninstall Color LaserJet 2600n.lnk -> C:\Program Files (x86)\Zenographics\{7080122B-A000-4108-97DC-9CD132F1B194}\SETUP.EXE (Hewlett-Packard) -> -u "HPCLJKCInstaller.dll=CLJ2600.INF"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\Perfection V600 Photo Scanner Driver Update.lnk -> C:\Program Files (x86)\epson\Scanner Driver Update\PFV600\E_DUPA30.EXE (SEIKO EPSON CORPORATION) -> /S "EPSON Perfection V600" /R "E_DUPA3E.DLL"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\About Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\About_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.) -> /About
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\Show Dragon Log.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\Dragonlog_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.) -> /finddragonlog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0\Show Setup Log.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\Setuplog_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.) -> /findsetuplog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Advanced.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Wizard.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Wizard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start CCC
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Restart Runtime.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) -> Restart
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA Embroidery Software 7\BERNINA Embroidery Software 7.lnk -> C:\Program Files (x86)\BERNINA\Embroidery Software 7\BIN\DESLOADR.EXE (Wilcom Pty Ltd) -> /dsgneditExe:BERNINA.EXE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA Embroidery Software 7\BERNINA Embroidery Software 7 Tools\Revert.lnk -> C:\Program Files (x86)\BERNINA\Embroidery Software 7\BIN\REVERT.EXE (Wilcom Pty Ltd) -> BE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA Embroidery Software 7\BERNINA Embroidery Software 7 Tools\Uninstall BERNINA Embroidery Software 7.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{980D1FF7-C5EF-4911-A122-57CF7DFB3F63}\setup.exe (Wilcom) -> -runfromtemp -l0x0409  -uninst
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\Config3D.lnk -> C:\Program Files (x86)\BERNINA\DesignWorks\Config3D.exe (Drawstitch Ltd.) -> DRAWStitch\Bernina DesignWorks 2.0
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BERNINA DesignWorks\Uninstall BERNINA DesignWorks.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {5C9D1D2E-CC7D-4E73-B7D3-09CD726DDF97}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Public\Desktop\BERNINA Embroidery Software 7.lnk -> C:\Program Files (x86)\BERNINA\Embroidery Software 7\BIN\DESLOADR.EXE (Wilcom Pty Ltd) -> /dsgneditExe:BERNINA.EXE
ShortcutWithArgument: C:\Users\Public\Desktop\KODAK Share Button App.lnk -> C:\Program Files (x86)\Kodak\KODAK Share Button App\ViewerApp.exe (Eastman Kodak Company) -> "\web\gg\statics\aboutwindow\aboutpage.htm" -h 400 -v 155
ShortcutWithArgument: C:\Users\Public\Desktop\Wilcom TrueSizer e3.0.lnk -> C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe (Wilcom Pty Ltd) -> TrueSizer.EXE EM 5100
ShortcutWithArgument: C:\Users\Shanna\Desktop\Dropbox.lnk -> C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Shanna\Desktop\GoToMeeting.lnk -> C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) -> "/Action Host" "/Trigger Shortcut" "/Product G2M"
ShortcutWithArgument: C:\Users\Shanna\Desktop\GoToWebinar.lnk -> C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) -> "/Action Host" "/Trigger Shortcut" "/Product G2W"
ShortcutWithArgument: C:\Users\Shanna\Desktop\System Mechanic Professional.lnk -> C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) -> smcl/Launch
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager\Uninstall.lnk -> C:\Users\Shanna\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) -> --uninstall
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Shanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix\GoToMeeting.lnk -> C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) -> "/Action Host" "/Trigger Shortcut" "/Product G2M"
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix\GoToWebinar.lnk -> C:\Users\Shanna\AppData\Local\Citrix\GoToMeeting\1350\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) -> "/Action Host" "/Trigger Shortcut" "/Product G2W"
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Shanna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional\Get started with online backup.url -> hxxp://www.iolo.com/probackup
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation Assistant\Visit Our Edition Comparison.url -> hxxp://www.presentation-assistant.com/compareedtions.htm
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\Perfection V600 Photo Online Support.url -> hxxp://www.epson.com/cgi-bin/Store/support/supDetail.jsp?sku=B11B198011
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embrilliance\Thumbnailer\Thumbnailer on the Web.url -> hxxp://www.Embrilliance.com/
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\RPM\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Premier\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Hab\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\Users\Public\Desktop\View Credit Score.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2014/07-ot-50
InternetURL: C:\Users\Shanna\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Shanna\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Shanna\Favorites\Links\Cameras.url -> hxxp://192.168.1.12/wrcontrollite.ssi
InternetURL: C:\Users\Shanna\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Shanna\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Shanna\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com/
InternetURL: C:\Users\Shanna\Favorites\Dell\Dell Internet Security.url -> hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs
InternetURL: C:\Users\Shanna\Favorites\Dell\Dell.url -> hxxp://www.dell.com/
InternetURL: C:\Users\Shanna\Favorites\Dell\Support.Dell.Com.url -> hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen
InternetURL: C:\Users\Shanna\Documents\Snagit Stamps\SoftwareCasa Support Center.URL -> hxxp://support.softwarecasa.com/
InternetURL: C:\Users\Shanna\Documents\Snagit Stamps\SoftwareCasa.URL -> hxxp://www.softwarecasa.com/
InternetURL: C:\Users\Shanna\Documents\Presentation media\SStampsv3\SoftwareCasa Support Center.URL -> hxxp://support.softwarecasa.com/
InternetURL: C:\Users\Shanna\Documents\Presentation media\SStampsv3\SoftwareCasa.URL -> hxxp://www.softwarecasa.com/
InternetURL: C:\Users\Shanna\Documents\Embroidery\tennis\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\rwlacefish\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\R34000610\Ageless-Embroidery.com.url -> hxxp://www.ageless-embroidery.com/
InternetURL: C:\Users\Shanna\Documents\Embroidery\morefunshapes\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\kanji2\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\ithponytailcover\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\halloween2\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\funshapes\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\flipflops\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\butterflyfancys\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\appliquemonsters\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\appliquecrinolines\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\Documents\Embroidery\applbirdhouses\Archive created by free jZip.url -> hxxp://www.jzip.com/archive_link
InternetURL: C:\Users\Shanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com

