Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC in boot loop - cannot log in


  • This topic is locked This topic is locked
13 replies to this topic

#1 mat58

mat58

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 07 September 2014 - 10:53 AM

Hello,

 

A friend of mine asked me to run a virus-scan on her PC to see if she had any problems.   I initiated an ESET online scan and left for some errands (scan was going to take a few hours).  When I returned, the PC had shut off.  It appears that  Windows Update may have run while I was away from the PC.   I am assuming this based on the last restore point that I found when I went into Repair PC.    

I attempted to re-boot and now all that happens is that I get the "Starting Windows" screen, then the "Please Wait" comes on.   This continues to loop forever.     

I have tried to boot into SAFE mode with networking with no success, I tried to run System Restore, but all I get there is "System Restore did not complete successfully"  I tried to restore using the 2 points listed, but both failed. 

I cannot boot to Last Successful Sign On, as I still go into the loop

When I tried to boot into SAFE mode with command prompt, I could get to a logon, but would receive some error about "Wireless notification dll", and go right back into the dreaded loop. 

This is a Dell Inspiron 2305 All-in-One PC running Windows 7 and the screen is terribly fuzzy (different problem). 

Please note that I cannot boot into this PC, but I would be able to boot using a CD.

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 08 September 2014 - 01:44 PM

Hi and :welcome:
 
How far can you bott using a CD?
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options.
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

     
     
    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 11 September 2014 - 08:05 AM

Thank you so much for your help!  Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by SYSTEM on MININT-U408JNT on 11-09-2014 08:43:23
Running from f:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [ShwiconXP6366] => c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe [237568 2009-07-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [FUPM Browser] => C:\Program Files (x86)\FUPM Browser\BrowserManager.exe
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Jowaiszas Fam\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\Jowaiszas Fam\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-04] (Google Inc.)
HKU\Jowaiszas Fam\...\Run: [SkyDrive] => C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-22] (Microsoft Corporation)
HKU\Jowaiszas Fam\...\RunOnce: [Uninstall C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211"
HKU\Jowaiszas Fam\...\Policies\system: [LogonHoursAction] 2
HKU\Jowaiszas Fam\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jowaiszas Fam\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Zane\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-04] (Google Inc.)
HKU\Zane\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKU\Zane\...\Policies\system: [LogonHoursAction] 2
HKU\Zane\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found
Startup: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1519062203-4250741935-3557447494-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-08-27] (Just Develop It)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-02] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-03-26] ()
S3 MyOSProtect; C:\Program Files (x86)\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S2 Update sizlsearch; "C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe" [X]
S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:19 - 2014-09-06 12:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-06 12:15 - 2014-09-06 12:15 - 00006472 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-09-06 12:13 - 2014-09-06 12:13 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 12:13 - 2014-09-06 12:13 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 12:13 - 2014-05-12 09:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-06 12:13 - 2014-05-12 09:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-09-06 12:13 - 2014-05-12 09:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-09-06 12:12 - 2014-09-06 12:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 11:53 - 2014-09-06 11:53 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\BRT
2014-09-04 19:59 - 2014-09-06 22:20 - 00025250 _____ () C:\Windows\PFRO.log
2014-09-03 14:20 - 2014-09-03 14:21 - 00000000 ____D () C:\Program Files (x86)\FUPM Browser
2014-09-03 14:20 - 2014-09-03 14:20 - 00004056 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-03 14:20 - 2014-09-03 14:20 - 00001935 _____ () C:\Users\Jowaiszas Fam\Desktop\Sync Folder.lnk
2014-09-03 14:20 - 2014-09-03 14:20 - 00001053 _____ () C:\Users\Jowaiszas Fam\Desktop\MyPC Backup.lnk
2014-09-03 14:19 - 2014-09-06 13:14 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-09-03 14:17 - 2014-09-06 15:13 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-09-03 14:17 - 2014-09-03 14:18 - 00004368 _____ () C:\Windows\SysWOW64\MyOSProtect.ini
2014-09-03 14:17 - 2014-09-03 14:18 - 00002312 _____ () C:\Windows\SysWOW64\MyOSProtectOff.ini
2014-09-03 14:17 - 2014-09-03 14:18 - 00002312 _____ () C:\Windows\System32\MyOSProtectOff.ini
2014-09-03 14:17 - 2014-08-20 12:36 - 00350768 _____ (MyOSCompany) C:\Windows\System32\MyOSProtect64.dll
2014-09-03 14:17 - 2014-08-20 12:36 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-09-03 14:16 - 2014-09-03 14:16 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect
2014-09-03 14:16 - 2014-09-03 14:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-03 14:01 - 2014-09-06 12:12 - 00000964 _____ () C:\Windows\setupact.log
2014-09-03 14:01 - 2014-09-03 14:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 22:09 - 2014-09-06 15:13 - 00000000 ____D () C:\ProgramData\LoucKYCoupOn
2014-08-31 10:14 - 2014-08-31 10:14 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Dell
2014-08-28 17:47 - 2014-08-28 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-27 21:27 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 21:27 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:27 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-23 01:35 - 2014-08-23 01:35 - 00020029 _____ () C:\Users\Jowaiszas Fam\Documents\Untitled 1.odt
2014-08-21 09:17 - 2014-08-21 09:17 - 00038817 _____ () C:\Users\Jowaiszas Fam\Desktop\reader.htm
2014-08-18 21:02 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-18 21:02 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-18 21:02 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-18 21:02 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-18 21:01 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-18 21:01 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-18 21:01 - 2014-05-14 11:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-18 21:01 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-18 21:01 - 2014-05-14 11:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 21:45 - 2014-09-06 12:27 - 00005032 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JowaiszasFam-PC-Jowaiszas Fam JowaiszasFam-PC
2014-08-17 05:04 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-17 05:04 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 05:04 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 05:04 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-17 05:04 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-17 05:04 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-17 05:04 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 05:04 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 10:52 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-16 10:52 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 10:52 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-16 10:52 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-16 10:52 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-16 10:52 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-16 10:52 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 10:52 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 10:52 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 10:51 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-16 10:51 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-16 10:51 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-16 10:51 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 10:51 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-16 10:51 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-16 10:51 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-16 10:51 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 10:51 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-16 10:51 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-16 10:51 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-16 10:51 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-16 10:51 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-16 10:51 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-16 10:51 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-16 10:51 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 10:51 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-16 10:51 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-16 10:51 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-16 10:51 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-16 10:51 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-16 10:51 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-16 10:51 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 10:51 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 10:51 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 10:51 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 10:51 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-16 10:51 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-16 10:51 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 10:51 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-16 10:51 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 10:51 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-16 10:51 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 10:51 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 10:51 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-16 10:51 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 10:51 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 10:51 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 10:51 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 10:51 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-16 10:51 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 10:51 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-16 10:51 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-16 10:51 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-16 10:51 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 10:51 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 10:51 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 10:51 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-16 10:51 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 10:51 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 10:51 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 10:51 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 10:51 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-16 10:51 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-16 10:51 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-16 10:51 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 10:51 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 10:51 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 10:51 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-16 10:51 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 10:51 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-16 10:51 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 10:51 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 08:43 - 2011-11-01 01:50 - 00000000 ____D () C:\FRST
2014-09-07 13:23 - 2011-03-04 04:05 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-06 22:20 - 2014-09-04 19:59 - 00025250 _____ () C:\Windows\PFRO.log
2014-09-06 16:31 - 2014-02-06 09:38 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-06 16:30 - 2014-02-26 18:21 - 00000000 ___RD () C:\Users\Jowaiszas Fam\OneDrive
2014-09-06 16:30 - 2013-04-29 11:21 - 00000000 ___RD () C:\Users\Jowaiszas Fam\Dropbox
2014-09-06 16:30 - 2009-07-14 00:10 - 01188758 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 16:26 - 2014-01-24 12:33 - 00000314 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-09-06 16:13 - 2011-11-04 17:10 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 15:55 - 2012-06-26 11:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 15:13 - 2014-09-03 14:17 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-09-06 15:13 - 2014-08-31 22:09 - 00000000 ____D () C:\ProgramData\LoucKYCoupOn
2014-09-06 15:13 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 15:12 - 2014-02-06 09:38 - 00000000 ____D () C:\Program Files (x86)\Sendori
2014-09-06 15:12 - 2012-11-01 11:44 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-09-06 14:06 - 2013-05-21 16:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-06 13:14 - 2014-09-03 14:19 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-09-06 13:14 - 2014-01-01 14:43 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\CRE
2014-09-06 13:14 - 2013-12-26 16:18 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-09-06 13:14 - 2013-11-16 13:36 - 00000000 ____D () C:\Users\Zane\AppData\Local\CRE
2014-09-06 12:27 - 2014-08-17 21:45 - 00005032 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JowaiszasFam-PC-Jowaiszas Fam JowaiszasFam-PC
2014-09-06 12:20 - 2014-09-06 12:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-06 12:15 - 2014-09-06 12:15 - 00006472 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-09-06 12:14 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 12:14 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 12:13 - 2014-09-06 12:13 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 12:13 - 2014-09-06 12:13 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 12:13 - 2014-09-06 12:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 12:12 - 2014-09-03 14:01 - 00000964 _____ () C:\Windows\setupact.log
2014-09-06 12:07 - 2013-04-29 11:15 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox
2014-09-06 12:04 - 2011-03-04 04:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-06 12:04 - 2011-03-04 04:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-06 12:03 - 2011-11-04 17:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 12:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 11:53 - 2014-09-06 11:53 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\BRT
2014-09-04 20:01 - 2013-12-26 16:18 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-04 11:24 - 2014-02-26 18:32 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Outlook Files
2014-09-04 10:15 - 2012-01-28 17:49 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\Skype
2014-09-03 14:21 - 2014-09-03 14:20 - 00000000 ____D () C:\Program Files (x86)\FUPM Browser
2014-09-03 14:20 - 2014-09-03 14:20 - 00004056 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-03 14:20 - 2014-09-03 14:20 - 00001935 _____ () C:\Users\Jowaiszas Fam\Desktop\Sync Folder.lnk
2014-09-03 14:20 - 2014-09-03 14:20 - 00001053 _____ () C:\Users\Jowaiszas Fam\Desktop\MyPC Backup.lnk
2014-09-03 14:18 - 2014-09-03 14:17 - 00004368 _____ () C:\Windows\SysWOW64\MyOSProtect.ini
2014-09-03 14:18 - 2014-09-03 14:17 - 00002312 _____ () C:\Windows\SysWOW64\MyOSProtectOff.ini
2014-09-03 14:18 - 2014-09-03 14:17 - 00002312 _____ () C:\Windows\System32\MyOSProtectOff.ini
2014-09-03 14:16 - 2014-09-03 14:16 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect
2014-09-03 14:16 - 2014-09-03 14:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-03 14:01 - 2014-09-03 14:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 10:06 - 2014-04-15 09:43 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\TB
2014-09-02 17:01 - 2013-12-26 16:19 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\Mobogenie
2014-09-01 23:47 - 2012-05-09 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-31 22:10 - 2014-02-26 17:39 - 00000000 ____D () C:\ProgramData\e5ceab2c5b156455
2014-08-31 10:14 - 2014-08-31 10:14 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Dell
2014-08-29 12:36 - 2008-09-26 14:07 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\John's
2014-08-29 08:35 - 2014-02-26 18:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 17:47 - 2014-08-28 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 05:18 - 2009-07-13 23:45 - 00355632 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-23 12:31 - 2011-10-19 20:27 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-23 01:35 - 2014-08-23 01:35 - 00020029 _____ () C:\Users\Jowaiszas Fam\Documents\Untitled 1.odt
2014-08-22 21:07 - 2014-08-27 21:27 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 20:45 - 2014-08-27 21:27 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-27 21:27 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-21 09:17 - 2014-08-21 09:17 - 00038817 _____ () C:\Users\Jowaiszas Fam\Desktop\reader.htm
2014-08-20 12:36 - 2014-09-03 14:17 - 00350768 _____ (MyOSCompany) C:\Windows\System32\MyOSProtect64.dll
2014-08-20 12:36 - 2014-09-03 14:17 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-08-19 06:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 14:29 - 2013-04-29 11:21 - 00001052 _____ () C:\Users\Jowaiszas Fam\Desktop\Dropbox.lnk
2014-08-17 05:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 05:24 - 2013-08-15 05:03 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-17 05:13 - 2011-06-14 18:42 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-17 05:03 - 2014-05-07 05:01 - 00000000 ___SD () C:\Windows\System32\CompatTel

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\@
C:\Windows\assembly\tmp\bckfg.tmp
C:\Windows\assembly\tmp\cfg.ini
C:\Windows\assembly\tmp\lsflt7.ver

Files to move or delete:
====================
C:\Users\Jowaiszas Fam\gosetup.exe
C:\Users\Jowaiszas Fam\gotomypc_428.exe
C:\Users\Jowaiszas Fam\gotomypc_438.exe
C:\Users\Zane\gotomypc_428.exe

Some content of TEMP:
====================
C:\Users\Jowaiszas Fam\AppData\Local\Temp\CloudBackup3551.exe
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo9zgl1.dll
C:\Users\Jowaiszas Fam\AppData\Local\Temp\SpOrder.dll
C:\Users\Zane\AppData\Local\Temp\BackupSetup.exe
C:\Users\Zane\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-08-18 21:01:35
Restore point made on: 2014-08-22 03:39:58
Restore point made on: 2014-08-26 09:31:35
Restore point made on: 2014-08-28 05:00:53
Restore point made on: 2014-09-02 12:09:48
Restore point made on: 2014-09-06 11:58:15

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3835.95 MB
Available physical RAM: 3229.52 MB
Total Pagefile: 3834.1 MB
Available Pagefile: 3219.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.83 GB) (Free:741.54 GB) NTFS
Drive d: (eSysRescueLiveCD) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 647A6E83)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-08-27 02:09

==================== End Of Log ============================



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 11 September 2014 - 10:00 AM

Download the enclosed file. [attachment=154471:fixlist.txt]

 

Save it in the same location FRST is saved.

