Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit. Please offer guidance


  • This topic is locked This topic is locked
51 replies to this topic

#1 notcreeper

notcreeper

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 18 December 2014 - 08:46 PM

I was sent here by one of the great Mods in the regular help section. We've tried numerous things but symptoms prevail. I can only access the internet in safe mode with networking. And in many cases I cant copy and paste.

Ive been asked to post two logs.

Here is DDS txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.60.2
Run by Janet at 20:24:00 on 2014-12-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4570 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321536&octid=EB_ORIGINAL_CTID&ISID=7482A5B6-D6E8-4305-9C7E-DFF0E2EA8D83&SearchSource=55&CUI=&UM=6&UP=SPDC7FCB54-7E94-4F73-B812-626DBFE1DC08&SSPV=
uSearch Bar = Preserve
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Rapidyweb: {7f326367-2b70-40e3-a481-b494cbfd3629} -
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN26GBR13W05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SoundTouch Music Server] "C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidywebInstaller.exe
StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~1.LNK - C:\Users\Janet\AppData\Local\StormWatch\StormWatchApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {F6962361-AD4A-4897-A356-3E10A15A102C} - hxxps://realwebex.realogy.com/client/T27LD/webex/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{30349BB3-549C-4066-ACD8-117D72BC5B65} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{30349BB3-549C-4066-ACD8-117D72BC5B65}\25F47454253543834343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30349BB3-549C-4066-ACD8-117D72BC5B65}\34245585242594447454 : DHCPNameServer = 208.67.222.222 208.67.220.220 67.69.184.135
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-11-9 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-11-9 40064]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-16 46136]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-10-22 30368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-2 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-16 47232]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-9 204288]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-4 365568]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-22 106144]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CltMngSvc;Search Protect Service;C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2014-11-27 3312960]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-2 2424424]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-9 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-9 969016]
S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-5 1901752]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-22 158880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-10-22 36000]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-9 114704]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-10-22 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-10-22 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-10-22 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-10-22 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-10-22 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-10-22 521376]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-22 110336]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-10-7 254016]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-9 96472]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-23 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-9 129752]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-9 63704]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-2 339048]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-30 1255736]
S4 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-10-30 166296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-18 04:09:55 35780 ----a-w- C:\Windows\SysWow64\temp.reg
2014-12-18 03:22:41 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-17 21:01:34 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9569AE6-299B-4D2C-99C6-C6B09F688DE1}\mpengine.dll
2014-12-16 00:36:31 -------- d-----w- C:\Users\Janet\AppData\Local\{7CED5005-16DB-477A-B595-571EB05211CB}
2014-12-11 22:53:31 -------- d-----w- C:\Users\Janet\AppData\Roaming\SparkTrust
2014-12-11 22:53:21 -------- d-----w- C:\ProgramData\SparkTrust
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-02 11:59:27 22528 ----a-w- C:\Users\Janet\AppData\Local\dsisetup1516095092.exe
2014-11-30 04:01:31 22528 ----a-w- C:\Users\Janet\AppData\Local\dsisetup1097080152.exe
2014-11-28 11:39:23 -------- d-----w- C:\Users\Janet\AppData\Local\Vosteran
2014-11-28 11:36:11 -------- d-----w- C:\Users\Janet\AppData\Roaming\WSE_Vosteran
2014-11-28 11:36:10 -------- d-----w- C:\Program Files (x86)\WSE_Vosteran
2014-11-28 11:35:59 -------- d-----w- C:\Users\Janet\AppData\Roaming\PennyBee
2014-11-28 11:35:55 -------- d-----w- C:\Program Files (x86)\PennyBee
2014-11-28 11:35:54 -------- d-----w- C:\Users\Janet\AppData\Local\Temp5642
2014-11-27 10:26:58 -------- d-----w- C:\ProgramData\COMODO
2014-11-27 10:26:48 -------- d-----w- C:\Program Files\COMODO
2014-11-27 10:26:24 -------- d-----w- C:\Users\Janet\AppData\Roaming\QuickScan
2014-11-27 10:18:34 -------- d-----w- C:\Users\Janet\AppData\Local\Kromtech
2014-11-27 10:18:26 -------- d-----w- C:\Users\Janet\AppData\Local\Zeoinsight
2014-11-27 10:18:25 -------- d-----w- C:\Users\Janet\AppData\Local\ZBAnalyticsCore
2014-11-27 10:15:34 -------- d-----w- C:\ProgramData\Kromtech
2014-11-26 22:40:53 -------- d-----w- C:\Users\Janet\AppData\Local\SearchProtect
2014-11-26 22:40:49 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-11-26 22:38:58 1179648 ----a-w- C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidywebInstaller.exe
2014-11-26 22:38:58 -------- d-----w- C:\Program Files (x86)\Rapidyweb
2014-11-26 22:38:23 -------- d-----w- C:\Program Files (x86)\Search Extensions
2014-11-26 22:37:48 -------- d-----w- C:\Users\Janet\AppData\Local\StormWatch
.
==================== Find3M ====================
.
2014-12-18 22:28:05 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 03:20:35 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-14 23:16:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-14 23:16:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-27 16:45:16 246080 ------w- C:\Windows\apppatch\AppPatch64\VCLdr64.dll
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-21 11:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 20:26:54.47 ===============

BC AdBot (Login to Remove)

 


m

#2 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 18 December 2014 - 08:50 PM

The second log...attach.txt.notepad...has a header requesting that I don't post unless specifically asked or zip it up...which Im uncertain how to do.

Thanks so much for your help in this very annoying problem

#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 19 December 2014 - 03:48 AM

Hi notcreeper, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#4 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 December 2014 - 06:40 AM

Thank you very much for your fast reply. Please bear with me as I am a techie dinosaur. (Im building a cool backyard skating rink tho...if youre ever in the area.....)

