Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When Starting Windows 7 Normally, explorer.exe Does Not Start


  • This topic is locked This topic is locked
5 replies to this topic

#1 barkums

barkums

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 28 April 2015 - 10:05 AM

I've been working on my wife's work PC for a few days now and when starting Windows normally, it just loads to a black screen with the cursor.  I can access the Task Manager by pressing Ctrl-Alt-Del and running programs from there, but if I try to launch explorer.exe, I get an error message with the code of 0xc0000022, Access is Denied.  

 

There was a lot of Malware on the PC as well as a couple of Trojans which I cleaned using MalwareBytes Anti-Malware.  I have also run cCleaner to clean up the registry.  I am able to boot into Safe Mode just fine.  I have set the permissions for explorer.exe for Full Control for all users.  Additionally, when I boot Windows normally and I run the Task Manager, I can get explorer.exe to run if I choose Run as Administrator.  I have checked the registry (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon) and made sure that the shell is set to explorer.exe.

 

After hours of searching online for fixes, nothing has helped.  I ran a System File Checker scan; the first time, I fixed files, but the other after found no issues.  I cannot do a system restore because the only restore point is the point where all the malware and trojans are there.  I've run a clean boot through msconfig but to no avail.

 

I have run Farbar and have the logs to post, if need be.

 

Any help would be VERY much appreciated.


Edited by barkums, 28 April 2015 - 10:05 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:50 AM

Posted 01 May 2015 - 01:02 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please post the FRST scan results. This will help us diagnose your problem.
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:50 AM

Posted 04 May 2015 - 12:02 PM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 barkums

barkums
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 04 May 2015 - 05:40 PM

Hello.  My apologies on being tardy.  Here are the FRST, Addition and Shortcuts log files:

 