 

Run FRST as you did before, except that this time around, click on the Fix button and wait.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
Attempt to boot either on Normal or Safe Mode, and let me know the outcome..
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 11 September 2014 - 10:21 AM

I was able to boot into Normal mode.  I'm still thinking there might be some bugs.  Did the Farbar Recovery do a virus clean also, or is there more that I should be doing ?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by SYSTEM at 2014-09-11 12:13:46 Run:2
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\@
C:\Windows\assembly\tmp\bckfg.tmp
C:\Windows\assembly\tmp\cfg.ini
C:\Windows\assembly\tmp\lsflt7.ver
C:\Users\Jowaiszas Fam\gosetup.exe
C:\Users\Jowaiszas Fam\gotomypc_428.exe
C:\Users\Jowaiszas Fam\gotomypc_438.exe
C:\Users\Zane\gotomypc_428.exe
C:\Users\Jowaiszas Fam\AppData\Local\Temp\CloudBackup3551.exe
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo9zgl1.dll
C:\Users\Jowaiszas Fam\AppData\Local\Temp\SpOrder.dll
C:\Users\Zane\AppData\Local\Temp\BackupSetup.exe
C:\Users\Zane\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1519062203-4250741935-3557447494-1003\User: Group Policy restriction detected <======= ATTENTION
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S2 Update sizlsearch; "C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe" [X]
S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Program Files (x86)\sizlsearch
C:\Program Files (x86)\Web Protect
C:\Windows\SysWOW64\MyOSProtect.ini
C:\Windows\SysWOW64\MyOSProtectOff.ini
C:\Windows\System32\MyOSProtectOff.ini
C:\Windows\System32\MyOSProtect64.dll
C:\Windows\SysWOW64\MyOSProtect.dll
C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\ProgramData\LoucKYCoupOn
C:\Program Files (x86)\Sendori
C:\Program Files (x86)\Ask.com
End
*****************

C:\Windows\assembly\tmp => Moved successfully.
"C:\Windows\assembly\tmp\@" => File/Directory not found.
"C:\Windows\assembly\tmp\bckfg.tmp" => File/Directory not found.
"C:\Windows\assembly\tmp\cfg.ini" => File/Directory not found.
"C:\Windows\assembly\tmp\lsflt7.ver" => File/Directory not found.
C:\Users\Jowaiszas Fam\gosetup.exe => Moved successfully.
C:\Users\Jowaiszas Fam\gotomypc_428.exe => Moved successfully.
C:\Users\Jowaiszas Fam\gotomypc_438.exe => Moved successfully.
C:\Users\Zane\gotomypc_428.exe => Moved successfully.
C:\Users\Jowaiszas Fam\AppData\Local\Temp\CloudBackup3551.exe => Moved successfully.
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo9zgl1.dll => Moved successfully.
C:\Users\Jowaiszas Fam\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Zane\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Zane\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
" c:\progra~2\optimi~1\optpro~1.dll" => Value Data removed successfully.
C:\Windows\System32\GroupPolicy\Machine => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1519062203-4250741935-3557447494-1003\User => Moved successfully.
CltMngSvc => Service deleted successfully.
ProtectMonitor => Service deleted successfully.
Service Sendori => Service deleted successfully.
Update sizlsearch => Service deleted successfully.
Util sizlsearch => Service deleted successfully.
catchme => Service deleted successfully.
SPPD => Service deleted successfully.
C:\Program Files (x86)\sizlsearch => Moved successfully.
C:\Program Files (x86)\Web Protect => Moved successfully.
C:\Windows\SysWOW64\MyOSProtect.ini => Moved successfully.
C:\Windows\SysWOW64\MyOSProtectOff.ini => Moved successfully.
C:\Windows\System32\MyOSProtectOff.ini => Moved successfully.
C:\Windows\System32\MyOSProtect64.dll => Moved successfully.
C:\Windows\SysWOW64\MyOSProtect.dll => Moved successfully.
C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
"C:\Users\Jowaiszas Fam\AppData\Local\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
C:\ProgramData\LoucKYCoupOn => Moved successfully.
C:\Program Files (x86)\Sendori => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.

==== End of Fixlog ====



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 11 September 2014 - 12:18 PM

No, farbar's tool just scans and we eliminate. Lets scan the computer.
 
Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

You will see the following console:
 
AdwScan.jpg?

  •  
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

bf_new.gif Please launch and update Malwarebytes' Anti-Malware. 
 
If an update is found, it will download and install the latest version.

  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quanrantee All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Right click on your next reply and select Paste.
  • Submit your reply.

Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 11 September 2014 - 02:20 PM

Adware Cleaner Log:

# AdwCleaner v3.309 - Report created 11/09/2014 at 16:05:34
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jowaiszas Fam - JOWAISZASFAM-PC
# Running from : C:\Users\Jowaiszas Fam\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : BackupStack
Service Deleted : MgAssistService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\ClickForSaleo
Folder Deleted : C:\ProgramData\FlaashCoUpon
Folder Deleted : C:\ProgramData\greAteSaving
Folder Deleted : C:\ProgramData\QueenCoueponu
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Program Files (x86)\PrintPDF_Pro_1.1
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Conduit
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\genienext
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\iac
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\LocalLow\PrintPDF_Pro_1.1
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Jowaiszas Fam\Documents\Mobogenie
Folder Deleted : C:\Users\Jowaiszas Fam\Documents\Optimizer Pro
Folder Deleted : C:\Users\Zane\AppData\Local\Conduit
Folder Deleted : C:\Users\Zane\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Zane\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Zane\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Smartbar
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\CT3307181
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\ffxtlbr@mysearchdial.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\gfl_u5@uercryg.com
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\gfl_u5@uercryg.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\mltbyioa@fvdka.com
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\mltbyioa@fvdka.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\oaooyeeuuuy@zhk-.com
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\oaooyeeuuuy@zhk-.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\r-icr@dteckb-oay.com
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\r-icr@dteckb-oay.com
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\uemvi3xu1@rggcy-vtvd.edu
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\staged\uemvi3xu1@rggcy-vtvd.edu
Folder Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6}
Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbohehdfjdmmnhinmnpclbemkmhfmbm
Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbohehdfjdmmnhinmnpclbemkmhfmbm
Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjnofamphmidajlfmecndnlohjdhfgld
Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjnofamphmidajlfmecndnlohjdhfgld
[!] Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbohehdfjdmmnhinmnpclbemkmhfmbm
[!] Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbohehdfjdmmnhinmnpclbemkmhfmbm
[!] Folder Deleted : C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjnofamphmidajlfmecndnlohjdhfgld
[!] Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjnofamphmidajlfmecndnlohjdhfgld
[!] Folder Deleted : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal
File Deleted : C:\END
File Deleted : C:\Users\Jowaiszas Fam\daemonprocess.txt
File Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Jowaiszas Fam\Desktop\Mobogenie.lnk
File Deleted : C:\Users\Jowaiszas Fam\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Jowaiszas Fam\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Jowaiszas Fam\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\user.js
File Deleted : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task
Task Deleted : LaunchSignup
Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : UpdaterEX

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5679f695-50a9-4857-8da9-727df7e74c94}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBF95906-C4AF-4D8D-9389-B5EB2018B612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EE92893-E0D0-40C2-9E37-2477B741DD03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\PrintPDF_Pro_1.1
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : HKLM\SOFTWARE\PrintPDF_Pro_1.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sizlsearch
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\prefs.js ]