 I will try very hard to not be an idiot. And I very much respect the fact that I am privileged to be able to access this awesome forum and the expert advice given so freely.

 

Here is a link to what we have learned thus far

 

http://www.bleepingcomputer.com/forums/t/559695/laptop-loserermi-mean-userhas-done-it-again/page-3



#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 19 December 2014 - 08:10 AM

Please bear with me as I am a techie dinosaur. (Im building a cool backyard skating rink tho...if youre ever in the area.....)

Don't worry, I am sure that I can put a smile on your face. I am a bot too.robot-facebook-chat-emoticon.png

 

Here is a link to what we have learned thus far
http://www.bleepingcomputer.com/forums/t/559695/laptop-loserermi-mean-userhas-done-it-again/page-3

I have perused the thread earlier. Please, kindly complete the step I have outlined earlier so that I can prepare a fix for your issue.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 December 2014 - 10:54 PM

Users shortcut scan result (x64) Version: 17-12-2014
Ran by Janet at 2014-12-19 22:51:27
Running from C:\Users\Janet\Downloads
Boot Mode: Safe Mode (with Networking)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files (x86)\HP\IrisOCR_12.3.4.0\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk -> C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (EasyBits Software AS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZEMNOTT\My Fantasy Wedding\My Fantasy Wedding.lnk -> C:\Program Files (x86)\ZEMNOTT\My Fantasy Wedding\MyFantasyWedding.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\remove_symbolic_links_from_windows_defender_folder.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\remove_symbolic_links_from_windows_defender_folder.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax\TurboTax Canada 2010.lnk -> C:\Program Files (x86)\TurboTax 2010\tt2010.exe (Intuit Canada, a general partnership)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax\TurboTax Canada 2011.lnk -> C:\Program Files (x86)\TurboTax 2011\tt2011.exe (Intuit Canada, a general partnership)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax\TurboTax Canada 2012.lnk -> C:\Program Files (x86)\TurboTax 2012\tt2012.exe (Intuit Canada, a general partnership)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch\SoundTouch.lnk -> C:\Program Files (x86)\SoundTouch\SoundTouch.exe (Bose Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk -> C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe (Freeware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak EasyShare\ReadMe.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\ReadMe.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Documentation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Documentation\NotebookDocs.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Help.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Product Support Website.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Shop for Supplies.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star\Power Saving.lnk -> C:\Windows\Installer\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}\_FA5007C6DF56413F6D252E.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Uninstall The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diasend Uploader\Diasend Uploader.lnk -> C:\Program Files\Diasend Uploader\Diasend Uploader.exe (Diasend)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diasend Uploader\Uninstall Diasend Uploader.lnk -> C:\Program Files\Diasend Uploader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Print Creations.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\Start ArcSoft Connect.lnk -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe (ArcSoft Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\uninstall.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\0\Play The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\Videos - Shortcut.lnk -> C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms ()
Shortcut: C:\Users\Janet\Links\Desktop.lnk -> C:\Users\Janet\Desktop ()
Shortcut: C:\Users\Janet\Links\Downloads.lnk -> C:\Users\Janet\Downloads ()
Shortcut: C:\Users\Janet\Links\janet.lnk -> C:\Users\Janet\Desktop\janet ()
Shortcut: C:\Users\Janet\Links\SkyDrive.lnk -> C:\Users\Janet\SkyDrive ()
Shortcut: C:\Users\Janet\Documents\Downloads.lnk -> C:\Users\Janet\Downloads ()
Shortcut: C:\Users\Janet\Documents\Youcam\CyberLink YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Janet\Desktop\Desktop.lnk -> C:\Users\Janet\Desktop ()
Shortcut: C:\Users\Janet\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Janet\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Janet\Desktop\Tweaking.com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\Uninstall StormWatch.lnk -> C:\Users\Janet\AppData\Local\StormWatch\StormWatchappuninstall.exe ()
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk -> C:\Users\Janet\AppData\Local\StormWatch\StormWatchApp.exe (No File)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Diasend Uploader.lnk -> C:\Program Files\Diasend Uploader\Diasend Uploader.exe (Diasend)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{32E2D82B-0B7F-4B59-883D-77BEA843F255}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo™, Showdown in Ghost Town™\scooby.exe (TerraGlyph Interactive Studios)
Shortcut: C:\Users\Public\Pictures\Downloads.lnk -> C:\Users\Janet\Downloads ()
Shortcut: C:\Users\Public\Documents\YouCam\YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Diasend Uploader.lnk -> C:\Program Files\Diasend Uploader\Diasend Uploader.exe (Diasend)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\ePrintCenterShortcut.url ()
Shortcut: C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\Kodak EasyShare.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk -> C:\Users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SCK168R\ReimageRepair.exe (No File)
Shortcut: C:\Users\Public\Desktop\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SoundTouch.lnk -> C:\Program Files (x86)\SoundTouch\SoundTouch.exe (Bose Corporation)
Shortcut: C:\Users\Public\Desktop\The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\TurboTax Canada 2010.lnk -> C:\Program Files (x86)\TurboTax 2010\tt2010.exe (Intuit Canada, a general partnership)
Shortcut: C:\Users\Public\Desktop\TurboTax Canada 2011.lnk -> C:\Program Files (x86)\TurboTax 2011\tt2011.exe (Intuit Canada, a general partnership)
Shortcut: C:\Users\Public\Desktop\TurboTax Canada 2012.lnk -> C:\Program Files (x86)\TurboTax 2012\tt2012.exe (Intuit Canada, a general partnership)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cnnb&locale=en_ca&bd=all&c=113
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_ca
ShortcutWithArgument: C:\Users\Public\Desktop\Accessories.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=hpaccessories&pf=cnnb&locale=en_ca&bd=all&c=111
ShortcutWithArgument: C:\Users\Public\Desktop\HP Plus.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?bd=all&tp=dticon&locale=en_ca&pf=cnnb&c=113&s=hp_plus&TYPE=4
ShortcutWithArgument: C:\Users\Public\Desktop\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_ca