==================== End of log =============================
 

Thank you,

Shanna

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:41 AM

Posted 01 July 2014 - 10:52 PM

Follow these instructions to reset your browsers to default.

 

Download the enclosed file. [attachment=151922:fixlist.txt]

 

Save it in the same location FRST is saved.

 

Run FRST, except that this time around click on the fix button and wait.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
After a restart, let me know how is it doing.
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Shannacat

Shannacat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:10:41 PM

Posted 02 July 2014 - 01:02 AM

Thanks you!  It seems to be working as designed...no ads, redirected webpages and web search is working, too.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2014
Ran by Shanna at 2014-07-01 23:47:38 Run:1
Running from C:\Users\Shanna\Desktop\Farbar Recovery Scan Tool 64
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF
HKLM-x32\...\Runonce: [SMRequiresRestart] -  [X]
ShellIconOverlayIdentifiers: 1MediaFireIconError -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} =>  No File
ShellIconOverlayIdentifiers: 1MediaFireIconSynched -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} =>  No File
ShellIconOverlayIdentifiers: 1MediaFireIconSyncing -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} =>  No File
ShellIconOverlayIdentifiers: MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk /p \??\C:autocheck autochk /p \??\I:autocheck smrgdf C:\Users\Shanna\AppData\Roaming\iolo\
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR StartupUrls: "https://my.yahoo.com/", "hxxp://www.bernina.com/en-US/Experience/Free-Downloads/USA/ImperialTulip82008", "file:///C:/Users/Shanna/Downloads/BERNINA-SoftwareExtravaganza-Consumer-Jul2014-Bonus.pdf", "hxxp://www.betterinvesting.org/BI/Templates/Members/MembersHome.aspx?NRMODE=Published&NRNODEGUID=%7bF371C016-70EB-407F-92C9-C754D7ED35B6%7d&NRORIGINALURL=%2fMembers%2fdefault%2ehtm&NRCACHEHINT=Guest", "hxxp://ssg.betterinvesting.org/ssgplus/study.aspx?studyid=37492", "https://groups.yahoo.com/neo/groups/BerninaV7Software/conversations/topics/6417;_ylc=X3oDMTM2NGgxNm83BF9TAzk3MzU5NzE1BGdycElkAzgxNjE2Mzc2BGdycHNwSWQDMTcwNTA2Mjk4NQRtc2dJZAM2NTM2BHNlYwNkbXNnBHNsawN2dHBjBHN0aW1lAzE0MDA2NjA2ODcEdHBjSWQDNjQxNw--", "https://www.mediafire.com/folder/4t17936lps5u9/01_Bernina_Software_V6_01-33", "https://www.google.com/", "hxxp://www.favequilts.com/tag/Table-Runner-Quilt-Patterns/page/2", "https://www.dropbox.com/s/enyooldrnsbufdt/005%20Endlessly%20Ecstatic.zip", "hxxp://www.joann.com/search?q=silhouette%20blade", "https://chrome.google.com/webstore/category/themes?hl=en", "hxxp://search.easylifeapp.com/"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Shanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmv26x.dll
C:\Users\Shanna\AppData\Local\Temp\Quarantine.exe
R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [2014-6-25 172544]
End
*****************
 