FRST.txt

-------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2015
Ran by PFC (administrator) on FRONTDESK2 on 26-04-2015 15:54:55
Running from C:\Users\PFC\Downloads
Loaded Profiles: PFC (Available profiles: PFC)
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7866912 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [DLSService] => C:\Program Files\DYMO\DYMO Label Software\DLSService.exe [55808 2010-04-30] (Sanford, L.P.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [46448 2013-01-09] ()
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\rssnotify: C:\Windows\system32\rssnotify.dll [2012-10-18] ()
Winlogon\Notify\uvncnotify: uvncnotify.dll [X]
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\Run: [DymoQuickPrint] => C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885512 2010-04-30] (Sanford, L.P.)
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoteScan Server.lnk [2014-03-17]
ShortcutTarget: RemoteScan Server.lnk -> C:\Program Files\RemoteScan Server\RemoteScanServer.exe (Dell Inc)
Startup: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-03-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F4Nzamodk010924,cea0464c-65e0-4d0a-9a18-ae8a3762fdb5,
SearchScopes: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F4Nzamodk010924,cea0464c-65e0-4d0a-9a18-ae8a3762fdb5,
SearchScopes: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000 -> {B8AE15B8-1E13-4B99-8B42-C8231228A1AF} URL = http://www-searching.com/search.aspx?s=amodk010924_0_0_0_0,cea0464c-65e0-4d0a-9a18-ae8a3762fdb5,&site=set&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-11] (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-11] (Sun Microsystems, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\PFC\AppData\Roaming\Mozilla\Firefox\Profiles\exo6sdgf.default
FF Homepage: hxxp://my.yahoo.com/?_bc=1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\system32\npdeployJava1.dll [2012-10-11] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-10-11] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\PFC\AppData\Roaming\Mozilla\Firefox\Profiles\exo6sdgf.default\user.js [2015-04-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-12-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\PFC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2011-01-19] (Cisco WebEx LLC)
FF Extension: Strata40 - C:\Users\PFC\AppData\Roaming\Mozilla\Firefox\Profiles\exo6sdgf.default\Extensions\Strata40@SpewBoy.au [2011-06-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\PFC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\PFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\PFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\PFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Allscripts Deployment Client Updater Service; C:\Program Files\Allscripts\Deployment\ClientUpdater.exe [243200 2012-04-10] (Allscripts) [File not signed]
S2 BrsHelper; C:\Program Files\YTDownloader--\BrowserHelperSrv.exe [112560 2015-04-22] ()
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-10] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 RssDSService; C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe [227720 2012-10-18] () [File not signed]
S3 RssUVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe [1408176 2012-10-18] (UltraVNC) [File not signed]
S3 RssVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe [424280 2012-10-18] (RealVNC Ltd.)
S2 slinksc; C:\Program Files\SecureLink\bin\Wrapper.exe [180224 2006-10-05] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 67b32930; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.84\OptProMon.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S2 sbmntr; C:\Program Files\YTDownloader--\sbmntr.sys [49816 2015-04-22] (YTDownloader)
S3 catchme; \??\C:\Users\PFC\AppData\Local\Temp\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ctxusbm.sys CB6FF7012BB5D59D7C12350DB795CE1F
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1k6232.sys 3D042B4C6FDDE698A3D6BD0B6191C92F
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys 4732E596BB1C50D9F9188C5074EE7782
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D5EDB998656E6ECF1A17C78DAB019A3C
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 40F8A0F85BCE94F766808AEEE8F96FA8
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1
C:\Windows\System32\drivers\RTKVHDA.sys 3C9870EFAD1D02B66C80A31A3F788C60
C:\Windows\System32\DRIVERS\IntcDAud.sys BF31740828A26AB451803E3B35432651
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5AD
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
C:\Windows\system32\drivers\mwac.sys 312CD3307F600E7CD340B79B3DCB3A01
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 7D2484C4995A3DB47345EFED2A0B579E
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys 380597027B1488D3DDDB1AF4A4AF5F69
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mvusbews.sys 1889385F1825C0782C5C179A0518D490
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 94B8279FC0E27A8253944DFA47FC4A83
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys A8F59428E9F361C7AC42A94AC1560BC9
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648
C:\Program Files\YTDownloader--\sbmntr.sys 82457997BC6DE47584D4448D7E383DF0
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys A0708BBD07D245C06FF9DE549CA47185
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\System32\DRIVERS\tcpip.sys BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 59F06B4968E58BC83DFC56CA4517960E
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 15:48 - 2015-04-26 15:54 - 00000709 _____ () C:\Users\PFC\Downloads\Search.txt
2015-04-26 15:40 - 2015-04-26 15:41 - 00022984 _____ () C:\Users\PFC\Downloads\Addition.txt
2015-04-26 15:38 - 2015-04-26 15:55 - 00030963 _____ () C:\Users\PFC\Downloads\FRST.txt
2015-04-26 15:38 - 2015-04-26 15:54 - 00000000 ____D () C:\FRST
2015-04-26 15:38 - 2015-04-26 15:38 - 01140736 _____ (Farbar) C:\Users\PFC\Downloads\FRST.exe
2015-04-26 15:31 - 2015-04-26 15:31 - 00022780 _____ () C:\Users\PFC\Downloads\cc_20150426_153113.reg
2015-04-26 15:19 - 2015-04-26 15:19 - 00000430 _____ () C:\Users\PFC\Downloads\sfc_fix.txt
2015-04-26 15:14 - 2015-04-26 15:14 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Optimizer Pro
2015-04-26 15:01 - 2015-04-26 15:35 - 00002696 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 15:01 - 2015-04-26 15:21 - 00000112 _____ () C:\Windows\setupact.log
2015-04-26 15:01 - 2015-04-26 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 15:00 - 2015-04-26 15:00 - 00001000 _____ () C:\Windows\PFRO.log
2015-04-26 15:00 - 2015-04-26 15:00 - 00000000 ____D () C:\Windows\pss
2015-04-26 14:55 - 2015-04-26 14:55 - 00000000 __RSH () C:\MSDOS.SYS
2015-04-26 14:55 - 2015-04-26 14:55 - 00000000 __RSH () C:\IO.SYS
2015-04-26 14:49 - 2015-04-26 14:49 - 00002206 _____ () C:\Users\PFC\Documents\cc_20150426_144903.reg
2015-04-26 14:48 - 2015-04-26 14:48 - 00112252 _____ () C:\Users\PFC\Documents\cc_20150426_144836.reg
2015-04-26 14:48 - 2015-04-26 14:48 - 00009712 _____ () C:\Users\PFC\Documents\cc_20150426_144851.reg
2015-04-26 14:44 - 2015-04-26 14:46 - 00000000 ____D () C:\ecc files
2015-04-26 13:05 - 2015-04-26 13:05 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-26 13:05 - 2015-04-26 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-26 13:05 - 2015-04-26 13:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-26 13:03 - 2015-04-26 15:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-04-26 13:03 - 2015-04-26 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 13:03 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 13:03 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 13:00 - 2015-04-26 13:00 - 06484352 _____ (Piriform Ltd) C:\Users\PFC\Downloads\ccsetup505.exe