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company\Continue Registering Scooby-Doo™, Showdown in Ghost Town™.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo™, Showdown in Ghost Town™\TLCRUN.EXE (The Learning Company) ->  Ereg32
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company\Scooby-Doo™, Showdown in Ghost Town™.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo™, Showdown in Ghost Town™\TLCRUN.EXE (The Learning Company) ->  Main
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) -> -hx
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch\Uninstall SoundTouch Application.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {DEBF0781-5BCF-4A1F-954A-797820668C14}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (K-NFB Reading Technology) -> -lt:STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Connection Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) -> FromStartup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Media Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe () -> \CRM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x1000
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {2D5E3D2B-919F-407C-8757-E64827518BB6}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8600\Update IP Address.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - hp.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp hpcnb2c11
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Ink Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Ink_Note.ico () -> /newinknote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico () -> /newnote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Album Page.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 85
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Funhouse.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 89
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Half-Fold Greeting Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 84
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Photo Book.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 91
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Photo Calendar.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 86
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Quarter-Fold Greeting Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 92
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Scrapbook.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 150
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Slimline Card.lnk -> C:\Program Files (x86)\ArcSoft\Print Creations\PrintCreations.exe (ArcSoft, Inc.) -> /M 164
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\View My ArcSoft Info.lnk -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe (ArcSoft Inc.) -> ProductInfo.ac
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fac60ee0-3e65-46c0-862e-52d1e16fa6d1}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e9f7e4c9-fbef-42e7-b19f-48bf2ea8176b}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dcf8c30f-84f6-4475-829d-2dea8d873786}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c44af186-ce1f-41b7-94d3-def66a94aeeb}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b3454272-20b1-4853-9201-5a71a281bf30}\PlayTasks\0\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b0a33b86-31a7-4631-ba6d-b5a4fe1606d9}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a897d9a2-a669-4856-bdc4-f84ea324cf47}\PlayTasks\0\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9e81298d-ecad-4464-b46d-0ffb96e1d270}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{989c5174-cdb7-456a-81a0-8c2d6e45d6c5}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{961391a5-faff-4656-b639-9469eafbd166}\PlayTasks\0\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{90e6e1ce-1450-49b0-b6e3-82e43551c60f}\PlayTasks\0\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8dde8af6-a947-49ea-8858-e46765d3acb9}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{736aff42-8708-4017-be92-eb94aabb558f}\PlayTasks\0\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ea2c3d3-899a-4d22-b46b-e03dc3c2a115}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{530bf15f-039a-4796-9724-3503dfc6796a}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3c4466d3-a3d7-410d-97ed-d148233326db}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1cd10db5-fd52-412c-8f5d-106e71b1c9bd}\PlayTasks\0\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{119eedc1-0c64-4f7d-a42f-15559b86ea74}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0e771660-c365-4759-938a-aa615ed8f7d7}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{060c286e-7b14-4bf4-9936-205028416ca7}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\RunOnceHPTCS.exe () -> MODE=Registration
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Janet\Desktop\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN26GBR13W05KD;CONNECTION=NW;MONITOR=1;
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\Users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{e9f7e4c9-fbef-42e7-b19f-48bf2ea8176b}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Janet\AppData\Local\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\Users\Public\Desktop\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (K-NFB Reading Technology) -> -lt:DESKTOP
ShortcutWithArgument: C:\Users\Public\Desktop\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\Users\Public\Desktop\WildTangent Games App - hp.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src desktop /dp hpcnb2c11