Line Deleted : user_pref("CT3317420.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3317420.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3317420.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.FF19Solved", "true");
Line Deleted : user_pref("CT3317420.FirstTime", "true");
Line Deleted : user_pref("CT3317420.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3317420.UserID", "UN32906056412323730");
Line Deleted : user_pref("CT3317420.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3317420.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3317420.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3317420.appOptions", "{}");
Line Deleted : user_pref("CT3317420.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3317420.countryCode", "US");
Line Deleted : user_pref("CT3317420.defaultSearch", "true");
Line Deleted : user_pref("CT3317420.embeddedsData", "[{\"appId\":\"130263969522244138\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3317420.enableAlerts", "true");
Line Deleted : user_pref("CT3317420.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3317420.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3317420.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3317420.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3317420.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3317420.fullUserID", "UN32906056412323730.IN.20140101124152");
Line Deleted : user_pref("CT3317420.installDate", "01/01/2014 12:42:31");
Line Deleted : user_pref("CT3317420.installSessionId", "{BF620463-6300-429F-9C56-58406D727F31}");
Line Deleted : user_pref("CT3317420.installSp", "TRUE");
Line Deleted : user_pref("CT3317420.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3317420.installUsage", "2014-01-01T22:44:01.8350009+03:00");
Line Deleted : user_pref("CT3317420.installUsageEarly", "2014-01-01T22:43:59.136149+03:00");
Line Deleted : user_pref("CT3317420.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3317420.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3317420.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3317420.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3317420.keyword", "true");
Line Deleted : user_pref("CT3317420.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3317420.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3317420.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fhome.tb.ask.com%2Findex.jhtml%3Fptb%3D6DA045D8-4558-400A-8C63-B669771DE319%26n%3D780b6015%26[...]
Line Deleted : user_pref("CT3317420.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.openThankYouPage", "false");
Line Deleted : user_pref("CT3317420.openUninstallPage", "true");
Line Deleted : user_pref("CT3317420.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0DD66238-033F-439B-A0B6-016DB7948DD1&SSPV=");
Line Deleted : user_pref("CT3317420.originalSearchAddressUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=482C8BC5-7C53-4CDE-9FC1-212E2EA570AD&apn_ptnrs=TV&apn_sauid=55ABE142-7E32-[...]
Line Deleted : user_pref("CT3317420.originalSearchEngine", "Conduit Search");
Line Deleted : user_pref("CT3317420.originalSearchEngineName", "Conduit Search");
Line Deleted : user_pref("CT3317420.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3317420.search.searchAppId", "130263969522244138");
Line Deleted : user_pref("CT3317420.search.searchCount", "0");
Line Deleted : user_pref("CT3317420.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3317420.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3317420.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3317420.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3317420.searchRevert", "false");
Line Deleted : user_pref("CT3317420.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3317420.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3317420.searchUserMode", "2");
Line Deleted : user_pref("CT3317420.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3317420\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://PrintPDFPro11.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"PrintPDF Pro 1.1 \"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3317420.serviceLayer_services_Configuration_lastUpdate", "1392165171831");
Line Deleted : user_pref("CT3317420.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1391728787075");
Line Deleted : user_pref("CT3317420.serviceLayer_services_appsMetadata_lastUpdate", "1392165170782");
Line Deleted : user_pref("CT3317420.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1391279085959");
Line Deleted : user_pref("CT3317420.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388605402907");
Line Deleted : user_pref("CT3317420.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388605405123");
Line Deleted : user_pref("CT3317420.serviceLayer_services_login_10.23.0.728_lastUpdate", "1389467518940");
Line Deleted : user_pref("CT3317420.serviceLayer_services_login_10.23.0.822_lastUpdate", "1390531567401");
Line Deleted : user_pref("CT3317420.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1391279085829");
Line Deleted : user_pref("CT3317420.serviceLayer_services_searchAPI_lastUpdate", "1392165170920");
Line Deleted : user_pref("CT3317420.serviceLayer_services_serviceMap_lastUpdate", "1392165170175");
Line Deleted : user_pref("CT3317420.serviceLayer_services_toolbarContextMenu_lastUpdate", "1392165170283");
Line Deleted : user_pref("CT3317420.serviceLayer_services_toolbarSettings_lastUpdate", "1392165170184");
Line Deleted : user_pref("CT3317420.serviceLayer_services_translation_lastUpdate", "1392165169939");
Line Deleted : user_pref("CT3317420.settingsINI", true);
Line Deleted : user_pref("CT3317420.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3317420.showToolbarPermission", "false");
Line Deleted : user_pref("CT3317420.smartbar.CTID", "CT3317420");
Line Deleted : user_pref("CT3317420.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3317420.smartbar.homepage", "true");
Line Deleted : user_pref("CT3317420.smartbar.toolbarName", "PrintPDF Pro 1.1 ");
Line Deleted : user_pref("CT3317420.startPage", "true");
Line Deleted : user_pref("CT3317420.toolbarBornServerTime", "1-1-2014");
Line Deleted : user_pref("CT3317420.toolbarCurrentServerTime", "24-1-2014");
Line Deleted : user_pref("CT3317420.toolbarInstallDate", "01-01-2014 12:41:56");
Line Deleted : user_pref("CT3317420.toolbarLoginClientTime", "Wed Jan 01 2014 12:43:23 GMT-0700 (US Mountain Standard Time)");
Line Deleted : user_pref("CT3317420.versionFromInstaller", "10.23.0.728");
Line Deleted : user_pref("CT3317420.xpeMode", "0");
Line Deleted : user_pref("CT3317420_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392165158508,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=482C8BC5-7C53-4CDE-9FC1-212E2EA570AD&apn_ptnrs=TV&apn_sauid=55ABE142-7E[...]
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3317420");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "PrintPDF Pro 1.1 Customized Web Search");
Line Deleted : user_pref("extensions.a37bf9a27478d4ebbbc9195c738fd7c12d3d6f6e923ea4896ae1f917f17e83ebfcom47720.47720.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.irmysearch.aflt", "dnldstr0103");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyEtB0BtB0BzzyEtDzyyBtAyE0DyDyBtN0D0Tzu0CyByDyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD1V1Q1L1V1T1C1V1N1V1B1V2Y1B1V2W1L1GyB1V1F2Z1VyCyE1VtDtDtDt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "149341631");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317420&SearchSource=2&CUI=UN32906056412323730&UM=2&q=");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.BUTTON_STRUCTURE", "[{\"b\":220923973,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220923974,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.defaultenginename.prev", "PrintPDF Pro 1.1 Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.selectedEngine.prev", "PrintPDF Pro 1.1 Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.homepage.prev", "hxxps://www.google.com/");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.firstKnownVersion", "5.79.3.13368");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=6DA045D8-4558-400A-8C63-B669771DE319&n=780b6015&p2=^UX^xdm423^S08347^us&si=49588");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.lastGuardTime", -624979318);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installKeysSource", "File");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2014011413");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm423^S08347^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "49588");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "6DA045D8-4558-400A-8C63-B669771DE319");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1402257375376");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.lastKnownVersion", "5.79.3.13368");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "espn||google.com");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "85201");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "mapsgalaxy@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
Line Deleted : user_pref("extensions.zP_ykm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3317420");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317420&CUI=UN32906056412323730&UM=2&SearchSource=13&sspv=S41B");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317420&SearchSource=2&CUI=UN32906056412323730&UM=2&sspv=S41B&q=,hxxp://search.conduit.com/ResultsEx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317420");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3317420");
Line Deleted : user_pref("smartbar.machineId", "ETMYMYHJR0HLKBUXOSBPU8O1IXQQBBBXFNNKWTYKJ+VS6DAJ3VXKGBS+QVJ3TVFL1EJLZTAQVDJCSN6SDXRXMG");
Line Deleted : user_pref("valueApps.CT3317420./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E06CG5EL8:", "6E6D6871716D6C757778");
Line Deleted : user_pref("valueApps.CT3317420./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E777773727B7D7E242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3317420./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ1F@=!LAD", "247E61393F236B25757070797A2B222D6F4250454E337B353E534D4A2E594E513E3540236055505853565049324B787B4E455033707361553E57484B5A515C6E6D717D6D2170644D6C[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ1F@=!LAD.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ5=CKB:K$ODG", "247E61393F236B25757273787B2B222D6F4250454E337B35424A50584F4758315C51544138432663665448314A3B3E4D444F325E5F68543D56474659505B6D6C707C6C206F634C6[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ5=CKB:K$ODG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ=<>::J>$ODG", "247E61393F236B25717171752A212C6E414F444D327A3449484A4646564A305B5053403742256257525A5558524B344D7A7D504752357275635740594B455C535E416D6E77634C6[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ=<>::J>$ODG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ><ILB\"MBE", "247E61393F236B2576707778732B222D6F4250454E337B354B4956594F2F5A4F523F364124616452462F48393C4B424D5F5E626E5E7161553E5D583B68776B68767D7C614A634E65[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJ><ILB\"MBE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJE8G9!LAD", "247E61393F236B2575737379762B222D6F4250454E337B35524554462E594E513E3540236055505853565049324B787B4E455033707361553E57484B5A515C3F6B6C75614A63545366[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJE8G9!LAD.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJG?K:;BO=M@'RGJ", "247E61393F236B2575717675742B222D6F4250454E337B35544C5847484F5C4A5A4D345F5457443B46296669574B344D3E41504752646367736376665A43625D406D7C706D7B[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJG?K:;BO=M@'RGJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJI8A K@C.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJI8IH@;G;M&QFI", "247E61393F236B2575727078732B222D6F4250454E337B35564556554D4854485A335E5356433A45286568564A334C3B4E4550626165716174645841605B707D6B7D79614A696[...]
Line Deleted : user_pref("valueApps.CT3317420./9B+7E31;CJI8IH@;G;M&QFI.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3317420./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3G>D", "396E3E3D3E6B43417A7246444520767B7C4C254C4E4E532A2753272B2B2B2C265D2F2A61");
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3317420./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3317420./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3317420./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3317420./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B5BA==9CJAG", "6A3F68696A6C6F6D7A457873797678767A7B7C234D");
Line Deleted : user_pref("valueApps.CT3317420./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B6B11G4C56B>F;P;ANR@P", "6E6D6871716D6C766E73797A78");
Line Deleted : user_pref("valueApps.CT3317420./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3317420./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3317420./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3317420./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3317420./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B<:222H64<L8DAJ", "6D70706E7674747977772A7972727979757C78");
Line Deleted : user_pref("valueApps.CT3317420./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3317420./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3317420./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3317420./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3317420./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3317420.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3317420.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3317420.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.SF_USER_ID", "6369645F31313230313431323435313037353238333531");
Line Deleted : user_pref("valueApps.CT3317420.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420._key_cl_active", "64383737313861312D623137382D346661622D386539332D383235663761333434313334");
Line Deleted : user_pref("valueApps.CT3317420._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420._key_edilia__uID", "34636165363730662D616636642D343534642D386232372D326233633532336130306630");
Line Deleted : user_pref("valueApps.CT3317420._key_edilia__uID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.cb_experience_000", "3230");
Line Deleted : user_pref("valueApps.CT3317420.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3317420.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.cb_user_id_000", "43423830383736353939363536345F313338383739383038323637375F46697265666F78");
Line Deleted : user_pref("valueApps.CT3317420.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.cbfirsttime", "576564204A616E20303120323031342031323A34353A303620474D542D3037303020285553204D6F756E7461696E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3317420.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7030222C2276657273696F6E223A31307D");
Line Deleted : user_pref("valueApps.CT3317420.discover-experiments-photopop.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.discover-periodic-reports", "7B2270696E675F30223A5B313339303038323531393039352C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3317420.discover-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.discover-user-id", "2233303864613562342D313238302D346563612D393738342D37366130613634323830393522");
Line Deleted : user_pref("valueApps.CT3317420.discover-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.ground-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3317420.ground-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.impression_session_counter", "3238");
Line Deleted : user_pref("valueApps.CT3317420.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.impression_session_id", "2234623736303466382D653562302D343331632D626338342D64613235393631393464303422");
Line Deleted : user_pref("valueApps.CT3317420.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.impression_session_last_active", "31333930313734353530343631");
Line Deleted : user_pref("valueApps.CT3317420.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appStateReportTime", "31333932313635313735373435");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_currentBadgeValue", "30");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_lastLoginTime", "31333932313635313736363930");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_newApps", "5B5D");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_userId", "62346538306233342D316364332D343036652D626630632D343832316631656130393366");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3317420.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchAgent.reporter", "7B22687474703A2F2F7777772E6172697A6F6E6175737373612E636F6D2F615F746F75726E616D656E74732F3133554141414D4C4B323031342E706466223A313338393734313733[...]
Line Deleted : user_pref("valueApps.CT3317420.rematchAgent.reporter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchGround-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3317420.rematchGround-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333331373432307E38365[...]
Line Deleted : user_pref("valueApps.CT3317420.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-is-test-user", "66616C7365");
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-is-test-user.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-matkot-user-id", "22313338393534383238353834303334323334353622");
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339303137343134353134362C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-user-id", "2237373033616461312D666636322D346265342D616162342D32613763373130386461323622");
Line Deleted : user_pref("valueApps.CT3317420.rematchagent-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3317420.response_cache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3317420.url_history0001", "687474703A2F2F6573706E2E676F2E636F6D2F626C6F672F6E636672656372756974696E672F776573743A3A3A636C69636B68616E646C65723A3A3A313338383738373533343732312C2C[...]
Line Deleted : user_pref("valueApps.CT3317420.url_history0001.storedInFile", true);

[ File : C:\Users\Zane\AppData\Roaming\Mozilla\Firefox\Profiles\iqkfttf5.default\prefs.js ]

Line Deleted : user_pref("CT3307181.FF19Solved", "true");
Line Deleted : user_pref("CT3307181.UserID", "UN15236876722248916");
Line Deleted : user_pref("CT3307181.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3307181.fullUserID", "UN15236876722248916.IN.20131116113604");
Line Deleted : user_pref("CT3307181.installDate", "16/11/2013 11:36:06");
Line Deleted : user_pref("CT3307181.installSessionId", "{7BAC5AE0-6041-4AF6-BAD3-AFD6BC3E4F8C}");
Line Deleted : user_pref("CT3307181.installSp", "TRUE");
Line Deleted : user_pref("CT3307181.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3307181.keyword", "true");
Line Deleted : user_pref("CT3307181.originalHomepage", "about:home");
Line Deleted : user_pref("CT3307181.originalSearchAddressUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=482C8BC5-7C53-4CDE-9FC1-212E2EA570AD&apn_ptnrs=TV&apn_sauid=55ABE142-7E32-[...]
Line Deleted : user_pref("CT3307181.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT3307181.originalSearchEngineName", "Ask.com");
Line Deleted : user_pref("CT3307181.searchRevert", "false");
Line Deleted : user_pref("CT3307181.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3307181.searchUserMode", "2");
Line Deleted : user_pref("CT3307181.smartbar.homepage", "true");
Line Deleted : user_pref("CT3307181.toolbarInstallDate", "16-11-2013 11:36:04");
Line Deleted : user_pref("CT3307181.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3307181.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=482C8BC5-7C53-4CDE-9FC1-212E2EA570AD&apn_ptnrs=TV&apn_sauid=55ABE142-7E[...]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "appmarket- Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3307181");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3307181&CUI=UN15236876722248916&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3307181&SearchSource=2&CUI=UN15236876722248916&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3307181");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3307181");
Line Deleted : user_pref("smartbar.machineId", "ETMYMYHJR0HLKBUXOSBPU8O1IXQQBBBXFNNKWTYKJ+VS6DAJ3VXKGBS+QVJ3TVFL1EJLZTAQVDJCSN6SDXRXMG");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0DD66238-033F-439B-A0B6-016DB7948DD1&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN95426264612029302&ctid=CT3317420&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0BzzyEtDzyyBtAyE0DyDyBtN0D0Tzu0CyByDyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD1V1Q1L1V1T1C1V1N1V1B1V2Y1B1V2W1L1GyB1V1F2Z1VyCyE1VtDtDtDtDtGtDtDtDtD&cr=149341631&ir=
Deleted [Extension] : bbbohehdfjdmmnhinmnpclbemkmhfmbm
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kjnofamphmidajlfmecndnlohjdhfgld
Deleted [Extension] : lcnnhcneegeeojhgpfijnlnocjdmlaon