2015-04-24 17:26 - 2015-04-26 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-04-24 17:26 - 2015-04-26 12:52 - 00000000 ____D () C:\Program Files\ShadowExplorer
2015-04-24 16:35 - 2015-04-24 16:35 - 00003288 ____N () C:\bootsqm.dat
2015-04-24 14:46 - 2015-04-24 14:46 - 00000000 ____D () C:\ProgramData\312f263600004049
2015-04-24 13:53 - 2015-04-26 13:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-24 08:51 - 2015-04-26 12:51 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Local Store
2015-04-23 20:53 - 2015-04-24 08:51 - 00354300 _____ () C:\Users\PFC\AppData\Roaming\log.html
2015-04-23 20:53 - 2015-04-24 08:51 - 00000752 _____ () C:\Users\PFC\AppData\Roaming\key.dat
2015-04-23 20:53 - 2015-04-24 08:46 - 00000512 _____ () C:\Users\PFC\Documents\RECOVERY_KEY.TXT
2015-04-23 20:53 - 2015-04-23 20:53 - 00413696 _____ () C:\Users\PFC\AppData\Roaming\ssdpyiq.exe
2015-04-23 20:47 - 2015-04-23 20:47 - 00000000 __SHD () C:\Windows\system32\%USERPROFILE%
2015-04-23 20:47 - 2015-04-23 20:47 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2015-04-23 20:44 - 2015-04-26 14:33 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-04-23 14:39 - 2015-04-24 08:50 - 00000196 ____H () C:\Users\PFC\Documents\~$ite, Jack dx letter.docx.ecc
2015-04-23 11:47 - 2015-04-23 11:47 - 00000000 ____D () C:\Program Files\predm
2015-04-23 11:41 - 2015-04-24 17:03 - 00000000 ____D () C:\Users\PFC\Documents\Optimizer Pro
2015-04-23 11:40 - 2015-04-26 12:52 - 00000000 ____D () C:\ProgramData\NetEngine
2015-04-23 11:36 - 2015-04-26 14:41 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Skype
2015-04-23 11:36 - 2015-04-26 14:41 - 00000000 ____D () C:\Users\PFC\AppData\Local\Skype
2015-04-23 11:36 - 2015-04-26 12:50 - 00000000 ____D () C:\ProgramData\Skype
2015-04-23 11:35 - 2015-04-26 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-23 11:35 - 2015-04-26 12:53 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.84--
2015-04-23 11:35 - 2015-04-26 12:52 - 00000000 ____D () C:\ProgramData\hIKBDT
2015-04-23 11:35 - 2015-04-26 12:52 - 00000000 ____D () C:\ProgramData\BreakingNewsAlert
2015-04-23 11:35 - 2015-04-26 12:52 - 00000000 ____D () C:\ProgramData\{316d3a19-dfc9-7efe-316d-d3a19dfce867}
2015-04-23 11:28 - 2015-04-24 17:03 - 00000000 ____D () C:\ProgramData\22cef6d5000049e3
2015-04-23 11:17 - 2015-04-26 12:52 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-04-23 11:17 - 2015-04-26 12:52 - 00000000 ____D () C:\Program Files\YTDownloader--
2015-04-23 11:17 - 2015-04-23 11:17 - 00000000 ____D () C:\ProgramData\{498bac9d-5d0c-464b-498b-bac9d5d0b275}
2015-04-23 11:16 - 2015-04-23 11:16 - 00000000 ____D () C:\Users\PFC\AppData\Local\CrashRpt
2015-04-23 11:14 - 2015-04-23 11:14 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\9C4D4C28-1429802065-11DF-BBDA-8577D5C4D8D3
2015-04-23 11:14 - 2015-04-23 11:14 - 00000000 ____D () C:\Program Files\MyPCBU
2015-04-23 11:12 - 2015-04-26 12:52 - 00000000 ____D () C:\Users\PFC\AppData\Local\SafeGuard
2015-04-23 11:11 - 2015-04-24 08:49 - 00057428 _____ () C:\Users\PFC\Documents\insulin chart.png.ecc
2015-04-23 11:09 - 2015-04-23 11:09 - 00000000 ____D () C:\Program Files\MSS
2015-04-23 11:08 - 2015-04-23 11:08 - 00000000 ____D () C:\Program Files\SDU
2015-04-23 11:07 - 2015-04-23 11:07 - 00001211 _____ () C:\Users\PFC\Desktop\Continue installation .lnk
2015-04-23 03:01 - 2015-04-23 03:01 - 00000000 ____D () C:\Windows\system32\SPReview
2015-04-22 14:16 - 2015-04-24 08:50 - 00411684 _____ () C:\Users\PFC\Downloads\JMB DOCS original.pdf.ecc
2015-04-22 12:47 - 2015-04-24 08:50 - 00026964 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (10).docx.ecc
2015-04-22 12:33 - 2015-04-24 08:49 - 00049236 _____ () C:\Users\PFC\Documents\JMB4.pdf.ecc
2015-04-22 12:32 - 2015-04-24 08:49 - 00206228 _____ () C:\Users\PFC\Documents\JMB1.pdf.ecc
2015-04-22 12:32 - 2015-04-24 08:49 - 00115972 _____ () C:\Users\PFC\Documents\JMB2.pdf.ecc
2015-04-22 12:32 - 2015-04-24 08:49 - 00037956 _____ () C:\Users\PFC\Documents\JMB3.pdf.ecc
2015-04-22 12:08 - 2015-04-24 08:50 - 00411684 _____ () C:\Users\PFC\Downloads\JMB DOCS.pdf.ecc
2015-04-20 17:16 - 2015-04-24 08:50 - 00026964 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (9).docx.ecc
2015-04-16 16:10 - 2015-04-24 08:50 - 00012676 _____ () C:\Users\PFC\Downloads\Medical_Clearance_Form_-_Jan_2014.pdf.ecc
2015-04-14 17:40 - 2015-03-22 21:36 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 17:40 - 2015-03-22 21:36 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 17:40 - 2015-03-22 21:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 17:40 - 2015-03-22 21:36 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 17:40 - 2015-03-22 21:35 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 17:40 - 2015-03-22 21:35 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 17:40 - 2015-03-22 21:30 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-13 11:12 - 2015-04-24 08:50 - 00027220 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (8).docx.ecc
2015-04-07 16:41 - 2015-04-24 08:51 - 00135876 _____ () C:\Users\PFC\Downloads\Visit Summary Report Preview.pdf.ecc
2015-04-07 16:41 - 2015-04-24 08:50 - 00165540 _____ () C:\Users\PFC\Downloads\Patient Gateway.pdf.ecc
2015-04-07 10:12 - 2015-04-24 08:50 - 00034340 _____ () C:\Users\PFC\Documents\Schedule 8a-3p.xls.ecc
2015-04-07 10:03 - 2015-04-24 08:51 - 00026660 _____ () C:\Users\PFC\Downloads\weekly-calendar-template.xls.ecc
2015-04-07 10:00 - 2015-04-24 08:50 - 00036692 _____ () C:\Users\PFC\Downloads\May-2015-Calendar (1).docx.ecc
2015-04-07 09:58 - 2015-04-24 08:50 - 00036852 _____ () C:\Users\PFC\Downloads\August-2015-Calendar.docx.ecc
2015-04-07 09:58 - 2015-04-24 08:50 - 00036692 _____ () C:\Users\PFC\Downloads\May-2015-Calendar.docx.ecc
2015-04-07 09:58 - 2015-04-24 08:50 - 00036020 _____ () C:\Users\PFC\Downloads\July-2015-Calendar.docx.ecc
2015-04-07 09:58 - 2015-04-24 08:50 - 00035508 _____ () C:\Users\PFC\Downloads\June-2015-Calendar.docx.ecc
2015-04-07 09:57 - 2015-04-24 08:50 - 00035812 _____ () C:\Users\PFC\Downloads\April-2015-Calendar.docx.ecc
2015-04-07 09:36 - 2015-04-24 08:50 - 00106100 _____ () C:\Users\PFC\Downloads\4-2015-Letter.doc.ecc
2015-03-31 15:50 - 2015-04-24 08:50 - 02622516 _____ () C:\Users\PFC\Downloads\Nursys_LQC_Report_2015_03_31.pdf.ecc
2015-03-30 13:50 - 2015-04-24 08:50 - 00159860 _____ () C:\Users\PFC\Downloads\Carpenter.pdf.ecc
2015-03-30 11:46 - 2015-04-24 08:50 - 00029108 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (7).docx.ecc
2015-03-25 13:30 - 2015-04-24 08:50 - 00013828 _____ () C:\Users\PFC\Documents\Wentworth, P coast guard.docx.ecc
2015-03-23 14:27 - 2015-04-24 08:50 - 00026116 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (6).docx.ecc
2015-03-19 11:44 - 2015-04-24 08:49 - 00013636 _____ () C:\Users\PFC\Documents\Lang, M DOT.docx.ecc
2015-03-16 15:39 - 2015-04-24 08:50 - 00046596 _____ () C:\Users\PFC\Documents\RESUME (3).rtf.ecc
2015-03-16 12:51 - 2015-04-24 08:50 - 00046612 _____ () C:\Users\PFC\Downloads\RESUME (3).rtf.ecc
2015-03-16 12:50 - 2015-04-24 08:50 - 00046612 _____ () C:\Users\PFC\Downloads\RESUME (2).rtf.ecc
2015-03-16 12:09 - 2015-04-24 08:50 - 00025972 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (5).docx.ecc
2015-03-16 09:53 - 2015-04-24 08:50 - 00027716 _____ () C:\Users\PFC\Downloads\leaves.jpg.ecc
2015-03-11 11:53 - 2015-04-24 08:50 - 00025380 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (4).docx.ecc