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theft Protection\LoJack Theft Protection - Learn More Now.url -> hxxp://www.absolute.com/HP
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\www.thesims2.com.url -> hxxp://www.thesims2.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations\Try Online.url -> hxxp://printcreations.arcsoft.com/online/
InternetURL: C:\Users\Default\Favorites\Links\Amazon.ca – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_ca&c=113&bd=presario&tp=iefavbar&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Activity Centre.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Amazon.ca – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_ca&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Digital Photography.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_ca&bd=all&c=113
InternetURL: C:\Users\Default\Favorites\HP\Everyday Printing & Computing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Default\Favorites\HP\Home and Home Office.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hho&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_CA&bd=all&c=113
InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Plus.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_plus&pf=cnnb&locale=en_CA&bd=all&c=113
InternetURL: C:\Users\Default\Favorites\HP\hpshopping.ca.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpshop&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Norton.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=symantec&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_ca
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\#Panel2.url -> hxxp://www.jumpsport.com/trampoline-parts-measuring.htm
InternetURL: C:\Users\Janet\Favorites\2013 Ram 1500 Powertrain Deep Dive - PickupTrucks.com News.url -> hxxp://news.pickuptrucks.com/2012/04/2013-ram-1500-powertrain-deep-dive.html
InternetURL: C:\Users\Janet\Favorites\63 Best Christmas Cookie Recipes - Ideas for Holiday Cookies - Country Living#slide-2#slide-2.url -> hxxp://www.countryliving.com/cooking/recipes/holiday-cookies-1208?src=spr_FBPAGE&spr_id=1453_111721885#slide-2
InternetURL: C:\Users\Janet\Favorites\Apple Oatmeal Crisp Recipe - Allrecipes.com.url -> hxxp://allrecipes.com/recipe/apple-oatmeal-crisp/
InternetURL: C:\Users\Janet\Favorites\Backyard Rink Tips - Howard's Corner of the Web.url -> hxxp://www.hpurchase.com/byrtips.htm
InternetURL: C:\Users\Janet\Favorites\Bleeping Computer Technical Support Forums.url -> hxxp://www.bleepingcomputer.com/forums/
InternetURL: C:\Users\Janet\Favorites\Bouncing Back.url -> hxxp://pinterest.com/notsalmon/bouncing-back/
InternetURL: C:\Users\Janet\Favorites\Canadian television's online home for news about Toronto and the GTA.url -> hxxp://toronto.ctv.ca/weather/
InternetURL: C:\Users\Janet\Favorites\Children with Diabetes Forums.url -> hxxp://forums.childrenwithdiabetes.com/forum.php
InternetURL: C:\Users\Janet\Favorites\Coldwell Banker Agent Station.url -> hxxp://cbagent.bounceme.net/
InternetURL: C:\Users\Janet\Favorites\Coldwell Banker Works.url -> hxxp://cbworks.coldwellbanker.com/
InternetURL: C:\Users\Janet\Favorites\Conformity. What is it and why does it matter.url -> hxxp://askmerv.choice3realty.com/000795.html
InternetURL: C:\Users\Janet\Favorites\Contact Bell Residential Customer Service and Technical Support.url -> hxxp://support.bell.ca/Customer_service/Contact_us
InternetURL: C:\Users\Janet\Favorites\Crackle - Watch Free Movies Online – Full-Length Streaming Movies.url -> hxxp://www.crackle.com/c/movies
InternetURL: C:\Users\Janet\Favorites\CTV Toronto  Canadian television's online home for news about Toronto and the GTA.url -> hxxp://toronto.ctv.ca/
InternetURL: C:\Users\Janet\Favorites\Democratic Underground.url -> hxxp://www.democraticunderground.com/
InternetURL: C:\Users\Janet\Favorites\Do-It-Yourself Porch Swing.url -> hxxp://www.motherearthnews.com/Do-It-Yourself/2008-08-01/How-To-Build-A-Porch-Swing.aspx?page=3
InternetURL: C:\Users\Janet\Favorites\DSTS - Durham Student Transportation Services - Home Page.url -> hxxp://www.dsts.on.ca/
InternetURL: C:\Users\Janet\Favorites\Educational games Childtopia.url -> hxxp://childtopia.com/index.php?module=home&func=eldetective&idioma=eng
InternetURL: C:\Users\Janet\Favorites\Find a Location  Aveda.url -> hxxp://www.aveda.com/locator/index.tmpl
InternetURL: C:\Users\Janet\Favorites\Floor Heating Manuals  Nuheat.url -> hxxp://www.nuheat.com/customer-care/instructions-manuals/floor-heating/#thermostats
InternetURL: C:\Users\Janet\Favorites\Flooring Forum - DIY and Professional.url -> hxxp://www.flooringforum.com/forum/
InternetURL: C:\Users\Janet\Favorites\fluoxetine Drug Uses, Dosage & Side Effects - Drugs.com.url -> hxxp://www.drugs.com/fluoxetine.html
InternetURL: C:\Users\Janet\Favorites\Google.url -> https://www.google.ca/?gws_rd=ssl
InternetURL: C:\Users\Janet\Favorites\Greenbank P.S..url -> hxxp://greenbank.ddsbschools.ca/
InternetURL: C:\Users\Janet\Favorites\hanks appliance repair oshawa - Google Search.url -> https://www.google.ca/
InternetURL: C:\Users\Janet\Favorites\Hotmail - jandoesbooks@hotmail.com.url -> hxxp://co116w.col116.mail.live.com/default.aspx
InternetURL: C:\Users\Janet\Favorites\How to create REALTOR ®with the registered symbol® using window alt codes.url -> hxxp://activerain.com/blogsview/1284840/how-to-create-realtor-with-the-registered-symbol-using-window-alt-codes
InternetURL: C:\Users\Janet\Favorites\http--etatcivil.gouv.qc.ca-publications-FO-11-13%20Birth.pdf.url -> hxxp://etatcivil.gouv.qc.ca/publications/FO-11-13%20Birth.pdf
InternetURL: C:\Users\Janet\Favorites\http--viooz.com-.url -> hxxp://viooz.com/