C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SMRequiresRestart => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconError' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconSynched' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconSyncing' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\MediaFireIconLock' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\MediaFireIconReadOnly' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
CHR StartupUrls: "https://my.yahoo.com/", "hxxp://www.bernina.com/en-US/Experience/Free-Downloads/USA/ImperialTulip82008", "file:///C:/Users/Shanna/Downloads/BERNINA-SoftwareExtravaganza-Consumer-Jul2014-Bonus.pdf", "hxxp://www.betterinvesting.org/BI/Templates/Members/MembersHome.aspx?NRMODE=Published&NRNODEGUID=%7bF371C016-70EB-407F-92C9-C754D7ED35B6%7d&NRORIGINALURL=%2fMembers%2fdefault%2ehtm&NRCACHEHINT=Guest", "hxxp://ssg.betterinvesting.org/ssgplus/study.aspx?studyid=37492", "https://groups.yahoo.com/neo/groups/BerninaV7Software/conversations/topics/6417;_ylc=X3oDMTM2NGgxNm83BF9TAzk3MzU5NzE1BGdycElkAzgxNjE2Mzc2BGdycHNwSWQDMTcwNTA2Mjk4NQRtc2dJZAM2NTM2BHNlYwNkbXNnBHNsawN2dHBjBHN0aW1lAzE0MDA2NjA2ODcEdHBjSWQDNjQxNw--", "https://www.mediafire.com/folder/4t17936lps5u9/01_Bernina_Software_V6_01-33", "https://www.google.com/", "hxxp://www.favequilts.com/tag/Table-Runner-Quilt-Patterns/page/2", "https://www.dropbox.com/s/enyooldrnsbufdt/005%20Endlessly%20Ecstatic.zip", "hxxp://www.joann.com/search?q=silhouette%20blade", "https://chrome.google.com/webstore/category/themes?hl=en", "hxxp://search.easylifeapp.com/" ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\Users\Shanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmv26x.dll => Moved successfully.
"C:\Users\Shanna\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
SupraSavingsService64 => Service stopped successfully.
SupraSavingsService64 => Service deleted successfully.
 
==== End of Fixlog ====
 
Thanks again,
Shanna


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:41 AM

Posted 02 July 2014 - 11:14 AM

Congratulations.
 
We need to remove the tools we've used during cleaning your machine
 
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
Also tick:
  • Create registry backup
  • Purge system restore
 
  • Click Run
 
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 

Here are some suggestions.
 
  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article   by Miekiemoes.
 
Best wishes! :hello:
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Shannacat

Shannacat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:10:41 PM

Posted 02 July 2014 - 12:01 PM

Thanks  again.  ERUNT dowloaded;  and will read and pass on the article.

Shanna

 

Delfix log:

 

# DelFix v10.7 - Logfile created 02/07/2014 at 10:52:22
# Updated 27/04/2014 by Xplode
# Username : Shanna - HYPERDRIVE
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Shanna\Desktop\adwCleaner  bleepingcomputer.docx
Deleted : C:\Users\Shanna\Desktop\dds file 1 2014 07.txt
Deleted : C:\Users\Shanna\Desktop\DDS text.txt
Deleted : C:\Users\Shanna\Desktop\dds.txt
Deleted : C:\Users\Shanna\Downloads\adwcleaner_3.214 (1).exe
Deleted : C:\Users\Shanna\Downloads\adwcleaner_3.214.exe
Deleted : C:\Users\Shanna\Downloads\ComboFix.exe
Deleted : C:\Users\Shanna\Downloads\dds.com
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #192 [Windows Backup | 06/23/2014 06:00:14]
Deleted : RP #193 [Windows Backup | 06/24/2014 06:00:18]
Deleted : RP #194 [Windows Update | 06/24/2014 10:43:45]
Deleted : RP #195 [Windows Backup | 06/25/2014 06:00:13]
Deleted : RP #196 [Windows Backup | 06/26/2014 06:00:14]
Deleted : RP #197 [Windows Backup | 06/27/2014 06:00:19]
Deleted : RP #198 [Installed Dragon NaturallySpeaking 12.5 HF1. | 06/28/2014 01:16:28]
Deleted : RP #199 [Windows Backup | 06/28/2014 06:00:14]
Deleted : RP #200 [Checkpoint by HitmanPro | 06/29/2014 01:58:41]
Deleted : RP #201 [Checkpoint by HitmanPro | 06/29/2014 01:59:38]
Deleted : RP #202 [Checkpoint by HitmanPro | 06/29/2014 02:30:53]
Deleted : RP #203 [Windows Backup | 06/29/2014 06:00:16]
Deleted : RP #204 [Windows Backup | 06/30/2014 06:00:16]
Deleted : RP #205 [Checkpoint by HitmanPro | 06/30/2014 17:02:41]
Deleted : RP #206 [Windows Update | 07/01/2014 14:47:36]
Deleted : RP #207 [Windows Backup | 07/01/2014 14:51:12]
Deleted : RP #208 [Windows Backup | 07/02/2014 06:00:43]
 
New restore point created !
 
########## - EOF - ##########


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:41 AM

Posted 02 July 2014 - 01:27 PM

Good job. Be safe. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:41 AM

Posted 27 July 2014 - 10:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users