2015-03-10 11:37 - 2015-04-24 08:50 - 00025076 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (3).docx.ecc
2015-03-10 11:35 - 2015-04-24 08:50 - 00025076 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (2).docx.ecc
2015-03-09 15:41 - 2015-04-24 08:50 - 00127652 _____ () C:\Users\PFC\Downloads\20150309104458.pdf.ecc
2015-03-03 10:00 - 2015-04-24 08:50 - 00026756 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2.docx.ecc
2015-03-03 10:00 - 2015-04-24 08:50 - 00026756 _____ () C:\Users\PFC\Downloads\2 sided homework sheet '13 2 (1).docx.ecc
2015-02-26 16:17 - 2015-04-24 08:50 - 00015892 _____ () C:\Users\PFC\Documents\Shugrue, E school letter.docx.ecc
2015-02-23 17:26 - 2015-04-24 08:50 - 00013572 _____ () C:\Users\PFC\Documents\Pantelis, T travel letter.docx.ecc
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-16 15:33 - 2015-04-24 08:49 - 00013780 _____ () C:\Users\PFC\Documents\Dicks, Peter travel letter.docx.ecc
2015-02-11 08:26 - 2015-01-27 19:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-05 18:24 - 2015-04-24 08:49 - 00018068 _____ () C:\Users\PFC\Documents\HH.docx.ecc
2015-01-26 16:51 - 2015-04-24 08:50 - 00044340 _____ () C:\Users\PFC\Documents\NHIP WB2486.docx.ecc
2015-01-26 13:10 - 2015-04-24 08:49 - 00014340 _____ () C:\Users\PFC\Documents\Fetterhoff, C lift letter.docx.ecc
2015-01-26 12:25 - 2015-01-26 12:25 - 00001171 _____ () C:\Users\PFC\Desktop\DYMO LabelWriter 450 Turbo - Shortcut.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 15:28 - 2009-07-25 08:54 - 00006386 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 15:23 - 2009-07-14 00:34 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 15:23 - 2009-07-14 00:34 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 15:21 - 2012-08-09 11:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 15:21 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 15:17 - 2009-07-13 19:45 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-04-26 15:15 - 2012-08-09 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 15:07 - 2012-08-09 11:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 14:50 - 2011-06-21 12:37 - 00000000 ____D () C:\Windows\Minidump
2015-04-26 14:41 - 2013-09-24 21:23 - 00000000 __SHD () C:\found.002
2015-04-26 14:41 - 2012-10-12 09:59 - 00000000 ____D () C:\LJP1100_P1560_P1600_Full_Solution
2015-04-26 14:41 - 2012-10-11 13:30 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\SUPERAntiSpyware.com
2015-04-26 14:41 - 2012-09-13 12:55 - 00000000 ____D () C:\Users\PFC\AppData\Local\Apple Computer
2015-04-26 14:41 - 2012-08-09 11:40 - 00000000 ____D () C:\Users\PFC\AppData\Local\Google
2015-04-26 14:41 - 2012-06-25 15:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-26 14:41 - 2011-12-27 11:00 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Apple Computer
2015-04-26 14:41 - 2011-02-24 13:58 - 00000000 ____D () C:\Users\PFC\Downloads\D & Holly_files
2015-04-26 14:41 - 2011-01-19 17:01 - 00000000 ____D () C:\ProgramData\WebEx
2015-04-26 14:41 - 2010-12-29 17:36 - 00000000 ____D () C:\Users\PFC\AppData\Local\Microsoft Games
2015-04-26 14:41 - 2010-12-22 13:52 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Adobe
2015-04-26 14:41 - 2010-12-22 13:42 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Mozilla
2015-04-26 14:41 - 2010-12-22 13:42 - 00000000 ____D () C:\Users\PFC\AppData\Local\Mozilla
2015-04-26 14:41 - 2010-12-22 13:25 - 00000000 ____D () C:\ProgramData\DYMO
2015-04-26 14:41 - 2010-12-21 09:34 - 00000000 ____D () C:\Users\PFC
2015-04-26 14:41 - 2010-12-20 20:19 - 00000000 ___RD () C:\HP
2015-04-26 13:03 - 2012-10-11 13:29 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 13:03 - 2012-10-11 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-04-26 13:03 - 2011-08-17 11:12 - 00000000 ____D () C:\Users\PFC\AppData\Roaming\Malwarebytes
2015-04-26 13:03 - 2011-08-17 11:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-04-26 12:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-26 12:52 - 2014-12-11 04:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-26 12:52 - 2014-07-11 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-26 12:52 - 2014-03-17 15:17 - 00000000 ____D () C:\ProgramData\RemoteScan
2015-04-26 12:52 - 2011-08-17 11:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 12:51 - 2012-01-05 13:19 - 00000000 ____D () C:\Users\PFC\Documents\Fax
2015-04-26 12:51 - 2009-07-14 03:49 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-26 12:51 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2015-04-26 12:51 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2015-04-26 12:50 - 2014-03-17 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoteScan
2015-04-26 12:50 - 2012-10-12 10:02 - 00000000 ____D () C:\ProgramData\HP
2015-04-26 12:50 - 2012-10-11 13:46 - 00000000 ____D () C:\Qoobox
2015-04-26 12:50 - 2012-09-13 12:38 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-26 12:50 - 2012-06-26 13:40 - 00000000 ____D () C:\ProgramData\Intel
2015-04-26 12:50 - 2011-12-20 17:10 - 00000000 ____D () C:\ProgramData\Apple
2015-04-26 12:50 - 2011-12-13 09:48 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-26 12:50 - 2010-12-28 15:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-26 12:50 - 2010-12-28 15:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-26 12:50 - 2010-12-28 15:07 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-26 12:50 - 2010-12-22 13:38 - 00000000 ____D () C:\ProgramData\Citrix
2015-04-26 12:50 - 2010-12-22 13:06 - 00000000 ____D () C:\Shared
2015-04-26 12:50 - 2010-12-21 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-26 12:50 - 2010-12-21 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-04-26 12:50 - 2010-12-21 18:15 - 00000000 ___RD () C:\MSOCache
2015-04-26 12:50 - 2010-12-21 17:21 - 00000000 ____D () C:\ProgramData\Allscripts
2015-04-26 12:50 - 2010-12-20 19:58 - 00000000 ____D () C:\system.sav
2015-04-26 12:50 - 2010-12-20 19:38 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-26 12:50 - 2010-12-20 19:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-26 12:50 - 2010-12-20 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-26 12:50 - 2010-12-20 19:33 - 00000000 ____D () C:\Intel
2015-04-26 12:50 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-26 12:50 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-26 12:50 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Default
2015-04-26 12:50 - 2009-07-13 22:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-24 17:03 - 2014-08-11 13:32 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-04-24 17:03 - 2014-07-01 12:52 - 00000000 ____D () C:\ProgramData\AbakFinri
2015-04-24 17:03 - 2014-03-17 15:17 - 00000000 ____D () C:\temp
2015-04-24 17:03 - 2013-03-13 15:48 - 00000000 __SHD () C:\found.001
2015-04-24 17:03 - 2012-10-12 10:00 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2015-04-24 17:03 - 2012-09-13 12:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-04-24 17:03 - 2012-06-20 09:02 - 00000000 ____D () C:\found.000
2015-04-24 17:03 - 2012-05-09 08:53 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-24 17:03 - 2012-01-09 12:43 - 00000000 ____D () C:\ProgramData\Card Scanning Solutions
2015-04-24 17:03 - 2011-09-21 12:28 - 00000000 __SHD () C:\Users\PFC\Documents\cache
2015-04-24 17:03 - 2011-08-15 11:54 - 00000000 ____D () C:\ProgramData\CSActApp
2015-04-24 17:03 - 2011-08-08 15:46 - 00000000 ____D () C:\Users\PFC\Documents\Doculink
2015-04-24 17:03 - 2011-04-18 07:44 - 00000000 ____D () C:\Users\PFC\Documents\Visual Studio 2005