InternetURL: C:\Users\Janet\Favorites\http--webmail.coldwellbanker.ca-WorldClient.dllSession=SKAMHPM&View=BlankMessageBody.url -> hxxp://webmail.coldwellbanker.ca/WorldClient.dll?Session=SKAMHPM&View=BlankMessage&External=Yes&Number=15008
InternetURL: C:\Users\Janet\Favorites\http--www.electriciantalk.com-f17-toronto-doctor-smacks-down-u-s-senate-question-canadian-waitlist-deaths-66915-index4-.url -> hxxp://www.electriciantalk.com/f17/toronto-doctor-smacks-down-u-s-senate-question-canadian-waitlist-deaths-66915/index4/
InternetURL: C:\Users\Janet\Favorites\Kyra Speaks Guest Post The Road I Traveled with Abraham Hicks.url -> hxxp://kyrasdiary.blogspot.ca/2011/08/guest-post-road-i-traveled-with-abraham.html
InternetURL: C:\Users\Janet\Favorites\Login • User Control Panel.url -> hxxp://www.psychforums.com/ucp.php?mode=login
InternetURL: C:\Users\Janet\Favorites\Music - YouTube.url -> hxxp://www.youtube.com/music
InternetURL: C:\Users\Janet\Favorites\My Account.url -> hxxp://208.74.208.242:8080/m4/opac/m4opac.dll?installation=Default&command=getSession&session=b901cb86-43b1-11e1-b130-c175d19837d1&style=ui
InternetURL: C:\Users\Janet\Favorites\Netflix.url -> hxxp://movies.netflix.com/WiHome?mqso=&lnktrk=EMP&g=E56BAB089C4CC5D15CFE32111265C4A50A227FB4&lkid=link2
InternetURL: C:\Users\Janet\Favorites\Now Playing on Sirius Satellite Radio - DogstarRadio.com.url -> hxxp://www.dogstarradio.com/now_playing.php
InternetURL: C:\Users\Janet\Favorites\Photos from Kim Macdonald's post in Newmarket Ontario Buy And sell.url -> https://www.facebook.com/photo.php?fbid=10153166701155702&set=gm.199261576914542&type=1&relevant count=1&rdr
InternetURL: C:\Users\Janet\Favorites\Project Free TV - Watch ‘A Fistful Of Dollars (1965)’ on Putlocker for free.url -> hxxp://www.free-tv-video-online.me/player/putlocker.php?id=TOJA32E0LZ44WG
InternetURL: C:\Users\Janet\Favorites\Q107 Classic Rock.url -> hxxp://www.q107.com/
InternetURL: C:\Users\Janet\Favorites\RBC Royal Bank - Sign In to Online Banking.url -> https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH
InternetURL: C:\Users\Janet\Favorites\Real Estate Forums - Realtors Marketing Tips, Talk, Webmasters Forum.url -> hxxp://www.agentsonline.net/forums/ubbthreads.php
InternetURL: C:\Users\Janet\Favorites\reco.remote-learner.net Navigating Your Online Learning.url -> https://continuingeducation.reco.on.ca/mod/scorm/view.php?id=77
InternetURL: C:\Users\Janet\Favorites\Reflex  Math fact fluency - Problem Solved!.url -> hxxp://www.reflexmath.com/
InternetURL: C:\Users\Janet\Favorites\Samsung Galaxy S2 Tips and Tricks.url -> hxxp://galaxy-s2.com/
InternetURL: C:\Users\Janet\Favorites\Schedule & Results (Port Perry Minor Hockey Association).url -> hxxp://portperryminorhockey.ca/Schedule/
InternetURL: C:\Users\Janet\Favorites\Scugog Memorial Public Library.url -> hxxp://www.scugoglibrary.ca/
InternetURL: C:\Users\Janet\Favorites\Search Results - DoItYourself.com Community Forums.url -> hxxp://www.doityourself.com/forum/search.php?searchid=1163672
InternetURL: C:\Users\Janet\Favorites\Swimming Canada.url -> https://www.swimming.ca/Rankings.aspx?page=athleteDetail&athleteId=4764103
InternetURL: C:\Users\Janet\Favorites\Swing Set A Frame Bracket - products and services from Eastern Jungle Gym.url -> hxxp://www.hotfrog.com/Companies/Eastern-Jungle-Gym/Swing-Set-A-Frame-Bracket-193655
InternetURL: C:\Users\Janet\Favorites\TD Online Banking Personal Internet Banking  TD Canada Trust.url -> hxxp://www.tdcanadatrust.com/products-services/banking/electronic-banking/easyweb.jsp
InternetURL: C:\Users\Janet\Favorites\Ten Arguments Gun Advocates Make, and Why They're Wrong.url -> hxxp://prospect.org/article/ten-arguments-gun-advocates-make-and-why-theyre-wrong
InternetURL: C:\Users\Janet\Favorites\The Association of Ontario Land Surveyors (AOLS).url -> hxxp://www.aols.org/single.asp?itemcode=AOLS-BYL-SRPR
InternetURL: C:\Users\Janet\Favorites\The Comedy Network – Watch Online, Daily Show, Colbert Report and Stand-Up Comedy.url -> hxxp://www.thecomedynetwork.ca/
InternetURL: C:\Users\Janet\Favorites\TheToolStore.ca  Hand Tools, Woodworking Tools, Garden Tools, Power Tools.url -> hxxp://www.thetoolstore.ca/
InternetURL: C:\Users\Janet\Favorites\Things You Need To Know.url -> hxxp://www.discoverychannel.ca/things/default.htm?clipid=510962
InternetURL: C:\Users\Janet\Favorites\Title Search Ontario & Land Titles  GeoWarehouse.url -> hxxp://www.geowarehouse.ca/marketing/index.php
InternetURL: C:\Users\Janet\Favorites\Weather.url -> hxxp://www.weatheroffice.gc.ca/saisons/tableau_e.html?product=fcstm0&type=pcpn&season=03
InternetURL: C:\Users\Janet\Favorites\Welcome to TUEBL!.url -> hxxp://tuebl.ca/
InternetURL: C:\Users\Janet\Favorites\Which method is best - DoItYourself.com Community Forums.url -> hxxp://www.doityourself.com/forum/general-chats-discussions/458873-method-best.html?amp;goto=newpost
InternetURL: C:\Users\Janet\Favorites\Why Are Addicts Emotionally Unavailable.url -> hxxp://ezinearticles.com/?Why-Are-Addicts-Emotionally-Unavailable?&id=6235381
InternetURL: C:\Users\Janet\Favorites\Why Canada's housing market didn't crash with America's - AGBeat.url -> hxxp://agbeat.com/economic-news/canadas-housing-market-didnt-crash-americas/
InternetURL: C:\Users\Janet\Favorites\YouTube to mp3 Converter.url -> hxxp://www.youtube-mp3.org/
InternetURL: C:\Users\Janet\Favorites\▶ Mark Knopfler - Brothers in arms [Berlin 2007] - YouTube.url -> https://www.youtube.com/watch?v=vBadAVsdixk
InternetURL: C:\Users\Janet\Favorites\Links\102.1 the Edge.url -> hxxp://www.edge.ca/
InternetURL: C:\Users\Janet\Favorites\Links\Facebook.url -> 0
InternetURL: C:\Users\Janet\Favorites\Links\Google.url -> https://www.google.ca/?gws_rd=ssl
InternetURL: C:\Users\Janet\Favorites\Links\Inbox (1) - janetgreen61@gmail.com - Gmail.url -> https://mail.google.com/mail/u/0/?shva=1