[ File : C:\Users\Zane\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0BzzyEtDzyyBtAyE0DyDyBtN0D0Tzu0CyByDyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD1V1Q1L1V1T1C1V1N1V1B1V2Y1B1V2W1L1GyB1V1F2Z1VyCyE1VtDtDtDtDtGtDtDtDtD&cr=149341631&ir=
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0BzzyEtDzyyBtAyE0DyDyBtN0D0Tzu0CyByDyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD1V1Q1L1V1T1C1V1N1V1B1V2Y1B1V2W1L1GyB1V1F2Z1VyCyE1VtDtDtDtDtGtDtDtDtD&cr=149341631&ir=
Deleted [Extension] : bbbohehdfjdmmnhinmnpclbemkmhfmbm
Deleted [Extension] : iekjmlcgpmcjigljdiagaibfjfaideal
Deleted [Extension] : kjnofamphmidajlfmecndnlohjdhfgld
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [60204 octets] - [11/09/2014 15:59:51]
AdwCleaner[S0].txt - [60860 octets] - [11/09/2014 16:05:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [60921 octets] ##########

 

Malwarebytes Logs (had some problems at first, so there are two)

 

Log 1:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/11/2014
Scan Time: 2:03:08 PM
Logfile: MalwareBytes Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jowaiszas Fam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278317
Time Elapsed: 16 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [f7523ec1304adf5711120e6655ad738d],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [f7523ec1304adf5711120e6655ad738d],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\sizlsearch, Quarantined, [39106b94adcdb6801af2dfdba85bc23e],
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-1519062203-4250741935-3557447494-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\sizlsearch, Quarantined, [3d0c86796614b97d8588d3e7768d39c7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Log 2:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/11/2014
Scan Time: 3:28:05 PM
Logfile: MalwareBytes Log2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.11.06
Rootkit Database: v2014.09.10.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jowaiszas Fam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367164
Time Elapsed: 23 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1519062203-4250741935-3557447494-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [9ac8e20a087375c1e8e6ee93d62c2ad6],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [9ac8e20a087375c1e8e6ee93d62c2ad6],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [2141f5f780fbaf87cc6194d557ad3bc5],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [016111dbf883c47268c4501938cc20e0],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [4a18b834c0bb9a9c67a89774ed168a76],
PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT, Quarantined, [0d55d418c0bb59dd0d792dce6e94cd33],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1519062203-4250741935-3557447494-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [422019d3bbc03df9a12afd0d6e952ed2],
PUP.Optional.BrowserManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B86A5F28-E714-49DD-9C61-6DC5BB867255}}_is1, Quarantined, [342ec42891ea0630326f8a67788ae020],

Registry Values: 3
PUP.Optional.BrowserManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FUPM Browser, C:\Program Files (x86)\FUPM Browser\BrowserManager.exe, Quarantined, [09590fdd25568ea8dd93ec13748e6c94]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [4a18b834c0bb9a9c67a89774ed168a76]
PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT|ImagePath, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, Quarantined, [0d55d418c0bb59dd0d792dce6e94cd33]

Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-1519062203-4250741935-3557447494-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=55&CUI=&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=55&CUI=&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9&SSPV=),Replaced,[d58d17d50378360083a37b74689c5ca4]

Folders: 5
PUP.Optional.Conduit.A, C:\Users\Jowaiszas Fam\AppData\Local\TB\APISupport, Quarantined, [5e0438b48dee3402436924c237cb0af6],
PUP.Optional.Conduit.A, C:\Users\Jowaiszas Fam\AppData\Local\TB\APISupport\MiniSP_1.0.2.178, Quarantined, [5e0438b48dee3402436924c237cb0af6],
PUP.Optional.Conduit.A, C:\Users\Jowaiszas Fam\AppData\Local\TB\APISupport\MiniSP_1.0.2.178\Logs, Quarantined, [5e0438b48dee3402436924c237cb0af6],
PUP.Optional.BrowserManager.A, C:\Program Files (x86)\FUPM Browser, Quarantined, [342ec42891ea0630326f8a67788ae020],
PUP.Optional.BrowserManager.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUPM Browser, Quarantined, [b7ab05e79be0c96d6042f8f9e41eb848],

Files: 13
PUP.Optional.MyOSProtect.A, C:\Windows\temp\MyOSProtect.log, Quarantined, [2a386686d9a290a60f3c25d5dc260ff1],
PUP.Optional.Trovi.A, C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\searchplugins\trovi-search.xml, Quarantined, [90d2b13b81fae155e295e432e71c2ad6],
PUP.Optional.Conduit.A, C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [93cf0ae21e5d34023496b066b84b639d],
PUP.Optional.Conduit.A, C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [481a856776052d097d4d14026f9415eb],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [1d45b13b37441f17fc34f970cf35dc24],
PUP.Optional.BrowserManager.A, C:\Program Files (x86)\FUPM Browser\sqlite3.dll, Quarantined, [342ec42891ea0630326f8a67788ae020],
PUP.Optional.BrowserManager.A, C:\Program Files (x86)\FUPM Browser\unins000.dat, Quarantined, [342ec42891ea0630326f8a67788ae020],
PUP.Optional.BrowserManager.A, C:\Program Files (x86)\FUPM Browser\unins000.exe, Quarantined, [342ec42891ea0630326f8a67788ae020],
PUP.Optional.BrowserManager.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUPM Browser\FUPM Browser.lnk, Quarantined, [b7ab05e79be0c96d6042f8f9e41eb848],
PUP.Optional.Trovi, C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "Trovi search");), Replaced,[f0725696017ac175b1e2aa81679ed12f]
PUP.Optional.Trovi, C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search");), Replaced,[82e0d418a9d2be786f2503280ef7c040]
PUP.Optional.Trovi.A, C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=55&CUI=&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9&SSPV=");), Replaced,[7fe3dc107308d95d859c34f8ae5735cb]
PUP.Optional.Trovi.A, C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9");), Replaced,[72f05b912d4e44f235edad7f27de58a8]

Physical Sectors: 0
(No malicious items detected)

(end)



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 11 September 2014 - 06:10 PM

That was quite a detection.
 
Please download the latest Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The other two logs (Addition.txt and Shortcut.txt) can be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 11 September 2014 - 07:50 PM