2015-04-24 17:03 - 2011-03-24 12:37 - 00000000 ____D () C:\Users\PFC\Documents\OneNote Notebooks
2015-04-24 17:03 - 2011-02-24 12:19 - 00000000 ____D () C:\Users\PFC\Documents\MyWay Document Generation
2015-04-24 17:03 - 2011-01-06 13:03 - 00000000 ____D () C:\ProgramData\iMedica
2015-04-24 17:03 - 2011-01-03 18:12 - 00000000 ____D () C:\ProgramData\Sun
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\STAFF LETTERS
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\OFFICE &CONTACT INFO
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\NHIP INFO
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\M-Z PT LETTERS
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\Keenan
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\FORMS
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\DYMO Label
2015-04-24 17:03 - 2010-12-22 12:48 - 00000000 ____D () C:\Users\PFC\Documents\A-L PT LETTERS
2015-04-24 17:03 - 2010-12-21 19:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-24 17:03 - 2010-12-21 19:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-24 17:03 - 2009-07-25 08:48 - 00000000 ____D () C:\Recovery
2015-04-24 17:03 - 2009-07-14 03:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-04-24 11:34 - 2013-07-16 14:06 - 00000514 _____ () C:\Users\PFC\Desktop\Citrix Access Gateway.website
2015-04-24 08:51 - 2012-10-11 15:31 - 02193300 _____ () C:\Users\PFC\Downloads\tdsskiller (1).zip.ecc
2015-04-24 08:51 - 2012-10-11 14:11 - 02193300 _____ () C:\Users\PFC\Downloads\tdsskiller.zip.ecc
2015-04-24 08:51 - 2012-02-14 13:41 - 00047412 _____ () C:\Users\PFC\Downloads\unicorn_bike_gag.jpg.ecc
2015-04-24 08:51 - 2012-01-09 12:30 - 00898644 _____ () C:\Users\PFC\Downloads\scanshell3000dn.zip.ecc
2015-04-24 08:51 - 2012-01-09 12:26 - 01145076 _____ () C:\Users\PFC\Downloads\ss3000d.zip.ecc
2015-04-24 08:51 - 2010-12-22 12:48 - 00023028 _____ () C:\Users\PFC\Downloads\RING.pdf.ecc
2015-04-24 08:50 - 2014-12-23 19:27 - 00000196 ____H () C:\Users\PFC\Documents\~$PAA Consent 2014.docx.ecc
2015-04-24 08:50 - 2014-12-23 09:28 - 00014884 _____ () C:\Users\PFC\Documents\Vaccine Storage notice.docx.ecc
2015-04-24 08:50 - 2014-12-16 14:54 - 00020452 _____ () C:\Users\PFC\Documents\Santa Letter.docx.ecc
2015-04-24 08:50 - 2014-11-26 13:50 - 00027684 _____ () C:\Users\PFC\Documents\Prue, Jessica.doc.ecc
2015-04-24 08:50 - 2014-11-26 13:02 - 00027684 _____ () C:\Users\PFC\Documents\McAuliffe, L Travel letter.doc.ecc
2015-04-24 08:50 - 2014-11-25 16:48 - 00011652 _____ () C:\Users\PFC\Documents\Mertens Gym letter.docx.ecc
2015-04-24 08:50 - 2014-11-18 17:56 - 00014532 _____ () C:\Users\PFC\Documents\Out of Order sign.docx.ecc
2015-04-24 08:50 - 2014-11-05 12:34 - 00016068 _____ () C:\Users\PFC\Documents\Sargent, L adoption letter.docx.ecc
2015-04-24 08:50 - 2014-10-29 13:33 - 00047060 _____ () C:\Users\PFC\Downloads\RESUME (1).rtf.ecc
2015-04-24 08:50 - 2014-10-29 13:33 - 00046756 _____ () C:\Users\PFC\Downloads\RESUME.rtf.ecc
2015-04-24 08:50 - 2014-10-22 11:40 - 00014356 _____ () C:\Users\PFC\Documents\Pilibosian, J DCBelt LMN.docx.ecc
2015-04-24 08:50 - 2014-10-22 10:42 - 00014324 _____ () C:\Users\PFC\Documents\Pilibosian, J LMN.docx.ecc
2015-04-24 08:50 - 2014-10-21 15:05 - 00036004 _____ () C:\Users\PFC\Documents\Outside Mask Notice.docx.ecc
2015-04-24 08:50 - 2014-09-15 13:24 - 00013300 _____ () C:\Users\PFC\Documents\Vaillaincourt, Debra.docx.ecc
2015-04-24 08:50 - 2014-08-12 09:25 - 00011588 _____ () C:\Users\PFC\Documents\Stratos, Ian sports.docx.ecc
2015-04-24 08:50 - 2014-07-22 09:33 - 00013876 _____ () C:\Users\PFC\Documents\Yee, W acupunct letter.docx.ecc
2015-04-24 08:50 - 2014-07-18 11:15 - 00000196 ____H () C:\Users\PFC\Documents\~$rr, K mchair letter.docx.ecc
2015-04-24 08:50 - 2014-06-25 10:05 - 00014372 _____ () C:\Users\PFC\Documents\Musto, V knee pain letter.docx.ecc
2015-04-24 08:50 - 2014-06-03 17:11 - 00014580 _____ () C:\Users\PFC\Documents\Maxwell-Garner, E dismissal.docx.ecc
2015-04-24 08:50 - 2014-04-21 15:09 - 01511060 _____ () C:\Users\PFC\Documents\SAM4212014 ERROR.docx.ecc
2015-04-24 08:50 - 2014-04-17 13:52 - 00013908 _____ () C:\Users\PFC\Documents\Thibodeau, Hayden sick letter.docx.ecc
2015-04-24 08:50 - 2014-04-04 09:11 - 00013012 _____ () C:\Users\PFC\Documents\Stevens. L coast guard.docx.ecc
2015-04-24 08:50 - 2014-03-25 16:39 - 00000196 ____H () C:\Users\PFC\Documents\~$od, C LMN.docx.ecc
2015-04-24 08:50 - 2014-02-03 16:22 - 00197540 _____ () C:\Users\PFC\Documents\Refilled no date populated.docx.ecc
2015-04-24 08:50 - 2014-01-30 11:48 - 00014228 _____ () C:\Users\PFC\Documents\Paradiso, Sean.docx.ecc
2015-04-24 08:50 - 2013-12-17 17:32 - 00015252 _____ () C:\Users\PFC\Documents\Reno sick letter.docx.ecc
2015-04-24 08:50 - 2013-12-17 17:32 - 00013924 _____ () C:\Users\PFC\Documents\Reno return to work.docx.ecc
2015-04-24 08:50 - 2013-12-17 14:07 - 00071348 _____ () C:\Users\PFC\Documents\ollie.jpg.ecc
2015-04-24 08:50 - 2013-12-05 18:38 - 00013908 _____ () C:\Users\PFC\Documents\Merr, K mchair letter.docx.ecc
2015-04-24 08:50 - 2013-11-26 18:20 - 00013812 _____ () C:\Users\PFC\Documents\Vranicar, V compententcy letter.docx.ecc
2015-04-24 08:50 - 2013-11-25 10:41 - 00013220 _____ () C:\Users\PFC\Documents\To All Patient1.docx.ecc
2015-04-24 08:50 - 2013-11-22 10:30 - 00013636 _____ () C:\Users\PFC\Documents\White, Jack dx letter.docx.ecc
2015-04-24 08:50 - 2013-11-14 11:11 - 00014996 _____ () C:\Users\PFC\Documents\November 4.docx.ecc
2015-04-24 08:50 - 2013-11-06 14:41 - 00013524 _____ () C:\Users\PFC\Documents\Vu, KY flu letter.docx.ecc
2015-04-24 08:50 - 2013-10-16 10:57 - 00013236 _____ () C:\Users\PFC\Documents\The client is unable to connect to the SQL Server called.docx.ecc
2015-04-24 08:50 - 2013-10-08 17:00 - 00014548 _____ () C:\Users\PFC\Documents\Stevens, L stress letter.docx.ecc
2015-04-24 08:50 - 2013-09-24 14:38 - 00000196 ____H () C:\Users\PFC\Documents\~$lance dissmissal letter.docx.ecc
2015-04-24 08:50 - 2013-09-24 14:04 - 00000196 ____H () C:\Users\PFC\Documents\~$ All Patients.docx.ecc
2015-04-24 08:50 - 2013-09-19 11:30 - 00000196 ____H () C:\Users\PFC\Documents\~$ack, N work, deploy letter (Autosaved).docx.ecc
2015-04-24 08:50 - 2013-09-18 12:58 - 00013652 _____ () C:\Users\PFC\Documents\To All Patients.docx.ecc
2015-04-24 08:50 - 2013-09-18 11:20 - 00013300 _____ () C:\Users\PFC\Documents\Stack, N work, deploy letter (Autosaved).docx.ecc
2015-04-24 08:50 - 2013-09-16 11:11 - 00000196 ____H () C:\Users\PFC\Documents\~$ack, N work, deploy letter.docx.ecc
2015-04-24 08:50 - 2013-09-10 10:32 - 00258100 _____ () C:\Users\PFC\Documents\RX error.docx.ecc
2015-04-24 08:50 - 2013-08-15 17:04 - 00011668 _____ () C:\Users\PFC\Documents\Page, Nancy animal support.docx.ecc
2015-04-24 08:50 - 2013-08-15 17:01 - 00013188 _____ () C:\Users\PFC\Documents\Parham, S.docx.ecc
2015-04-24 08:50 - 2013-08-07 08:58 - 00034356 _____ () C:\Users\PFC\Downloads\how.jpg.ecc
2015-04-24 08:50 - 2013-08-07 08:42 - 00017268 _____ () C:\Users\PFC\Downloads\h&w.jpg.ecc
2015-04-24 08:50 - 2013-07-30 14:39 - 00013092 _____ () C:\Users\PFC\Documents\Mendoza, B clearance.docx.ecc
2015-04-24 08:50 - 2013-07-22 15:24 - 00000196 ____H () C:\Users\PFC\Documents\~$ckert 2013 homecare letter.docx.ecc
2015-04-24 08:50 - 2013-07-09 17:30 - 00013396 _____ () C:\Users\PFC\Documents\Smith, R surgery letter.docx.ecc
2015-04-24 08:50 - 2013-06-17 15:32 - 00013444 _____ () C:\Users\PFC\Documents\McBreairty dismissal.docx.ecc
2015-04-24 08:50 - 2013-06-11 10:00 - 00013028 _____ () C:\Users\PFC\Documents\Martell, Aaron LMN.docx.ecc