InternetURL: C:\Users\Janet\Favorites\Links\Info Centre.url -> hxxp://www.torontomls.net/Stratus/InfoCenter.asp?Tab=INFOCENTER
InternetURL: C:\Users\Janet\Favorites\Links\Login - StratusMLS.url -> hxxp://www.torontomls.net/Login.asp
InternetURL: C:\Users\Janet\Favorites\Links\SiriusXM - Channel Line up (3).url -> hxxp://player.siriusxm.ca/#view=channelsList&view=channelsList
InternetURL: C:\Users\Janet\Favorites\Links\WorldClient.url -> hxxp://webmail.coldwellbanker.ca/WorldClient.dll?View=Main#
InternetURL: C:\Users\Janet\Favorites\Links\YouTube home.url -> https://www.youtube.com/
InternetURL: C:\Users\Janet\Favorites\Links\YouTube.url -> hxxp://www.youtube.com/
InternetURL: C:\Users\Janet\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Activity Centre.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Amazon.ca – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_ca&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Janet\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Digital Photography.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_ca&bd=all&c=113
InternetURL: C:\Users\Janet\Favorites\HP\Everyday Printing & Computing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Janet\Favorites\HP\Home and Home Office.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hho&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_CA&bd=all&c=113
InternetURL: C:\Users\Janet\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\HP Plus.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_plus&pf=cnnb&locale=en_CA&bd=all&c=113
InternetURL: C:\Users\Janet\Favorites\HP\hpshopping.ca.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpshop&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Norton.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=symantec&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_ca
InternetURL: C:\Users\Janet\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_ca&bd=all&c=111
InternetURL: C:\Users\Janet\Desktop\Hallelujah By Kate Voegele Lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=Hallelujah+By+Kate+Voegele+Lyrics&docid=1531849277909&mid=59B7DDA1CB468F276B5759B7DDA1CB468F276B57&FORM=VIRE7#
InternetURL: C:\Users\Janet\Desktop\How To Beat Traffic Camera Tickets.url -> hxxp://ebiz4u.hubpages.com/hub/How-To-Beat-Traffic-Camera-Tickets
InternetURL: C:\Users\Janet\Desktop\HP Printer Diagnostic Tools.url -> hxxp://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e016-1&h_keyword=dg-THD&jumpid=ex_r4155/hho/ipg/ccdoc/trailhead_doc
InternetURL: C:\Users\Janet\Desktop\NINE INCH NAILS - CLOSER - YouTube.url -> hxxp://www.youtube.com/watch?v=ccY25Cb3im0
InternetURL: C:\Users\Janet\Desktop\Smilie List - DodgeForum.com.url -> hxxp://dodgeforum.com/forum/misc.php?do=getsmilies&editorid=vB_Editor_001
InternetURL: C:\Users\Janet\Desktop\Smilie List - HVAC-Talk Heating, Air & Refrigeration Discussion (6).url -> hxxp://hvac-talk.com/vbb/misc.php?do=getsmilies&editorid=vB_Editor_001
InternetURL: C:\Users\Janet\Desktop\watch-v=-IAMEH727pE.url -> hxxp://www.youtube.com/watch?v=-IAMEH727pE
InternetURL: C:\Users\Janet\Desktop\Why Canadian health care is better  Health  Get Healthy  Best Health (2) - Copy.url -> hxxp://www.besthealthmag.ca/get-healthy/health/why-canadian-healthcare-is-better
InternetURL: C:\Users\Janet\Desktop\Why Canadian health care is better  Health  Get Healthy  Best Health (2).url -> hxxp://www.besthealthmag.ca/get-healthy/health/why-canadian-healthcare-is-better
InternetURL: C:\Users\Janet\Desktop\Why Canadian health care is better  Health  Get Healthy  Best Health.url -> hxxp://www.besthealthmag.ca/get-healthy/health/why-canadian-healthcare-is-better
InternetURL: C:\Users\Janet\Desktop\WorldClient.dllSession=NAYUMSX&View=BlankMessageBody.url -> hxxp://webmail.coldwellbanker.ca/WorldClient.dll?Session=NAYUMSX&View=BlankMessageBody
InternetURL: C:\Users\Janet\Desktop\janet\#.url -> hxxp://www.bing.com/videos/search?q=arcade+fire+the+suburbs&docid=1437321461874&mid=68E2A7F46892755201AD68E2A7F46892755201AD&FORM=VIRE3#
InternetURL: C:\Users\Janet\Desktop\janet\arcade fire videos ready to stsart - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=arcade+fire+videos+ready++to+stsart&docid=1502726915002&mid=91DA677D8297883BC18E91DA677D8297883BC18E&FORM=LKVR16#
InternetURL: C:\Users\Janet\Desktop\janet\gotye somebody that i used to know - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=gotye+somebody+that+i+used+to+know&docid=1576010974404&mid=FA7000EBB5DF99E47AD2FA7000EBB5DF99E47AD2&FORM=VIRE3#
InternetURL: C:\Users\Janet\Desktop\janet\hallelujah lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=hallelujah+lyrics&docid=1442245903442&mid=903EB9846FC53FA45B9F903EB9846FC53FA45B9F&FORM=LKVR6#
InternetURL: C:\Users\Janet\Desktop\janet\linkin park waiting for the end lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=linkin+park+waiting+for+the+end+lyrics&docid=1577515746323&mid=7F515DF0D848C0FE41167F515DF0D848C0FE4116&FORM=VIRE6#
InternetURL: C:\Users\Janet\Desktop\janet\mad world lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=mad+world+lyrics&docid=1551293875642&mid=A5F546182B8F78278C12A5F546182B8F78278C12&FORM=VIRE2#
InternetURL: C:\Users\Janet\Desktop\janet\Metallica - The Unforgiven (Video) - YouTube.url -> hxxp://www.youtube.com/watch?v=mYUMPKFYd6g
InternetURL: C:\Users\Janet\Desktop\janet\metallica unforgiven lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=metallica+unforgiven+lyrics&docid=1449697017924&mid=EDF595F6393FA681C895EDF595F6393FA681C895&FORM=VIRE1#
InternetURL: C:\Users\Janet\Desktop\janet\neverending white lights the grace lyrics - Bing Videos.url -> hxxp://www.bing.com/videos/search?q=neverending+white+lights+the+grace+lyrics&docid=1577538028903&mid=593D3C21DAA852D4D1F4593D3C21DAA852D4D1F4&FORM=VIRE1#