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Jowaiszas Fam (administrator) on JOWAISZASFAM-PC on 11-09-2014 21:41:37
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(Dropbox, Inc.) C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-01] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [ShwiconXP6366] => c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe [237568 2009-07-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-1519062203-4250741935-3557447494-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1519062203-4250741935-3557447494-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-04] (Google Inc.)
HKU\S-1-5-21-1519062203-4250741935-3557447494-1001\...\Run: [SkyDrive] => C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1519062203-4250741935-3557447494-1001\...\RunOnce: [Uninstall C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211"
HKU\S-1-5-21-1519062203-4250741935-3557447494-1001\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10342^us&si=CD9606&ptb=DDA1413C-2D76-4215-BAEE-C19D8E3FCB1E&ind=2014071616&n=780c4b40&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0994E41C-A672-4605-8C93-D2CEE82F1434} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {419A8C3B-1728-4FAE-BD29-BBF88A8DB0C6} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US636&p={SearchTerms}
SearchScopes: HKCU - {9393158F-11BA-47C4-8980-CA5902AD7790} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=58&CUI=&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9&q={searchTerms}&SSPV=
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10342^us&si=CD9606&ptb=DDA1413C-2D76-4215-BAEE-C19D8E3FCB1E&ind=2014071616&n=780c4b40&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {ED91ED3E-3DA6-4E3C-9B5D-3FB0365A3C97} URL =
BHO: No Name -> {2C5140AE-4C4C-3B33-E88A-C0682E80D11C} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default
FF SearchEngineOrder.1: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=A111US636&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: PPngVeiewer - C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\Extensions\hckd5mhp@uyeiyaqu.edu [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-10-19]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchProvider: Default -> McAfee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=A211US636&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows LiveÃÂÃÂÃÂî Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (Online Chess Games) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdpiilochbpoemecaookclgloelkmdfc [2014-08-04]
CHR Extension: (Google Search) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
CHR Extension: (SiteAdvisor) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-28]
CHR Extension: (No Name) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb [2014-01-01]
CHR Extension: (Yet Another Lorem Ipsum Generator) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jffcmkkfbampimhpimhofhhkanhflfce [2014-08-31]
CHR Extension: (Delicious Reloaded) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgplakhhiofpgplgbjgohnjfnkiafncd [2014-06-09]
CHR Extension: (Chromium browser automation) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmjnojfkcohdpkpjmeeijckfbebbon [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Shut Up) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Jowaiszas Fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR HKCU\...\Chrome\Extension: [haagkflomlmpdjaojgbeljnkkohbbegb] - C:\Users\Jowaiszas Fam\AppData\Local\CRE\haagkflomlmpdjaojgbeljnkkohbbegb.crx []
CHR HKLM-x32\...\Chrome\Extension: [haagkflomlmpdjaojgbeljnkkohbbegb] - C:\Users\Jowaiszas Fam\AppData\Local\CRE\haagkflomlmpdjaojgbeljnkkohbbegb.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S4 DellOSDservice; C:\Program Files\Dell\OSD\DellOSDservice.exe [7168 2010-07-05] (Microsoft) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-02] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-01] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 21:02 - 2014-09-11 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-11 19:32 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:32 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 19:32 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:32 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:32 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:32 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 19:32 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:32 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:32 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:32 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:32 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:32 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:32 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 19:32 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:32 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:32 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:32 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:32 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:32 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:32 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 19:32 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:32 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:32 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 19:32 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:32 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 19:32 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 19:32 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 19:32 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 19:32 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:32 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:32 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 19:32 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 19:32 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:32 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 19:32 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 19:32 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 19:32 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 19:32 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:32 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:32 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:32 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:32 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 19:32 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 19:32 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 19:32 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 19:32 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:32 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 19:32 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:32 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 19:32 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 19:32 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 19:32 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:32 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 19:32 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 19:32 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:32 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 19:22 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:22 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 16:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-11 15:59 - 2014-09-11 16:09 - 00000000 ____D () C:\AdwCleaner
2014-09-11 15:41 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 15:41 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 15:41 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 15:41 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 15:41 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 15:41 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 15:41 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 15:41 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 15:41 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 15:40 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 15:40 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 14:56 - 2014-09-11 10:20 - 01370467 _____ () C:\Users\Jowaiszas Fam\Desktop\adwcleaner_3.309.exe
2014-09-11 14:55 - 2014-09-11 14:55 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-11 14:51 - 2014-09-11 14:51 - 00000000 ____D () C:\SWTOOLS
2014-09-11 14:02 - 2014-09-11 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 14:01 - 2014-09-11 14:01 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 14:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 14:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 14:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 13:19 - 2014-09-11 13:19 - 00000000 __SHD () C:\found.000
2014-09-06 09:53 - 2014-09-06 09:53 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\BRT
2014-09-04 17:59 - 2014-09-11 16:10 - 00045926 _____ () C:\Windows\PFRO.log
2014-09-03 12:01 - 2014-09-11 19:42 - 00002208 _____ () C:\Windows\setupact.log
2014-09-03 12:01 - 2014-09-03 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 08:14 - 2014-08-31 08:14 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Dell
2014-08-28 15:47 - 2014-08-28 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-27 19:27 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:27 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 19:27 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:35 - 2014-08-22 23:35 - 00020029 _____ () C:\Users\Jowaiszas Fam\Documents\Untitled 1.odt
2014-08-21 07:17 - 2014-08-21 07:17 - 00038817 _____ () C:\Users\Jowaiszas Fam\Desktop\reader.htm
2014-08-18 19:02 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-18 19:02 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-18 19:02 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-18 19:02 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-18 19:01 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-18 19:01 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-18 19:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-18 19:01 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-18 19:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 19:45 - 2014-09-11 19:56 - 00005034 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JowaiszasFam-PC-Jowaiszas Fam JowaiszasFam-PC
2014-08-17 03:04 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 03:04 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 03:04 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 03:04 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 03:04 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 03:04 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 03:04 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 03:04 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 08:52 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 08:52 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 08:52 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 08:52 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 08:52 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 08:52 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 08:52 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 08:52 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 08:52 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 08:51 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 08:51 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 08:51 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 08:51 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 08:51 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 21:41 - 2011-10-31 23:50 - 00000000 ____D () C:\FRST
2014-09-11 21:13 - 2011-11-04 15:10 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 21:02 - 2014-09-11 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-11 20:55 - 2012-06-26 09:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 20:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:56 - 2014-08-17 19:45 - 00005034 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JowaiszasFam-PC-Jowaiszas Fam JowaiszasFam-PC
2014-09-11 19:50 - 2009-07-13 22:10 - 02045444 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 19:49 - 2009-07-13 21:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 19:49 - 2009-07-13 21:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 19:46 - 2013-04-29 09:21 - 00000000 ___RD () C:\Users\Jowaiszas Fam\Dropbox
2014-09-11 19:46 - 2013-04-29 09:15 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox
2014-09-11 19:45 - 2014-02-26 16:21 - 00000000 ___RD () C:\Users\Jowaiszas Fam\OneDrive
2014-09-11 19:45 - 2011-11-04 15:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 19:45 - 2011-03-04 02:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-11 19:45 - 2011-03-04 02:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-11 19:45 - 2011-03-04 02:05 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-11 19:42 - 2014-09-03 12:01 - 00002208 _____ () C:\Windows\setupact.log
2014-09-11 19:42 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 19:31 - 2011-09-15 14:18 - 00796390 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 19:31 - 2009-07-13 22:13 - 00796390 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 19:30 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:24 - 2011-06-14 16:42 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 19:22 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 17:55 - 2012-06-26 09:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 17:55 - 2012-06-26 09:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 17:55 - 2011-10-28 19:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 16:12 - 2012-01-28 15:49 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\Skype
2014-09-11 16:10 - 2014-09-04 17:59 - 00045926 _____ () C:\Windows\PFRO.log
2014-09-11 16:09 - 2014-09-11 15:59 - 00000000 ____D () C:\AdwCleaner
2014-09-11 16:08 - 2011-06-14 15:48 - 00000000 ____D () C:\Users\Jowaiszas Fam
2014-09-11 15:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2014-09-11 15:52 - 2014-04-15 07:43 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\TB
2014-09-11 15:27 - 2014-09-11 14:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 15:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-11 14:55 - 2014-09-11 14:55 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-11 14:55 - 2011-03-04 01:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 14:54 - 2011-03-04 03:00 - 00000000 ____D () C:\dell
2014-09-11 14:51 - 2014-09-11 14:51 - 00000000 ____D () C:\SWTOOLS
2014-09-11 14:45 - 2009-07-13 22:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 14:01 - 2014-09-11 14:01 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 14:01 - 2014-09-11 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 13:19 - 2014-09-11 13:19 - 00000000 __SHD () C:\found.000
2014-09-11 12:21 - 2014-01-01 16:24 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 12:21 - 2011-06-14 17:24 - 00000008 __RSH () C:\Users\Jowaiszas Fam\ntuser.pol
2014-09-11 10:20 - 2014-09-11 14:56 - 01370467 _____ () C:\Users\Jowaiszas Fam\Desktop\adwcleaner_3.309.exe
2014-09-11 10:13 - 2011-06-14 17:27 - 00000000 ____D () C:\Users\Zane
2014-09-11 10:13 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-06 13:13 - 2009-07-13 19:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 12:06 - 2013-05-21 14:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-06 11:14 - 2014-01-01 12:43 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Local\CRE
2014-09-06 11:14 - 2013-11-16 11:36 - 00000000 ____D () C:\Users\Zane\AppData\Local\CRE
2014-09-06 09:53 - 2014-09-06 09:53 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\BRT
2014-09-04 19:10 - 2014-09-11 15:40 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-11 15:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 09:24 - 2014-02-26 16:32 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Outlook Files
2014-09-03 12:01 - 2014-09-03 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-01 21:47 - 2012-05-09 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-31 20:10 - 2014-02-26 15:39 - 00000000 ____D () C:\ProgramData\e5ceab2c5b156455
2014-08-31 08:14 - 2014-08-31 08:14 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\Dell
2014-08-29 10:36 - 2008-09-26 12:07 - 00000000 ____D () C:\Users\Jowaiszas Fam\Documents\John's
2014-08-29 06:35 - 2014-02-26 16:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 15:47 - 2014-08-28 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 03:18 - 2009-07-13 21:45 - 00355632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 10:31 - 2011-10-19 18:27 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-22 23:35 - 2014-08-22 23:35 - 00020029 _____ () C:\Users\Jowaiszas Fam\Documents\Untitled 1.odt
2014-08-22 19:07 - 2014-08-27 19:27 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 19:27 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 19:27 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 07:42 - 2014-02-26 16:21 - 00002213 _____ () C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-21 07:17 - 2014-08-21 07:17 - 00038817 _____ () C:\Users\Jowaiszas Fam\Desktop\reader.htm
2014-08-19 11:05 - 2014-09-11 19:32 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 10:39 - 2014-09-11 19:32 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 16:01 - 2014-09-11 19:32 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 15:29 - 2014-09-11 19:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 15:29 - 2014-09-11 19:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 15:26 - 2014-09-11 19:32 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 15:20 - 2014-09-11 19:32 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 15:19 - 2014-09-11 19:32 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 15:15 - 2014-09-11 19:32 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 15:15 - 2014-09-11 19:32 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 15:14 - 2014-09-11 19:32 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 15:14 - 2014-09-11 19:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 15:08 - 2014-09-11 19:32 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 15:08 - 2014-09-11 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 15:08 - 2014-09-11 19:32 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 15:05 - 2014-09-11 19:32 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 15:03 - 2014-09-11 19:32 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 15:03 - 2014-09-11 19:32 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 15:03 - 2014-09-11 19:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 14:57 - 2014-09-11 19:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:56 - 2014-09-11 19:32 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:51 - 2014-09-11 19:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:46 - 2014-09-11 19:32 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 14:45 - 2014-09-11 19:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:45 - 2014-09-11 19:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:44 - 2014-09-11 19:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:44 - 2014-09-11 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:42 - 2014-09-11 19:32 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:40 - 2014-09-11 19:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:39 - 2014-09-11 19:32 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:39 - 2014-09-11 19:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:39 - 2014-09-11 19:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:38 - 2014-09-11 19:32 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-09-11 19:32 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 14:36 - 2014-09-11 19:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-09-11 19:32 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 14:27 - 2014-09-11 19:32 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:25 - 2014-09-11 19:32 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:25 - 2014-09-11 19:32 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:23 - 2014-09-11 19:32 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:23 - 2014-09-11 19:32 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 14:22 - 2014-09-11 19:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:19 - 2014-09-11 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:17 - 2014-09-11 19:32 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:17 - 2014-09-11 19:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:16 - 2014-09-11 19:32 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:15 - 2014-09-11 19:32 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:15 - 2014-09-11 19:32 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:09 - 2014-09-11 19:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:08 - 2014-09-11 19:32 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:07 - 2014-09-11 19:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 13:55 - 2014-09-11 19:32 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 13:46 - 2014-09-11 19:32 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 13:38 - 2014-09-11 19:32 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 13:38 - 2014-09-11 19:32 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 13:36 - 2014-09-11 19:32 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 12:29 - 2013-04-29 09:21 - 00001052 _____ () C:\Users\Jowaiszas Fam\Desktop\Dropbox.lnk
2014-08-17 12:28 - 2013-04-29 09:18 - 00000000 ____D () C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-17 03:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmqcy6.dll
C:\Users\Jowaiszas Fam\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-11 16:38

==================== End Of Log ============================


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Jowaiszas Fam at 2014-09-11 21:43:27
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0921.2139 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother Software Suite (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0921.2140.37013 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help English (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help French (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help German (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
ccc-utility64 (Version: 2010.0921.2140.37013 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CIR Tool Kit (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 2.2.2010.714 - Nuvoton Technology Corp)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cozi (HKLM-x32\...\{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}) (Version: 1.0.4913.28433 - Cozi Group, Inc.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
CyberLink YouPaint (x32 Version: 1.2.2124 - CyberLink Corp.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{89263C19-557E-4D23-AAD7-113F6175DFC1}) (Version: 1.5.402.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Touch Software Suite Games (HKLM-x32\...\{2108900C-5BE3-4FF3-95AC-A1DD07C16CD9}) (Version: 1.2.6.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DellOSD (HKLM\...\{89B91433-49FF-45E6-9B89-02E761A5ACB9}) (Version: 1.1.2 - Dell, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastAccess (HKLM\...\{876F4556-6811-4341-A6D7-78C3F15420E2}) (Version: 2.4.91.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{0807242D-4BB5-4F6C-BEA8-EC9D75A51C51}) (Version: 1.1.1817.91 - Alcor Micro Corp.)
Multimedia Card Reader (x32 Version: 1.1.1817.91 - Alcor Micro Corp.) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Sendori (HKLM-x32\...\Sendori) (Version: 2.0.18 - Sendori, Inc.) <==== ATTENTION
SetDisplayConfig (HKLM\...\{277C688D-1948-4CF2-8EFC-6328C6AE85BB}) (Version: 1.00.0000 - Dell, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShoppingDealFactory (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - ShoppingDealFactory) <==== ATTENTION
Skins (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
StickyNotes (HKLM-x32\...\{0A71BAB4-D703-4CE4-8B3F-0D06A1D1A4E1}) (Version: 1.3.20.0 - Dell)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Web Protect for Windows (HKLM-x32\...\wp-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.11.2 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1519062203-4250741935-3557447494-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-08-2014 08:39:09 Windows Update
26-08-2014 14:31:06 Windows Update
28-08-2014 10:00:13 Windows Update
02-09-2014 17:09:19 Windows Update
06-09-2014 16:56:16 Windows Update
11-09-2014 21:52:14 Installed Lenovo_Wireless_Driver
11-09-2014 21:55:09 Installed Realtek Ethernet Controller Driver For Windows Vista adò'9
11-09-2014 22:41:07 Windows Update
12-09-2014 02:22:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-11-01 23:15 - 2011-11-01 23:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D815D2-BD07-45D8-9490-57EC25E81C7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {12EF7ADB-249D-432F-88AB-F28EA5334002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04] (Google Inc.)
Task: {345EBFC1-68B9-4119-9E77-A13996F0A0FB} - System32\Tasks\{C4603140-5434-40A6-926E-D3AFFE8A0DB9} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: {654EDE46-3033-4EA5-9D44-CF7E4C48DF94} - System32\Tasks\Games Updater => c:\Program Files (x86)\Dell Touch Software Suite\Games\updater.exe [2010-09-09] (Caphyon LTD)
Task: {7BE7733D-3FB2-4779-8E36-9454B11103D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04] (Google Inc.)
Task: {82F1BEBF-2190-4C0D-B36D-871E401E029A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {92D9BEA4-CA60-415F-B747-6AFD49745DF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {A6AF4EC7-6559-430B-AFF2-5B8A4E3A7383} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {A93FE779-46D2-4D17-8D84-F7218E50B5EA} - System32\Tasks\StickyNotes Updater => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\updater.exe [2010-12-10] (Caphyon LTD)
Task: {A96D27E8-5FA4-4740-AAFC-FE2B155C24DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B474D1C8-B5A8-4352-88FB-F59445A50BAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {BE2959C0-9AD3-40F8-A90C-E6329D707319} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {D41E5CEE-5363-4FD8-A761-FBA142B5B39D} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {D635E654-1D60-40C9-8243-3120D8D7B6CA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JowaiszasFam-PC-Jowaiszas Fam JowaiszasFam-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-28] (Microsoft Corporation)
Task: {DBF75EF7-9685-4D0C-9993-1163C04AEDAF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-26 16:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-28 06:48 - 2014-08-28 06:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-04 02:06 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 11:50 - 2012-02-01 11:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2010-08-26 15:08 - 2010-08-26 15:08 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-21 20:38 - 2010-09-21 20:38 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-01 11:50 - 2012-02-01 11:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2010-02-22 14:25 - 2010-02-22 14:25 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2009-12-15 21:13 - 2009-12-15 21:13 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-11-15 21:58 - 2009-11-15 21:58 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-09-11 19:45 - 2014-09-11 19:45 - 00043008 _____ () c:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmqcy6.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-19 17:33 - 2014-06-19 17:33 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Jowaiszas Fam\Documents\ZJ football 2007.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DellOSDservice => 2
MSCONFIG\startupreg: "C: =>
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Jowaiszas Fam\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Jowaiszas Fam\AppData\Roaming\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2014 07:45:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 07:44:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (09/11/2014 05:30:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/11/2014 05:29:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 05:27:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/11/2014 04:15:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 04:14:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (09/11/2014 04:05:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MgAssist.exe, version: 0.0.0.0, time stamp: 0x53200c4e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xbbc
Faulting application start time: 0xMgAssist.exe0
Faulting application path: MgAssist.exe1
Faulting module path: MgAssist.exe2
Report Id: MgAssist.exe3

Error: (09/11/2014 04:00:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 04:00:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