2015-04-24 08:50 - 2013-05-23 11:42 - 00000196 ____H () C:\Users\PFC\Documents\~$b Discount Letter.docx.ecc
2015-04-24 08:50 - 2013-05-21 16:53 - 00000196 ____H () C:\Users\PFC\Documents\~$llivan, B DME letter.docx.ecc
2015-04-24 08:50 - 2013-05-21 15:24 - 00206260 _____ () C:\Users\PFC\Documents\Pharmacy transmission image.docx.ecc
2015-04-24 08:50 - 2013-05-21 14:34 - 00013204 _____ () C:\Users\PFC\Documents\Sullivan, B DME letter.docx.ecc
2015-04-24 08:50 - 2013-05-21 14:34 - 00012948 _____ () C:\Users\PFC\Documents\Tibbets, J PSNH.docx.ecc
2015-04-24 08:50 - 2013-04-29 14:55 - 00000196 ____H () C:\Users\PFC\Documents\~$terson.docx.ecc
2015-04-24 08:50 - 2013-04-17 13:17 - 00013124 _____ () C:\Users\PFC\Documents\Malek wheelchair letter.docx.ecc
2015-04-24 08:50 - 2013-04-15 10:34 - 00000196 ____H () C:\Users\PFC\Documents\~$mHC simple letter.docx.ecc
2015-04-24 08:50 - 2013-04-02 13:23 - 00009652 _____ () C:\Users\PFC\Documents\Monthly Obagi.xlsx.ecc
2015-04-24 08:50 - 2013-04-02 13:13 - 00008740 _____ () C:\Users\PFC\Documents\Obagi Stock.xlsx.ecc
2015-04-24 08:50 - 2013-03-26 11:47 - 00013220 _____ () C:\Users\PFC\Documents\Stack, N work, deploy letter.docx.ecc
2015-04-24 08:50 - 2013-03-26 09:36 - 00013364 _____ () C:\Users\PFC\Documents\Points.docx.ecc
2015-04-24 08:50 - 2013-03-06 11:53 - 00011620 _____ () C:\Users\PFC\Documents\Tenney-Helfrich, K.docx.ecc
2015-04-24 08:50 - 2013-02-28 12:52 - 00011844 _____ () C:\Users\PFC\Documents\Martell, Al tanning letter.docx.ecc
2015-04-24 08:50 - 2012-12-20 14:46 - 00012820 _____ () C:\Users\PFC\Documents\otterson.docx.ecc
2015-04-24 08:50 - 2012-10-12 11:36 - 00013924 _____ () C:\Users\PFC\Documents\RE Dorothy Smith.docx.ecc
2015-04-24 08:50 - 2012-09-06 16:22 - 00012164 _____ () C:\Users\PFC\Documents\R Rackowski.docx.ecc
2015-04-24 08:50 - 2012-07-24 11:45 - 00011268 _____ () C:\Users\PFC\Documents\Return to Sports letter.docx.ecc
2015-04-24 08:50 - 2012-07-24 11:42 - 00011316 _____ () C:\Users\PFC\Documents\Urgent Handicap Unit letter.docx.ecc
2015-04-24 08:50 - 2012-07-24 11:30 - 00011492 _____ () C:\Users\PFC\Documents\Support Animal Travel Letter.docx.ecc
2015-04-24 08:50 - 2012-07-24 11:17 - 00011620 _____ () C:\Users\PFC\Documents\No longer contagious simple letter.docx.ecc
2015-04-24 08:50 - 2012-07-24 10:49 - 00011620 _____ () C:\Users\PFC\Documents\Work or Financial Restriction letter.docx.ecc
2015-04-24 08:50 - 2012-05-07 12:03 - 00011780 _____ () C:\Users\PFC\Documents\Name Consent.docx.ecc
2015-04-24 08:50 - 2012-03-13 13:14 - 00011908 _____ () C:\Users\PFC\Documents\Recommendation letter.docx.ecc
2015-04-24 08:50 - 2011-10-06 14:20 - 00000196 _____ () C:\Users\PFC\Documents\~$ntovt, j absence letter.docx.ecc
2015-04-24 08:50 - 2010-12-22 12:48 - 00537204 _____ () C:\Users\PFC\Downloads\character039.zip.ecc
2015-04-24 08:50 - 2010-12-22 12:48 - 00023028 _____ () C:\Users\PFC\Downloads\RING(2).pdf.ecc
2015-04-24 08:50 - 2010-12-22 12:48 - 00000596 _____ () C:\Users\PFC\Downloads\character170.zip.ecc
2015-04-24 08:50 - 2010-12-22 12:48 - 00000596 _____ () C:\Users\PFC\Downloads\character039(2).zip.ecc
2015-04-24 08:50 - 2010-12-22 12:47 - 00000388 _____ () C:\Users\PFC\Downloads\3Doutline_300.psd.zip.ecc
2015-04-24 08:49 - 2015-01-15 10:55 - 00015524 _____ () C:\Users\PFC\Documents\KA INS cancel.docx.ecc
2015-04-24 08:49 - 2015-01-05 10:52 - 00006132 _____ () C:\Users\PFC\Documents\Ill error Jan515.txt.ecc
2015-04-24 08:49 - 2014-12-23 19:27 - 00021076 _____ () C:\Users\PFC\Documents\HIPAA Consent 2014.docx.ecc
2015-04-24 08:49 - 2014-12-04 16:06 - 00013540 _____ () C:\Users\PFC\Documents\Cobb, G DOT.docx.ecc
2015-04-24 08:49 - 2014-12-01 14:12 - 00010580 _____ () C:\Users\PFC\Documents\Assignment Sheet.xlsx.ecc
2015-04-24 08:49 - 2014-11-25 16:13 - 00022068 _____ () C:\Users\PFC\Documents\Infusion Orders.docx.ecc
2015-04-24 08:49 - 2014-11-11 14:38 - 00504004 _____ () C:\Users\PFC\Documents\Lauren Recommendation.docx.ecc
2015-04-24 08:49 - 2014-10-29 09:53 - 00011476 _____ () C:\Users\PFC\Documents\Fetterhoff, C sports letter.docx.ecc
2015-04-24 08:49 - 2014-10-23 09:26 - 00014964 _____ () C:\Users\PFC\Documents\Funny+ PRH letter.docx.ecc
2015-04-24 08:49 - 2014-10-20 12:04 - 00013460 _____ () C:\Users\PFC\Documents\Gunn, Matthew.docx.ecc
2015-04-24 08:49 - 2014-10-02 08:24 - 00012196 _____ () C:\Users\PFC\Documents\Henson, K light duty.docx.ecc
2015-04-24 08:49 - 2014-09-29 09:23 - 00002644 _____ () C:\Users\PFC\Documents\Error code.txt.ecc
2015-04-24 08:49 - 2014-08-28 17:38 - 00014548 _____ () C:\Users\PFC\Documents\Levine, Daniel.docx.ecc
2015-04-24 08:49 - 2014-08-28 17:38 - 00013220 _____ () C:\Users\PFC\Documents\Brown, David work letter.docx.ecc
2015-04-24 08:49 - 2014-07-29 11:08 - 00012084 _____ () C:\Users\PFC\Documents\Abouzour, A light duty.docx.ecc
2015-04-24 08:49 - 2014-07-08 13:24 - 00015236 _____ () C:\Users\PFC\Documents\Hschein072014.docx.ecc
2015-04-24 08:49 - 2014-07-03 16:20 - 00011364 _____ () C:\Users\PFC\Documents\Lalime, Thomas injury letter.docx.ecc
2015-04-24 08:49 - 2014-06-02 17:01 - 00014596 _____ () C:\Users\PFC\Documents\Lennon, Jay rx letter.docx.ecc
2015-04-24 08:49 - 2014-05-13 11:17 - 00014516 _____ () C:\Users\PFC\Documents\Kauten, J med letter.docx.ecc
2015-04-24 08:49 - 2014-04-28 13:23 - 00014884 _____ () C:\Users\PFC\Documents\Dismissal and Records.docx.ecc
2015-04-24 08:49 - 2014-03-27 17:16 - 00014516 _____ () C:\Users\PFC\Documents\Certificate of Excellence.docx.ecc
2015-04-24 08:49 - 2014-03-26 11:25 - 00013908 _____ () C:\Users\PFC\Documents\Borrazas, L return to work.docx.ecc
2015-04-24 08:49 - 2014-03-25 16:39 - 00014260 _____ () C:\Users\PFC\Documents\Hood, C LMN.docx.ecc
2015-04-24 08:49 - 2014-03-18 13:38 - 00149796 _____ () C:\Users\PFC\Documents\31814 Error.docx.ecc
2015-04-24 08:49 - 2014-02-19 15:03 - 00013956 _____ () C:\Users\PFC\Documents\henschke, j sick letter.docx.ecc
2015-04-24 08:49 - 2014-02-11 15:02 - 00012420 _____ () C:\Users\PFC\Documents\KA Funny Recommend.docx.ecc
2015-04-24 08:49 - 2014-02-11 13:02 - 00012004 _____ () C:\Users\PFC\Documents\KA recommendation2.docx.ecc
2015-04-24 08:49 - 2014-02-10 18:15 - 00012004 _____ () C:\Users\PFC\Documents\KA recommendation.docx.ecc
2015-04-24 08:49 - 2014-02-07 10:38 - 00013924 _____ () C:\Users\PFC\Documents\Hixon, M sick letter.docx.ecc
2015-04-24 08:49 - 2014-01-23 15:24 - 00284900 _____ () C:\Users\PFC\Documents\12214 drug screen alert.docx.ecc
2015-04-24 08:49 - 2014-01-08 14:22 - 00013860 _____ () C:\Users\PFC\Documents\Ingram, R gastro letter.docx.ecc
2015-04-24 08:49 - 2013-12-30 11:28 - 01508356 _____ () C:\Users\PFC\Documents\12 30 server error.docx.ecc
2015-04-24 08:49 - 2013-12-30 11:24 - 00224196 _____ () C:\Users\PFC\Documents\12 30 Exeption dump.docx.ecc
2015-04-24 08:49 - 2013-12-30 10:16 - 00226660 _____ () C:\Users\PFC\Documents\12 30 error.docx.ecc
2015-04-24 08:49 - 2013-12-18 15:04 - 00014052 _____ () C:\Users\PFC\Documents\Gift Certificate.docx.ecc
2015-04-24 08:49 - 2013-12-17 10:24 - 00277252 _____ () C:\Users\PFC\Documents\Interaction alert.docx.ecc
2015-04-24 08:49 - 2013-12-13 10:27 - 00013620 _____ () C:\Users\PFC\Documents\Butterfiel med letter.docx.ecc
2015-04-24 08:49 - 2013-12-03 14:49 - 00013636 _____ () C:\Users\PFC\Documents\December 02.docx.ecc
2015-04-24 08:49 - 2013-11-18 18:03 - 00013860 _____ () C:\Users\PFC\Documents\Gordon, Al INS letter.docx.ecc
2015-04-24 08:49 - 2013-11-13 10:52 - 00014580 _____ () C:\Users\PFC\Documents\Dismissal letter.docx.ecc
2015-04-24 08:49 - 2013-11-04 12:51 - 00014132 _____ () C:\Users\PFC\Documents\Hallett, S med letter.docx.ecc