==================== End of log =============================



#7 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 December 2014 - 11:00 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Janet at 2014-12-19 22:50:08
Running from C:\Users\Janet\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1500}) (Version: 12.21.0.128 - APN, LLC) <==== ATTENTION
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{96BB7EC1-BE6E-1616-3E92-086D617A9D49}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diasend Uploader version 1.5.0 (HKLM\...\{59A10021-5C7B-4C63-BB15-FAA9C04F8B26}_is1) (Version: 1.5.0 - Diasend)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-208306326-3480301371-978305285-1001\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4535.1004 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-208306326-3480301371-978305285-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Fantasy Wedding (HKLM-x32\...\{C3AC8DD1-A754-46D6-A777-6155D627D196}) (Version: 1.00.000 - )
MyFreeCodec (HKU\S-1-5-21-208306326-3480301371-978305285-1001\...\MyFreeCodec) (Version:  - )
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidywebIE (HKLM-x32\...\Rapidyweb) (Version: 1.0 - Rapidyweb LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scooby-Doo™, Showdown in Ghost Town™ (HKLM-x32\...\Scooby-Doo™, Showdown in Ghost Town™) (Version:  - )
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.0.260 - Client Connect LTD) <==== ATTENTION
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SoundTouch (HKLM-x32\...\{DEBF0781-5BCF-4A1F-954A-797820668C14}) (Version: 5.0.21.6712 - BOSE)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
StormWatch (HKU\S-1-5-21-208306326-3480301371-978305285-1001\...\StormWatch) (Version: 1.0.1.10 - StormWatch) <==== ATTENTION!
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.17.0 - Synaptics Incorporated)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
TurboTax 2010 (HKLM-x32\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2011 (HKLM-x32\...\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2012 (HKLM-x32\...\{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}) (Version: 1.00.0000 - Intuit Canada)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.16 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vosteran (HKU\S-1-5-21-208306326-3480301371-978305285-1001\...\Vosteran) (Version: 31.0.1650.23 - Vosteran) <==== ATTENTION!
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - DexCom, Inc. (usbser) Ports  (05/24/2010 1.0.0.2) (HKLM\...\34C19A05C447FC9BDD48174F6232DC357FBB62D1) (Version: 05/24/2010 1.0.0.2 - DexCom, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WiseConvert B2 Toolbar for IE (HKLM-x32\...\IECT3297951) (Version: 6.16.1.9 - WiseConvert B2)
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-208306326-3480301371-978305285-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Janet\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-11-2014 06:23:46 Windows Update
28-11-2014 16:22:56 Removed GeekBuddy.
28-11-2014 16:49:30 Removed PCKeeper
28-11-2014 16:50:57 Removed KromtechAccountService
02-12-2014 04:58:34 Windows Update
05-12-2014 06:16:15 Windows Update
09-12-2014 04:54:38 Windows Update
11-12-2014 05:38:33 Windows Update
12-12-2014 06:16:39 Windows Modules Installer
14-12-2014 16:50:06 Restore Operation
14-12-2014 17:17:51 Windows Update
15-12-2014 08:57:58 Windows Update
17-12-2014 07:34:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-09-15 21:02 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07AA29ED-062C-421B-BAA4-DA8F7A366064} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0ABFF41E-2925-47CB-A4F7-F5E51F643CA7} - System32\Tasks\{EDC081AA-7F0D-47A3-93E5-F83467D641D1} => pcalua.exe -a E:\setup.exe -d E:\
Task: {1EB00C4E-CBCD-4E8F-911F-583D2F9B8BDE} - System32\Tasks\PennyBee => C:\Users\Janet\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4F3985F1-1D9D-4012-9DD4-D2F5976AB38A} - System32\Tasks\HPCeeScheduleForJanet => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5345CEB4-C89F-436F-A822-C9F41F648F6A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {53E7F544-FF83-4617-ACFF-981C5EBD6B60} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-26] () <==== ATTENTION
Task: {556DAEDD-3FEA-48E0-BC78-AEC7E987490F} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbaeloader64.exe
Task: {7E9FFA81-5206-4687-80EB-F965EF3D8A96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {89CE2C03-0F77-4EE4-8D5D-E9386618577C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {90467FA8-B3C8-4050-A256-3F981303A001} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {9DDD5161-8A0C-410C-B746-EE6E1C8B2639} - System32\Tasks\task916276115 => C:\Users\Janet\AppData\Local\Temp\0.5130772982210349.exe <==== ATTENTION
Task: {A0E84CD6-DD52-4512-B336-CA2E86FF47D1} - System32\Tasks\{F356734F-1C4E-4F30-8B06-81C410C1CC3B} => pcalua.exe -a "C:\Users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOG17IE9\JRT.exe" -d C:\Users\Janet\Desktop
Task: {B280E4C5-7E05-4173-9FFF-AF02E85C199F} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {B2BA4E4C-9B83-4A3C-A208-FE75F8824951} - System32\Tasks\{F136E5A5-D9B2-4A90-8930-315D2C558A78} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {B98CD133-7CE7-4C0E-AB5E-827B8E9297BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BAFE2347-8B20-418D-86C4-FE4F308F8CD5} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {BC82A815-7286-4EC8-B9C2-E5A7A22745F2} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {C2E597CF-9340-44AE-9EF4-38414687770B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D016BA0C-EB7F-44E9-A99E-E48552C4B12A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E5115E73-A495-46A7-B907-CCF0FD1EF6CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)
Task: {F7F79BA8-7448-458C-A9C1-A4B08A3816CF} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-07-21] (Microsoft Corporation)
Task: {F97684CE-F246-4A29-B29F-E07FE2ED863C} - System32\Tasks\WSE_Vosteran => C:\Users\Janet\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FEA5635B-866F-4F40-BE26-6CBFDD15F700} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJanet.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Janet\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Janet\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.website:TASKICON_0854F4951FCBF6C450892031DA153B1-70053745
AlternateDataStreams: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.website:TASKICON_1outlook2013-icon-697347562
AlternateDataStreams: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.website:TASKICON_205E58767C9F2FB88CFF6A5D3407A1006319237
AlternateDataStreams: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.website:TASKICON_32CDA38BB2669D6F4A863DB67C70B4946479134
AlternateDataStreams: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.website:TASKICON_4D8C6753865BD4AE175ABF4FF51D974-861132367