System errors:
=============
Error: (09/11/2014 07:45:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/11/2014 04:12:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/11/2014 03:57:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (09/11/2014 03:57:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (09/11/2014 03:57:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (09/11/2014 03:25:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (09/11/2014 03:25:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (09/11/2014 03:25:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (09/11/2014 03:24:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (09/11/2014 03:18:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Microsoft Office Sessions:
=========================
Error: (09/11/2014 07:45:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 07:44:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (09/11/2014 05:30:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/11/2014 05:29:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/11/2014 05:27:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/11/2014 04:15:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 04:14:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (09/11/2014 04:05:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MgAssist.exe0.0.0.053200c4eunknown0.0.0.000000000c000000500000000bbc01cfce13cd44a7a9C:\Program Files (x86)\Mobogenie\MgAssist.exeunknown24469702-3a08-11e4-817d-842b2b840973

Error: (09/11/2014 04:00:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (09/11/2014 04:00:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

CodeIntegrity Errors:
===================================
  Date: 2014-01-01 13:44:19.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-01 13:44:19.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-01 13:44:19.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-17 15:23:43.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-17 15:23:43.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-17 15:23:43.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-01 23:09:20.779
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-01 23:09:20.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240e Processor
Percentage of memory in use: 49%
Total physical RAM: 3835.95 MB
Available physical RAM: 1954.48 MB
Total Pagefile: 7670.08 MB
Available Pagefile: 4991.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.83 GB) (Free:739.78 GB) NTFS
Drive d: (eSysRescueLiveCD) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 647A6E83)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Shortcut.txt