2015-04-24 08:49 - 2013-10-29 17:56 - 00013652 _____ () C:\Users\PFC\Documents\guckert , m.docx.ecc
2015-04-24 08:49 - 2013-10-21 14:34 - 00239380 _____ () C:\Users\PFC\Documents\Edu form error.docx.ecc
2015-04-24 08:49 - 2013-10-16 11:13 - 00196612 _____ () C:\Users\PFC\Documents\Doc5.docx.ecc
2015-04-24 08:49 - 2013-10-16 10:48 - 00232068 _____ () C:\Users\PFC\Documents\Doc3.docx.ecc
2015-04-24 08:49 - 2013-10-16 10:44 - 00194660 _____ () C:\Users\PFC\Documents\Doc2.docx.ecc
2015-04-24 08:49 - 2013-10-16 10:41 - 00189924 _____ () C:\Users\PFC\Documents\error 10.16large.docx.ecc
2015-04-24 08:49 - 2013-10-10 16:18 - 00013636 _____ () C:\Users\PFC\Documents\Fritz, st WC letter.docx.ecc
2015-04-24 08:49 - 2013-10-10 10:11 - 00014180 _____ () C:\Users\PFC\Documents\Letter Checklist.docx.ecc
2015-04-24 08:49 - 2013-10-08 16:59 - 00013476 _____ () C:\Users\PFC\Documents\Karnaciecz, M travel letter.docx.ecc
2015-04-24 08:49 - 2013-09-24 17:25 - 00013236 _____ () C:\Users\PFC\Documents\Brule, Christopher.docx.ecc
2015-04-24 08:49 - 2013-09-24 14:38 - 00014228 _____ () C:\Users\PFC\Documents\Balance dissmissal letter.docx.ecc
2015-04-24 08:49 - 2013-09-05 10:47 - 00013044 _____ () C:\Users\PFC\Documents\Guckert, M cleared letter.docx.ecc
2015-04-24 08:49 - 2013-08-29 16:45 - 00013092 _____ () C:\Users\PFC\Documents\Flu notice.docx.ecc
2015-04-24 08:49 - 2013-08-16 12:04 - 00014180 _____ () C:\Users\PFC\Documents\dismissal.docx.ecc
2015-04-24 08:49 - 2013-08-16 11:49 - 00013284 _____ () C:\Users\PFC\Documents\Foley, So imm letter.docx.ecc
2015-04-24 08:49 - 2013-07-18 17:18 - 00013924 _____ () C:\Users\PFC\Documents\Guckert 2013 homecare letter.docx.ecc
2015-04-24 08:49 - 2013-07-15 10:52 - 00013012 _____ () C:\Users\PFC\Documents\Grindle YMCA.docx.ecc
2015-04-24 08:49 - 2013-06-06 13:02 - 00013060 _____ () C:\Users\PFC\Documents\Hayward dsblity letter.docx.ecc
2015-04-24 08:49 - 2013-05-21 14:35 - 00013012 _____ () C:\Users\PFC\Documents\Barstow, P surg letter.docx.ecc
2015-04-24 08:49 - 2013-05-07 16:58 - 00013316 _____ () C:\Users\PFC\Documents\Demauro, A 2013.docx.ecc
2015-04-24 08:49 - 2013-05-02 15:59 - 00013044 _____ () C:\Users\PFC\Documents\Clough, M.docx.ecc
2015-04-24 08:49 - 2013-01-29 13:07 - 00012692 _____ () C:\Users\PFC\Documents\Kerri Bates 1.29.13.docx.ecc
2015-04-24 08:49 - 2012-09-11 14:01 - 00012756 _____ () C:\Users\PFC\Documents\Henscke.docx.ecc
2015-04-24 08:49 - 2012-09-04 16:07 - 00012196 _____ () C:\Users\PFC\Documents\Carroll Archer.docx.ecc
2015-04-24 08:49 - 2012-08-09 09:17 - 00012132 _____ () C:\Users\PFC\Documents\Ann St Remy.docx.ecc
2015-04-24 08:49 - 2012-07-24 12:26 - 00012100 _____ () C:\Users\PFC\Documents\Hospital bed letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 11:56 - 00011076 _____ () C:\Users\PFC\Documents\Blank OTC Med Letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 11:39 - 00011428 _____ () C:\Users\PFC\Documents\Diabetic Supply Travel Letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 11:16 - 00011508 _____ () C:\Users\PFC\Documents\GymHC simple letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 10:51 - 00012004 _____ () C:\Users\PFC\Documents\LIght Duty Simple.docx.ecc
2015-04-24 08:49 - 2012-07-24 10:48 - 00011908 _____ () C:\Users\PFC\Documents\Light Duty Letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 10:47 - 00011828 _____ () C:\Users\PFC\Documents\Injury.Restriction letter.docx.ecc
2015-04-24 08:49 - 2012-07-24 10:38 - 00011636 _____ () C:\Users\PFC\Documents\Lab Discount Letter.docx.ecc
2015-04-24 08:49 - 2012-07-19 15:53 - 00014724 _____ () C:\Users\PFC\Documents\Chemical Peel Consent Form.docx.ecc
2015-04-24 08:49 - 2012-07-19 15:52 - 00012068 _____ () C:\Users\PFC\Documents\Hajjiri, M Gym Letter.docx.ecc
2015-04-24 08:49 - 2011-10-06 15:32 - 00094036 _____ () C:\Users\PFC\Documents\ALLSCRIPT EMPTY IMMUNIZATION.docx.ecc
2015-04-24 08:49 - 2011-10-03 14:00 - 00024580 _____ () C:\Users\PFC\Documents\KA Resume.docx.ecc
2015-04-24 08:49 - 2011-07-13 10:42 - 00039268 _____ () C:\Users\PFC\Desktop\dR Credit Card Authorization.pdf.ecc
2015-04-24 08:49 - 2010-12-28 17:12 - 00010676 _____ () C:\Users\PFC\Documents\Billing Invoice.docx.ecc
2015-04-24 08:47 - 2012-10-11 15:58 - 00127588 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_15.58.10_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 15:31 - 00132852 _____ () C:\TDSSKiller.2.8.10.0_11.10.2012_15.31.19_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 15:30 - 00000372 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_15.30.54_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 14:11 - 00132404 _____ () C:\TDSSKiller.2.8.10.0_11.10.2012_14.11.44_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 14:11 - 00003732 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_14.11.18_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 14:11 - 00000372 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_14.11.24_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 13:44 - 00132036 _____ () C:\TDSSKiller.2.8.10.0_11.10.2012_13.44.31_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 13:29 - 00125892 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_13.29.16_log.txt.ecc
2015-04-24 08:47 - 2012-10-11 12:57 - 00128516 _____ () C:\TDSSKiller.2.7.34.0_11.10.2012_12.57.36_log.txt.ecc
2015-04-24 08:46 - 2012-10-11 10:37 - 00002020 _____ () C:\PE-Files.txt.ecc
2015-04-23 20:54 - 2012-06-26 10:46 - 00061124 _____ () C:\ip settings.png.ecc
2015-04-23 20:53 - 2014-07-25 03:00 - 00000000 ____D () C:\9244ab4f498ed32677fe9d
2015-04-23 20:53 - 2012-10-11 13:56 - 00012420 _____ () C:\ComboFix.txt.ecc
2015-04-23 11:48 - 2010-12-21 17:11 - 00001389 _____ () C:\Users\PFC\Desktop\Internet Explorer.lnk
2015-04-23 11:48 - 2010-12-21 09:35 - 00001419 _____ () C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-23 11:27 - 2012-09-14 09:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-23 11:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-23 11:16 - 2012-08-09 11:40 - 00002317 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 23:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:13 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:12 - 2012-08-09 11:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 03:12 - 2011-12-13 09:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 03:05 - 2010-12-21 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:05 - 2010-12-21 17:29 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2010-12-22 13:25 - 2010-12-22 13:25 - 0029191 __RSH () C:\Program Files\DLS8Uninstall.log
2015-04-23 20:53 - 2015-04-24 08:51 - 0000752 _____ () C:\Users\PFC\AppData\Roaming\key.dat
2015-04-23 20:53 - 2015-04-24 08:51 - 0354300 _____ () C:\Users\PFC\AppData\Roaming\log.html
2015-04-23 20:53 - 2015-04-23 20:53 - 0413696 _____ () C:\Users\PFC\AppData\Roaming\ssdpyiq.exe
2014-01-30 18:49 - 2014-01-30 18:49 - 0000017 _____ () C:\Users\PFC\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
safeboot: {f2187716-8b55-11e2-ad81-e41a2196e372} => The system is configured to boot to Safe Mode <===== ATTENTION!
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=V:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
default                 {current}
displayorder            {current}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (recovered) 
locale                  en-US
recoverysequence        {f2187717-8b55-11e2-ad81-e41a2196e372}
recoveryenabled         No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b29ecd7a-8bd9-11e2-80b4-806e6f6e6963}
safeboot                Network
bootstatuspolicy        IgnoreAllFailures
 