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-208306326-3480301371-978305285-500 - Administrator - Disabled)
Guest (S-1-5-21-208306326-3480301371-978305285-501 - Limited - Disabled)
Janet (S-1-5-21-208306326-3480301371-978305285-1001 - Administrator - Enabled) => C:\Users\Janet

==================== Faulty Device Manager Devices =============

Name: ccnfd_1_10_0_2
Description: ccnfd_1_10_0_2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccnfd_1_10_0_2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 11:06:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Janet\Desktop\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

Error: (12/17/2014 11:06:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Janet\Desktop\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

Error: (12/16/2014 03:37:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/15/2014 09:12:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/15/2014 07:36:17 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (12/15/2014 07:36:02 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (12/14/2014 05:17:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: Janet-HP)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/14/2014 04:48:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.11.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1024

Start Time: 01d017e775536aa2

Termination Time: 18

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (12/13/2014 03:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CltMngSvc.exe, version: 2.19.0.260, time stamp: 0x547753a2
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0xaa0
Faulting application start time: 0xCltMngSvc.exe0
Faulting application path: CltMngSvc.exe1
Faulting module path: CltMngSvc.exe2
Report Id: CltMngSvc.exe3

Error: (12/13/2014 09:13:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5390

Start Time: 01d0167397a88605

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (12/19/2014 10:49:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:49:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:49:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2014 10:45:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-08 17:27:31.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 17:27:31.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 17:27:31.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 17:27:31.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 17:27:31.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 17:27:31.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 00:11:01.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 00:11:01.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 00:11:01.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 00:11:01.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon™ HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 5610.91 MB
Available physical RAM: 4584.29 MB
Total Pagefile: 11219.99 MB
Available Pagefile: 10250.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:580.33 GB) (Free:489.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A626DF5C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=580.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 20 December 2014 - 01:33 AM

You did not post the FRST.txt log. Please, post the log for my perusal. :)


 
  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Ask Toolbar
    • Search Protect
    • StormWatch
    • Vosteran
    • WiseConvert B2 Toolbar for IE
    • WSE_Vosteran
    • Yahoo! Detect
 
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Closeprocesses:
      Task: {1EB00C4E-CBCD-4E8F-911F-583D2F9B8BDE} - System32\Tasks\PennyBee => C:\Users\Janet\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
      C:\Users\Janet\AppData\Roaming\PennyBee\
      Task: {53E7F544-FF83-4617-ACFF-981C5EBD6B60} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-26] () <==== ATTENTION
      C:\Program Files (x86)\Search Extensions
      Task: {9DDD5161-8A0C-410C-B746-EE6E1C8B2639} - System32\Tasks\task916276115 => C:\Users\Janet\AppData\Local\Temp\0.5130772982210349.exe <==== ATTENTION
      Task: {A0E84CD6-DD52-4512-B336-CA2E86FF47D1} - System32\Tasks\{F356734F-1C4E-4F30-8B06-81C410C1CC3B} => pcalua.exe -a "C:\Users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOG17IE9\JRT.exe" -d C:\Users\Janet\Desktop
      Task: {B280E4C5-7E05-4173-9FFF-AF02E85C199F} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
      C:\Users\Janet\AppData\Local\Temp\0.5130772982210349.exe
      Task: {BC82A815-7286-4EC8-B9C2-E5A7A22745F2} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
      Task: {C2E597CF-9340-44AE-9EF4-38414687770B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
      C:\Program Files (x86)\MyPC Backup\
      Task: {F97684CE-F246-4A29-B29F-E07FE2ED863C} - System32\Tasks\WSE_Vosteran => C:\Users\Janet\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
      C:\Users\Janet\AppData\Roaming\WSE_VO~1\
      Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Janet\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
      Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Janet\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 December 2014 - 06:46 AM

Thank-you!

 

Oh boy...more trouble. Now when I start the computer ...safe mode with networking ... isn't even available anymore.

 

The only two choices are windows ( which doesn't work at all) and ...launch windows start up repair...

 

which states it will take the computer back to a restore point and once you start it cant be undone

 

I will wait for your instructions before proceeding..

Thx



#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 20 December 2014 - 10:15 AM

Did the symptom occur after the application of my fix or before? Do you have your Windows installation disk?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 December 2014 - 10:31 AM

This latest development came this morning after your fix,,,,but before I was directed here, I could only access internet in safemode with networking.

 

I do not have the windows cd



#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 20 December 2014 - 11:02 AM

Do you have access to a clean PC with internet and at least 1GB usb flash drive?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 December 2014 - 11:08 AM

The young one is getting out her windows 8 ( navigation may be a bit if a joke for me) and sorry to be an idiot but Im not sure about the flash drive



#14 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,565 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:06 AM

Posted 20 December 2014 - 11:21 AM

Don't worry, I will try to explain everything. Flash-drive is also sometimes referred as pen-drive. There are some pictures here.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#15 notcreeper

notcreeper
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 December 2014 - 11:27 AM

duh...

ya..I just bought a couple to save my pictures...but do you think I can find them anywhere...the little darlings have made off with them...I will go to the store and post back when I have one...thanks so much






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users