Users shortcut scan result (x64) Version: 10-09-2014
Ran by Jowaiszas Fam at 2014-09-11 21:45:08
Running from E:\
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\PhotoStage.lnk -> C:\Program Files (x86)\Dell\PhotoStage\PhotoStage.exe (ArcSoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk -> C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk -> C:\Program Files (x86)\Cozi Express\CoziExpress.exe (Cozi Group, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk -> C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11\PageViewer.lnk -> C:\Program Files (x86)\ScanSoft\PaperPort\pppagevw.exe (Nuance Communications, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11\PaperPort.lnk -> C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe (Nuance Communications, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuvoton CIR tool kit\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}\setup.exe (Acresso Software Inc.                                        )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Blackboard.lnk -> C:\Windows\Installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}\Icon.Machine.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Garden Pond.lnk -> C:\Windows\Installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}\Icon.Ripple.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Rebound.lnk -> C:\Windows\Installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}\Icon.Haptik.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Surface Collage.lnk -> C:\Windows\Installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}\Icon.Collage.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Surface Globe.lnk -> C:\Windows\Installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}\Icon.Globe.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company\LEGO Digital Designer Manual.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\en-manual.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company\LEGO Digital Designer Read Me.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\engReadMe.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company\LEGO Digital Designer.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe (LEGO Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company\Uninstall LEGO Digital Designer.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition\Configure FastAccess.lnk -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAConsU.exe (Sensible Vision )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Readme.lnk -> C:\Program Files\Dell\DW WLAN Card\Readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Touch Software Suite\StickyNotes.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\StickyNotes.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Touch Software Suite\Games\Bug Garden.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\Bug Garden\BugGarden.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Touch Software Suite\Games\Dodge.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\Dodge\Dodge.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Touch Software Suite\Games\Drum Zone.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\DrumZone\DrumZone.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Touch Software Suite\Games\Touch Instruments.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\TouchInstruments\TouchInstruments.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\CyberLink YouPaint.lnk -> C:\Program Files (x86)\Dell\YouPaint\YouPaint.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\MusicStage.lnk -> C:\Program Files (x86)\Dell Stage\MusicStage\musicstage.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\PhotoStage.lnk -> C:\Program Files (x86)\Dell\PhotoStage\PhotoStage.exe (ArcSoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\VideoStage.lnk -> C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\Weather.lnk -> C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe\Dell DataSafe Local Backup.lnk -> C:\Program Files (x86)\Dell DataSafe Local Backup\dslauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe\Dell DataSafe Online.lnk -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Service Agreements\Accidental_Damage_Services.pdf.lnk -> C:\Windows\Installer\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}\IconEF85FEF4.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Service Agreements\QualxServ.pdf.lnk -> C:\Windows\Installer\{903679E8-44C8-4C07-9600-05C92654FC50}\Icon903679E8.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk -> C:\Program Files (x86)\Dell\Dell Welcome\welcome.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\THX TruStudio PC\Readme.lnk -> C:\Program Files (x86)\Creative\THX TruStudio PC\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\THX TruStudio PC\THX Audio Control Panel.lnk -> C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\RM10aUsa.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Scanner Settings\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\ScanRead.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Scanner Settings\Scanner Utility.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\BrScUtil.exe (Brother Industries Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\PC-FAX Sending\How to use PC-FAX Sending.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\howtousebrotherpc.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\PC-FAX Receiving\How to use PC-FAX Receiving.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\howtousepcfaxrx.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F2768248-A5C1-4AF1-A096-80AFBEE2611B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\DrumZone\DrumZone.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{e5901c5f-59c5-4410-ace7-f41757c3a941}\SupportTasks\0\Game Console.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsole.ico (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{9A50841B-39E0-47E2-8B2B-27ACB900B725}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\TouchInstruments\TouchInstruments.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{57ADB70B-3F73-4C96-A90E-615D274AB6C0}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\Bug Garden\BugGarden.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{31C35E14-CE0A-47BA-B512-B3448D5D83E6}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Dell Touch Software Suite\Games\Dodge\Dodge.exe ()
Shortcut: C:\ProgramData\Dell\Dell Stage\deleted_shortcuts\Cozi Family Calendar.lnk -> C:\Program Files (x86)\Cozi Express\CoziExpress.exe (Cozi Group, Inc.)
Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\Links\Desktop.lnk -> C:\Users\Jowaiszas Fam\Desktop ()
Shortcut: C:\Users\Jowaiszas Fam\Links\Downloads.lnk -> C:\Users\Jowaiszas Fam\Downloads ()
Shortcut: C:\Users\Jowaiszas Fam\Links\Dropbox.lnk -> C:\Users\Jowaiszas Fam\Dropbox ()
Shortcut: C:\Users\Jowaiszas Fam\Links\OneDrive.lnk -> C:\Users\Jowaiszas Fam\OneDrive ()
Shortcut: C:\Users\Jowaiszas Fam\Desktop\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\Desktop\Microsoft OneDrive.lnk -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\Desktop\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\Desktop\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\Jowaiszas Fam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk -> C:\Users\Jowaiszas Fam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Jowaiszas Fam\Dropbox ()
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe (LEGO Company)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Brother Creative Center.lnk -> C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url ()
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\LEGO Digital Designer.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe (LEGO Company)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Zane\Links\Desktop.lnk -> C:\Users\Jowaiszas Fam\Desktop ()
Shortcut: C:\Users\Zane\Links\Downloads.lnk -> C:\Users\Jowaiszas Fam\Downloads ()
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11\Scanner Setup Wizard.lnk -> C:\Program Files (x86)\ScanSoft\PaperPort\ScannerWizard.exe (Nuance Communications, Inc.) -> /A [PaperPort 11.1] /L [eng]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Roxio Burn.lnk -> C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe () -> /STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack for Windows 7\Microsoft Surface Lagoon.lnk -> C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\FirstRun.exe (Microsoft Corporation) -> /lagoon
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk -> C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company\LEGO Digital Designer Safe Mode.lnk -> C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe (LEGO Company) -> -CompatibilityModeLevel 100
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- More Casual Games -.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- More Enthusiast Games -.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- More Kids Games -.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- More MMO Games -.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies\PlantsVsZombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - dell.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp dellc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Yahtzee.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Yahtzee\Yahtzee-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition\Check for updates.lnk -> C:\Program Files (x86)\Sensible Vision\Fast Access\FASecFacX.exe (Sensible Vision ) -> 9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition\FastAccess Help.lnk -> C:\Program Files (x86)\Sensible Vision\Fast Access\FASecFacX.exe (Sensible Vision ) -> 15
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /package {876F4556-6811-4341-A6D7-78C3F15420E2}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Utility.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> shell32.dll,,Control_RunDLL C:\Windows\system32\bcmwlcpl.CPL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage\Dell Stage.lnk -> C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () -> "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\My Dell.lnk -> C:\Program Files\My Dell\pcdlauncher.exe (PC-Doctor, Inc.) -> -lloc dsc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\PC Checkup.lnk -> C:\Program Files\My Dell\pcdlauncher.exe (PC-Doctor, Inc.) -> -startingpage pccheckup -lloc pccheckup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Advanced.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Wizard.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Wizard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start CCC
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Restart Runtime.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) -> Restart
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\ControlCenter3.lnk -> C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe (Brother Industries, Ltd.) -> /Model=MFC-J615W
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Installation Diagnostics.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\Brinstck.exe (Brother Industries, Ltd.) -> MFC-J615W
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\On-Line Registration.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\Brolink\Brolink0.exe (Brother Industories, Ltd.) -> OLR_URL /mMFC-J615W
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Remote Setup.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\brmfrmss.exe (Brother Industries Ltd.) -> LCL "MFC-J615W"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Status Monitor.lnk -> C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) -> Brother MFC-J615W XML Paper on USB001 /SHOW
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\UnInstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0009 UNINSTALL Reg=BH9e2_C2,Brother MFC-J615W,USB
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Scanner Settings\Scanners and Cameras.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ScannersAndCameras
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\PC-FAX Sending\PC-FAX Address Book.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\AddrBook.exe (Brother Industries, Ltd.) -> PCFAX TOP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\PC-FAX Sending\PC-FAX Setup.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\PCfxSet.exe (Brother Industries, Ltd.) -> PCFAX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\PC-FAX Receiving\Receive.lnk -> C:\Program Files (x86)\Brother\Brmfl10c\FAXRX.exe (Brother Industries Ltd.) -> LCL "MFC-J615W" -RM0
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f837f216-f01f-49af-95b4-771a5cd0c15b}\PlayTasks\0\Virtual Families.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Families\Virtual Families-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e5901c5f-59c5-4410-ace7-f41757c3a941}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{caf9c43a-38d3-4666-8d43-0fb3e2ad328e}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3b88a01-18bb-4b7f-a16a-ec5a3bf56515}\PlayTasks\0\Peggle.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Peggle\Peggle-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c19ad5b6-e38b-4b92-8a6d-e6fcb384993a}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b54e1b01-881e-4233-b628-2a78222c09a6}\PlayTasks\0\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b514da3f-381c-45d9-bc8d-a1eecb28be66}\PlayTasks\0\Yahtzee.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Yahtzee\Yahtzee-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{aa39ace3-49af-4ee4-a308-d6711eb0f43d}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7e9be6d3-6e24-418d-8725-335f4a71ceb7}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7b602390-562b-4986-b2a6-3404f51f5cb4}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5e28c2ca-d4f3-40b2-a374-b2f71f807f3d}\PlayTasks\0\Scrabble.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{55d00c81-c802-4a55-be6d-e4a7047178e5}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{50278457-15ba-438e-8fcd-ba19e3ed5311}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1ea4044f-dd7d-4010-8878-1020414c592d}\PlayTasks\0\Diner Dash.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash\Diner Dash-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{17d9b52e-d739-4fc9-a270-7ca67946e8b5}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies\PlantsVsZombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{02b50743-5781-4b2e-8376-c44317c8e541}\PlayTasks\0\Monopoly.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\WildTangent\Dell Games\Monopoly\MonopolyPB-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Dell\Dell Stage\DellStage.lnk -> C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () -> --run
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Jowaiszas Fam\Desktop\Dropbox.lnk -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall Google+ Auto Backup.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {A50DE037-B5C0-4C8A-8049-B0C576B313D1}
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Jowaiszas Fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - dell.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src quicklaunch /dp dellc
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\Users\Public\Desktop\WildTangent Games App - dell.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src desktop /dp dellc
ShortcutWithArgument: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Zane\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Zane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W LAN\Brother Creative Center.url -> "hxxp://www.brother.com/creativecenter/?WT.mc_id=AF"
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W LAN\On-line help and FAQ's.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc299&LNG=en&SRC=FAQ
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W LAN\User's Guides in PDF format.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc299&LNG=en&SRC=DOC
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\Brother Creative Center.url -> "hxxp://www.brother.com/creativecenter/?WT.mc_id=AF"
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\On-line help and FAQ's.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc299&LNG=en&SRC=FAQ
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-J615W\User's Guides in PDF format.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc299&LNG=en&SRC=DOC
InternetURL: C:\Users\Jowaiszas Fam\Pictures\Downloaded Albums\117838584472389820332\zj 14u originals 2011\View Online.url -> https://picasaweb.google.com/117838584472389820332/Originals93?authkey=Gv1sRgCKnNnNeth7KbFg
InternetURL: C:\Users\Jowaiszas Fam\Pictures\Downloaded Albums\114308451449486980427\Kam\View Online.url -> https://picasaweb.google.com/114308451449486980427/Kam?authkey=Gv1sRgCICNyc6tqr6lDw
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Amazon.com At a Glance The Therapy Connection at HPMS, Inc..url -> hxxp://www.amazon.com/gp/aag/main?ie=UTF8&sshmPath=at-a-glance&isAmazonFulfilled=&marketplaceID=ATVPDKIKX0DER&isCBA=&orderID=&asin=&seller=A32Y7HFRF7624F&isPopup=
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Apple - Support - Manuals.url -> hxxp://support.apple.com/manuals/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Cinemark 16 Movie Theater in Mesa AZ - Zvents.url -> hxxp://www.zvents.com/mesa-az/venues/show/47294-cinemark-16?&utm_source=yahoo&utm_medium=ssp&utm_term=movietheaters
InternetURL: C:\Users\Jowaiszas Fam\Favorites\ClassZone - Pre-Algebra.url -> hxxp://www.classzone.com/cz/books/pre_alg/book_home.htm?state=AZ
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Client Launch Page  MINDBODY.url -> hxxp://www.mindbodyonline.com/login
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Fenix Fantasy Football - League Home.url -> hxxp://f3.football.sportsline.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Fenix Fantasy Football -.url -> hxxp://f3.football.cbssports.com/messages
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Functional Movement Systems.url -> hxxp://www.functionalmovement.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Google Maps.url -> hxxp://maps.google.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Google.url -> hxxp://www.google.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Harvard Risk Management Corporation.url -> hxxp://www.harvardbenefits.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Health & Wellness.url -> https://egov.azdes.gov/cmsinternet/main.aspx?menu=8&id=52
InternetURL: C:\Users\Jowaiszas Fam\Favorites\How to Migrate from Outlook Express to Windows Live Mail- Cybernet KB.url -> hxxp://www.cybernetman.com/kb/index.cfm/fuseaction/home.viewArticles/articleId/185
InternetURL: C:\Users\Jowaiszas Fam\Favorites\http--www.anatbanielmethod.com-.url -> hxxp://www.anatbanielmethod.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\http--www.fitwize4kids.com-articles-StrengthTraining.pdf.url -> hxxp://www.fitwize4kids.com/articles/StrengthTraining.pdf
InternetURL: C:\Users\Jowaiszas Fam\Favorites\http--www.home-decorating-co.com-quiksilver-skyward-bedding.html.url -> hxxp://www.home-decorating-co.com/quiksilver-skyward-bedding.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\http--www.pronto.com-mpm-Bakugan-Battle-Brawlers-Booster-Pack-p_1096130116-PP.url -> hxxp://www.pronto.com/mpm/Bakugan-Battle-Brawlers-Booster-Pack-p_1096130116-PP
InternetURL: C:\Users\Jowaiszas Fam\Favorites\http--www.shapingamericasyouth.org-programs.aspxpage=featured.url -> hxxp://www.shapingamericasyouth.org/programs.aspx?page=featured
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Invention Home - FREE Step-by-Step Inventor's Kit! ($99 value).url -> hxxp://inventionhome.com/free-inventor_info-kit.asp?source=google&term=prototype&campaign=searchq
InternetURL: C:\Users\Jowaiszas Fam\Favorites\itunes How to move your music to a new computer.url -> hxxp://support.apple.com/kb/HT4527
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Jeepers Keepers -.url -> hxxp://kirbyskeepers.football.cbssports.com/messages/kirbyskeepers
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Kaboose - Where families get going!.url -> hxxp://www.kidsdomain.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\LEGO Star Wars Clone Trooper Minifigs Lot of 2 NEW 8014 - eBay (item 160309736674 end time Feb-11-09 211109 PST).url -> hxxp://cgi.ebay.com/LEGO-Star-Wars-Clone-Trooper-Minifigs-Lot-of-2-NEW-8014_W0QQitemZ160309736674QQcmdZViewItemQQptZBuilding_Toys?hash=item160309736674
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Longevity Center.url -> hxxp://www.everydayhealth.com/longevity/index.aspx?xid=YSLP&s_kwcid=TC-1511-83732665022-S-11194383522
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MapQuest Driving Directions.url -> hxxp://www.mapquest.com/directions/main.adp?
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Math.com Homework Help Pre-Algebra.url -> hxxp://www.math.com/homeworkhelp/PreAlgebra.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Mesa Public Schools · Mesa, Arizona · The Needs of the Student Come First.url -> https://mymps.mpsaz.org/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Mesa Public Schools, Mesa, AZ.url -> hxxp://www.mpsaz.org/main2/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Mesa Sports Index Main Page.url -> hxxp://www.mpsaz.org/athletic/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MyAnthem.url -> https://secure.anthem.com/jsp/myanthem/member/home
InternetURL: C:\Users\Jowaiszas Fam\Favorites\NCAA Basketball Men's Printable Brackets.url -> hxxp://www.cbssports.com/collegebasketball/mayhem/brackets/printable_men
InternetURL: C:\Users\Jowaiszas Fam\Favorites\NCAA Football 2010 for Xbox 360  GameStop.url -> hxxp://www.gamestop.com/xbox-360/games/ncaa-football-2010/73710
InternetURL: C:\Users\Jowaiszas Fam\Favorites\NDEP  Diabetes Control.url -> hxxp://www.ndep.nih.gov/diabetes/control/control.htm
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Origami Owl.url -> hxxp://oobyjacqueline.origamiowl.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Phoenix Jobs and Arizona Jobs from azcentral.com and CareerBuilder.url -> hxxp://www.careerbuilder.com/JobSeeker/Jobs/JobResults.aspx?IPath=ILKG&lr=cbga_tap&ncn=%5eMesa%24&sc_cmp1=js_navg_ncn&excrit=QID%3dA6654173061307%3bst%3dA%3buse%3dALL%3brawWords%3dphysical+therapist%3bTID%3d87609%3bCTY%3dMESA%3bSID%3dAZ%3bCID%3dUS%3bENR%3dYES
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Physical Therapy and the Alexander Technique Homepage.url -> hxxp://physicaltherapy.org/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Physical Therapy Equipment & Health Care Store.url -> hxxp://www.wisdomking.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Users\Jowaiszas Fam\Favorites\RealPlayer Home Page.url -> hxxp://www.real.com
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Recipes - Allrecipes.com.url -> hxxp://allrecipes.com//Recipes/Main.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Southwest Airlines.url -> hxxp://www.southwest.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Team jowaiszas - Free Fantasy Basketball - ESPN.url -> hxxp://games.espn.go.com/fba/clubhouse?leagueId=93482&teamId=4&seasonId=2012
InternetURL: C:\Users\Jowaiszas Fam\Favorites\The Diabetes Reversal Report - Natural Diabetes Treatments and Cures For Diabetics.url -> hxxp://www.diabetesreversed.com/diabetescure.php
InternetURL: C:\Users\Jowaiszas Fam\Favorites\The World Health Network - Anti-Aging and Longevity.url -> hxxp://www.worldhealth.net/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Travel Physical Therapist Job, Physical Therapy Jobs, PT Jobs - Reflectx Services.url -> hxxp://www.reflectxstaffing.com/jobs-list48.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\USSSA Baseball - ISTS Sports Statistics.url -> hxxp://www.usssa.com/sports/team3.asp?teamid=1682414
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Websites for Kids.url -> hxxp://www.mpsaz.org/hale/kids.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\www.usairways.com.url -> https://www.usair.com/awa/booking/purchase.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Yahoo!.url -> hxxp://www.yahoo.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Yahooligans! The Web Guide for Kids.url -> hxxp://yahooligans.yahoo.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Youth Baseball Pitching Teaching Proper Mechanics Critical  MomsTeam.url -> hxxp://www.momsteam.com/sports/youth-baseball-pitching-teaching-proper-mechanics-critical
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\American Express  Online Services  Log in.url -> https://online.americanexpress.com/myca/logon/us/action?request_type=LogLogoffHandler&Face=en_US&inav=Logout
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\City of Mesa Utilities Login.url -> https://cis.mesaaz.gov/eservices/p_template
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\https--www.caliberhomeloans.com-Default.aspx.url -> https://www.caliberhomeloans.com/Default.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\Sign In  View-Pay Bill from Cox.url -> https://ww2.cox.com/ibill/sandiego/sign-in.cox?onsuccess=https%3A%2F%2Fww2.cox.com%2Fibill%2Fsandiego%2Fhome.cox&onfailure=http%3A%2F%2Fww2.cox.com%2Fibill%2Fsandiego%2Fsign-in.cox
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\srp My Account 2.0 Login page.url -> https://myaccount.srpnet.com/myaccount/login.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Payments\Verizon My Business Account - Login.url -> https://mblogin.verizonwireless.com/amserver/UI/Login?realm=vzwmb&goto=https%3A%2F%2Fb2b.verizonwireless.com%3A443%2Fsms%2Famsecure%2Flanding%2Foverview.go
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Jowaiszas Fam\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\8 Steps to Deal with a Depressed Teenager.url -> hxxp://tolovehonorandvacuum.com/2011/10/8-steps-to-deal-with-a-depressed-teenager/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\American Express Credit Cards, Rewards, Travel and Business Services.url -> https://www.americanexpress.com/?fs=y&opencontactus=1
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - 2016 Basketball Prospect Rankings.url -> https://arizonavarsity.rivals.com/content.asp?CID=1660566
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - Frosh-Soph Showcase player takes.url -> hxxp://arizonavarsity.rivals.com/content.asp?CID=1543944
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - High Academic Showcase player takes.url -> hxxp://arizonavarsity.rivals.com/content.asp?CID=1541193
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - Message Boards magic 17 16 summer 2014.url -> 0
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - Message Boards.url -> hxxp://arizonavarsity.rivals.com/showmsg.asp?fid=2431&tid=191327254&mid=191327254&sid=1128&style=2
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\ArizonaVarsity.com - Week 7 From the bleachers.url -> hxxp://arizonavarsity.rivals.com/content.asp?CID=1605168
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Boys hoops Mesa Mtn. View's balance subdues Boulder Creek - Les Willsey  AIA365.com - Our Students, Our Teams... Our Future.url -> hxxp://www.aia365.com/insiders/lwillsey/3822/boys-hoops-mesa-mtn-view-s-balance-subdues-boulder-creek
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Breakout Performer Mountain View’s Zane Jowaiszas.url -> hxxp://arizonapreps.com/breakout-performer-mountain-views-zane-jowaiszas
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Chamberlain Garage Door System Keychain Remote - 956EV - Tools - Garage Door Openers - Garage Door Opener Accessories.url -> hxxp://www.sears.com/chamberlain-garage-door-system-keychain-remote-956ev/p-00328267000P?sid=IDx01192011x000001&kpid=00328267000&kispla=00328267000P
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\CJ ABP Wizards at Raptors  11-26-2011  Stats.url -> hxxp://www.gamechanger.io/game-4ecd34b73d65102198000008/stats
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\CJ USSSA Baseball - ISTS Sports Statistics.url -> https://www.usssa.com/sports/FindPlayerHistory.asp?PlaID=3403983
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Colleen Thomas Quote.url -> hxxp://education4you.com/index.cfm?pID=11428
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Declinol - Gain Control Over Alcohol.url -> hxxp://www.declinol.com/?gclid=CP_Thrq737oCFU-CQgodX0QAMg
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Desert Mountain Recovers Nicely Against Mountain View.url -> hxxp://arizonapreps.com/desert-mountain-recovers-nicely-against-mountain-view
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Devastating Effects of Alcoholism Revealed in New Self-Help Book.url -> hxxp://www.prweb.com/releases/RuthSchilling/DareToRecover/prweb11051543.htm
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\For teenage car insurance honesty is the best policy  Money  The Guardian.url -> 0
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\High School to NBA Draft.url -> hxxp://highschooltonbadraft.blogspot.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Household How To Help - My dryer squeaks!.url -> hxxp://householdhowto.blogspot.com/2012/08/help-my-dryer-squeaks.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\How to Get More of the Behavior You Want in Kids (Without Really Trying)  Psych Central.url -> hxxp://psychcentral.com/lib/how-to-get-more-of-the-behavior-you-want-in-kids-without-really-trying/00019533
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\http--www.snapchat.com-static_files-parents.pdf.url -> hxxp://www.snapchat.com/static_files/parents.pdf
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\https--azblue.insurix.com-WebBcbsazMember-Page-Individual.aspx.url -> https://azblue.insurix.com/WebBcbsazMember/Page/Individual.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\iTunes for Windows Vista, Windows 7, or Windows 8 Fix unexpected quits or launch issues.url -> hxxp://support.apple.com/kb/TS1717
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Jul 28, 2013 - YouTube.url -> hxxp://www.youtube.com/watch?v=GQAeD4e9Loc
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Outback Steakhouse Copycat Recipes Shrimp on the Barbie.url -> hxxp://outbacksteakhouseathome.blogspot.com/2012/11/shrimp-on-barbie_24.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Parent Resources - Open Enrollment Applications.url -> hxxp://www.cusd80.com/page/1137
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Personal Budget Software - Finance Software for Windows & Mac#_#_.url -> hxxp://www.youneedabudget.com/?utm_source=google&utm_medium=cpc&utm_campaign=(roi)+branded&utm_content=you+need+a+budget&utm_term=you%20need%20a%20budget&gclid=CIr1yNrgir0CFYeUfgodDUsALQ
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Print Order # 100203913.url -> https://www.dlplampsource.com/sales/order/print/order_id/244768/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Recap – Area Codes Basketball & FCP ARIZONA FROSH SOPH SHOWCASE  Area Codes Basketball.url -> hxxp://www.areacodesbasketball.com/2013/09/06/recap-area-codes-basketball-fcp-arizona-frosh-soph-showcase/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\self-help - Online Alcohol Therapy.url -> hxxp://www.brighteyecounselling.co.uk/alcohol-drugs/tag/self-help/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Teen Depression - Boys  Psychology Today.url -> hxxp://www.psychologytoday.com/articles/200308/teen-depression-boys
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Your words and thoughts have physical power - Will Smith - YouTube.url -> hxxp://www.youtube.com/watch?v=pfWGoLj1JCM
InternetURL: C:\Users\Jowaiszas Fam\Favorites\momma stuff\Zane (zjowaiszas) on Twitter.url -> https://twitter.com/zjowaiszas
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Medical\RateMDs.com - Doctor Ratings and Reviews.url -> hxxp://www.ratemds.com/index.jsp
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Media\Real.com Radio Tuner.url -> hxxp://realguide.real.com/stations/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\draftsite The Original Full Round Mock Draft Site - NFL, NHL, MLB, NBA, MLS, WNBA.url -> hxxp://www.draftsite.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Google (2).url -> https://www.google.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Google.url -> https://www.google.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Home Page.url -> hxxp://www.bishopbaseball.com/Home_Page.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\iGoogle.url -> https://accounts.google.com/ServiceLogin?continue=hxxp://www.google.com/webhp%3Fsourceid%3Dnavclient%26ie%3DUTF-8%26cplp%3D1331006998922&hl=en&service=ig&ltmpl=addphoto
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\RealPlayer.url -> hxxp://www.real.com
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites (2).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites (3).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites (4).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites (5).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites (6).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Suggested Sites.url -> 0
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Links\Welcome to the world's largest fan gear store.url -> hxxp://www.esundevils.com/Default.aspx?ctl=ViewCart&nodeID=7e28d27f-10cf-47f6-abb5-8949f2048407
InternetURL: C:\Users\Jowaiszas Fam\Favorites\JJ work info\6 Ways to Attract Recruiters to Your LinkedIn Profile.url -> hxxp://mashable.com/2013/11/17/linkedin-tips-2/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\JJ work info\self-help - Online Alcohol Therapy.url -> hxxp://www.brighteyecounselling.co.uk/alcohol-drugs/tag/self-help/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Dell (1).url -> "hxxp://www.dell.com/"
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Dell Auction (1).url -> "hxxp://www.dellauction.com"
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Dell Internet Security.url -> hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Dell.url -> hxxp://www.dell.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Gigabuys.url -> "hxxp://www.gigabuys.com/"
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Support.Dell.com (1).url -> "hxxp://support.dell.com"
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Dell\Support.Dell.Com.url -> hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\AIA365.com - Our Students, Our Teams... Our Future.url -> hxxp://mountainviewmesa.aia365.com/sports/basketball-boys
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\ArizonaVarsity.com - Arizona High School Sports.url -> hxxp://arizonavarsity.rivals.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\Bronco CJ osyb.url -> hxxp://www.azplayball.com/html/bronco.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\http--www.athleticscholarships.net-basketball-scholarships-ppc.htmgclid=CM767Zfht7ACFUvDtgodPXB98g.url -> hxxp://www.athleticscholarships.net/basketball-scholarships-ppc.htm?gclid=CM767Zfht7ACFUvDtgodPXB98g
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\MacDougall Bats,PowerWood baseball bat for sale, composite wood bats, wood bats, Wood Bat.url -> hxxp://woodbats4sale.com/MacDougall_bats/MacDougall_Bats.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\NAIA Eligibility Center - PlayNAIA.url -> hxxp://www.playnaia.org/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\NCAA Division Division I Member Sports Links.url -> hxxp://web1.ncaa.org/memberLinks/links.jsp?div=1
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\NCAA Eligibility Center.url -> hxxp://web1.ncaa.org/ECWR2/NCAA_EMS/NCAA.jsp
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\The Arizona Baseball Network -.url -> hxxp://azbaseballnetwork.com/board_page.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys Sports\Welcome to Top Choice Baseball - USSSA.url -> hxxp://www.topchoicebaseball.com/pages/tournaments.html
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\https--mpswebpay.mpsaz.org-signin.aspx  zane.url -> https://mpswebpay.mpsaz.org/signin.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\I Drive Safely.url -> hxxp://www.idrivesafely.com/signup/displayCountyCourtSelection.pl?WST=1409609955&LANGUAGE=EN&STATE=AZ&COUPON=DRITRA&COURSEID=14005
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Love Of Christ Lutheran Church.url -> hxxp://www.loveofchristchurch.net/ministry3.php
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Mesa Distance Learning Program.url -> https://www.mdlp.org/index.php?page=contact
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Mesa Public Library.url -> hxxp://www.mesalibrary.org/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Mesa Public Schools » My MPS.url -> 0
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Mountain View High School.url -> hxxp://www.mpsaz.org/mtnview/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\MyLunchMoney.url -> https://www.mylunchmoney.com/index.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Boys School\Poston Junior High School- Home of the Panthers.url -> hxxp://www.mpsaz.org/poston/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Banking\Chase Personal Banking Investments Credit Cards Home Auto Commercial Small Business Insurance.url -> hxxp://www.chase.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Banking\HSA Bank - Internet Banking Services.url -> https://secure.hsabank.com/ibanking3/login.aspx
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Banking\Manage Your Gift Card - Login.url -> https://www2.consumercardaccess.com/main/mygiftcardusb/Logout?RequestID=3186150722653720124
InternetURL: C:\Users\Jowaiszas Fam\Favorites\Banking\Online Trading, ETFs, Mutual Funds, IRAs & Retirement - Fidelity.url -> https://www.fidelity.com/?imm_pid=1&immid=00785&imm_eid=e39121977&buf=999999
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\Arizona State Board of Physical Therapy.url -> https://ptboard.az.gov/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\Complete Home Health Care Software.url -> https://accounts.axxessweb.com/Login
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\General Login for Celebrity HHC.url -> https://celebrity.devero.com/
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\http--www.cms.gov-Outreach-and-Education-Outreach-NPC-Downloads-FunctionalReportingNPC.pdf.url -> hxxp://www.cms.gov/Outreach-and-Education/Outreach/NPC/Downloads/FunctionalReportingNPC.pdf
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\Kinnser  Login.url -> https://kinnser.net/am/login.cfm?CFID=1078612&CFTOKEN=38d1a92a5d1514b3-25103485-1D09-329E-FEF18DF3EFF1DA44&jsessionid=0a308e3c9bd52ae494115f1715534d26622f
InternetURL: C:\Users\Jowaiszas Fam\Favorites\AJ work\TENS Units, Muscle Stimulators, Home Ultrasound Machines for Sale.url -> hxxp://www.lgmedsupply.com/
InternetURL: C:\Users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\Zane\Favorites\High School to NBA Draft.url -> hxxp://highschooltonbadraft.blogspot.com/2012/06/here-is-my-2012-nba-draft-rankings-now.html?m=1
InternetURL: C:\Users\Zane\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Users\Zane\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Users\Zane\Favorites\YouTube.url -> hxxp://m.youtube.com/#/watch?v=0vRFo-qS9qw&desktop_uri=%2Fwatch%3Fv%3D0vRFo-qS9qw
InternetURL: C:\Users\Zane\Favorites\Zane Jowaiszas (zjowaiszas) on Twizzle.url -> hxxp://gizoogle.net/index.php?search=%40zjowaiszas&se=Gizoogle+Dis+Shiznit
InternetURL: C:\Users\Zane\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Zane\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Zane\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Zane\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Zane\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Zane\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Users\Zane\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Zane\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Zane\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Users\Zane\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Zane\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Zane\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com/
InternetURL: C:\Users\Zane\Favorites\Dell\Dell Internet Security.url -> hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs
InternetURL: C:\Users\Zane\Favorites\Dell\Dell.url -> hxxp://www.dell.com/
InternetURL: C:\Users\Zane\Favorites\Dell\Gigabuys.url -> "hxxp://www.gigabuys.com/"
InternetURL: C:\Users\Zane\Favorites\Dell\Support.Dell.com.url -> hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen

==================== End of log =============================



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 11 September 2014 - 10:31 PM

Download the enclosed file. [attachment=154504:fixlist.txt]

 

Save it in the same location FRST is saved.

 

Run FRST as you did before, except that this time around, click on the Fix button and wait.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
How is the computer doing?
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 12 September 2014 - 07:17 AM

Computer is running better.   It's a Dell Inspiron 2305 All-in-One, and the screen is terrible fuzzy (flips between normal screen and fuzzy).  Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Jowaiszas Fam at 2014-09-12 09:11:11 Run:3
Running from E:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [FAStartup] => [X]
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10342^us&si=CD9606&ptb=DDA1413C-2D76-4215-BAEE-C19D8E3FCB1E&ind=2014071616&n=780c4b40&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9393158F-11BA-47C4-8980-CA5902AD7790} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M34F7EC88-164C-443E-81A7-6FCEE5C471E6&SearchSource=58&CUI=&UM=6&UP=SP450F1FB7-1528-4007-A836-22D15B6405E9&q={searchTerms}&SSPV=
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10342^us&si=CD9606&ptb=DDA1413C-2D76-4215-BAEE-C19D8E3FCB1E&ind=2014071616&n=780c4b40&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {ED91ED3E-3DA6-4E3C-9B5D-3FB0365A3C97} URL =
BHO: No Name -> {2C5140AE-4C4C-3B33-E88A-C0682E80D11C} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmqcy6.dll
C:\Users\Jowaiszas Fam\AppData\Local\Temp\Quarantine.exe
Task: {D41E5CEE-5363-4FD8-A761-FBA142B5B39D} - \TidyNetwork Update No Task File <==== ATTENTION
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9393158F-11BA-47C4-8980-CA5902AD7790}" => Key deleted successfully.
"HKCR\CLSID\{9393158F-11BA-47C4-8980-CA5902AD7790}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED91ED3E-3DA6-4E3C-9B5D-3FB0365A3C97}" => Key deleted successfully.
"HKCR\CLSID\{ED91ED3E-3DA6-4E3C-9B5D-3FB0365A3C97}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C5140AE-4C4C-3B33-E88A-C0682E80D11C}" => Key deleted successfully.
"HKCR\CLSID\{2C5140AE-4C4C-3B33-E88A-C0682E80D11C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Handler\cozi" => Key deleted successfully.
"HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Jowaiszas Fam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmqcy6.dll => Moved successfully.
C:\Users\Jowaiszas Fam\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D41E5CEE-5363-4FD8-A761-FBA142B5B39D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D41E5CEE-5363-4FD8-A761-FBA142B5B39D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.

==== End of Fixlog ====



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 12 September 2014 - 10:17 AM

Computer is running better.   It's a Dell Inspiron 2305 All-in-One, and the screen is terrible fuzzy (flips between normal screen and fuzzy).  Here is the log:

Chances are there is a hardware issue with the Display. Does it happen when you move the screen back and forth? In your position I would disassemble the top of the keyboard and check for a lose wire, but there is no easy way to do so.
 
Also, check the Device manager (Press the Windows Key, paste devmgmt.msc and click OK) for problems. If there is an exclamation mark over a yellow background, it means there is a problem with the driver.
 
As far as malware, all looks clear, congratulations.
 
Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.
 
The following will implement some cleanup procedures as well as reset  System Restore points:

  • Run AdwCleaner and click on Uninstall.
    • Download Delfix from here
    • Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      delfix.jpg
    • Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

Manually remove any tool left.
 
Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article   by Miekiemoes.
 
Best wishes! :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 mat58

mat58
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:40 PM

Posted 13 September 2014 - 11:20 AM

Thank you again for all of your help!  Have a wonderful weekend.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:40 PM

Posted 18 September 2014 - 09:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users