Windows Boot Loader
-------------------
identifier              {f2187717-8b55-11e2-ad81-e41a2196e372}
device                  ramdisk=[V:]\Recovery\WindowsRE\Winre.wim,{f2187718-8b55-11e2-ad81-e41a2196e372}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[V:]\Recovery\WindowsRE\Winre.wim,{f2187718-8b55-11e2-ad81-e41a2196e372}
systemroot              \windows
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {b29ecd7a-8bd9-11e2-80b4-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=V:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
 
Debugger Settings
-----------------
identifier              {dbgsettings}
 
Device options
--------------
identifier              {f2187718-8b55-11e2-ad81-e41a2196e372}
ramdisksdidevice        partition=V:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-04-24 00:11
 
==================== End Of Log ============================
 
 
Addition.txt

-------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2015
Ran by PFC at 2015-04-26 15:55:30
Running from C:\Users\PFC\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2576570839-1706067242-2660608356-500 - Administrator - Disabled)
Guest (S-1-5-21-2576570839-1706067242-2660608356-501 - Limited - Disabled)
Keenan (S-1-5-21-2576570839-1706067242-2660608356-1002 - Limited - Enabled)
PFC (S-1-5-21-2576570839-1706067242-2660608356-1000 - Administrator - Enabled) => C:\Users\PFC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Allscripts MyWay Client (HKLM\...\{E6B9EB97-6D23-1014-B8E2-EB0764B15FCD}) (Version: 10.1.31723.1202 - Allscripts)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.0.3.6 - Citrix Systems, Inc.)
DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.2.2.994 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.1.0.364 - Sanford L.P.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Performance Advisor (HKLM\...\{F68D4EB7-1CB2-4A3B-8922-474878DAEDE9}) (Version: 1.1.1814 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
InstallPDFDrivers (Version: 1.00.000 - Midmark Diagnostics Group) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java™ 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
join.me (HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\JoinMe) (Version: 1.14.0.138 - LogMeIn, Inc.)
lection (HKLM\...\{55d4b236-fe79-4782-cc2d-55acaf147087}) (Version: 1.0.0 - subpar)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
MSS version 1.02 (HKLM\...\{365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1) (Version: 1.02 - )
MyPCBU version 2.25 (HKLM\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - )
News Alert (HKLM\...\BreakingNewsAlert) (Version: 2.7.64 - Useful Technology)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
RemoteScan (HKLM\...\RemoteScan) (Version:  - )
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
SDU version 3.8 (HKLM\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 3.8 - )
SecureLink Gatekeeper (remove only) (HKLM\...\Enexity) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 ->  No File
 
==================== Restore Points  =========================
 
23-04-2015 21:34:04 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2012-10-11 13:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AD68936-3E32-415A-A9F8-73D9F1A8CDB0} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe <==== ATTENTION
Task: {2C247193-76BC-4D2B-91AD-7D6349C9532B} - System32\Tasks\{C8899568-21B7-46E7-8698-3BFB0AECF5E4} => C:\Program Files\DYMO\DYMO Label Software\DLS.exe [2010-04-30] (Sanford, L.P.)
Task: {37BE6F71-CE1F-4B50-BE9D-924AA7D424BE} - \CloudHIDEAWAY No Task File <==== ATTENTION
Task: {50AD9760-5CA1-490D-8B5B-51A29CB13BBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {53C0FF4A-3AF1-47F7-82D9-06084CE53060} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {55845368-C679-4746-8EB1-94260B07F997} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {57B5C318-84DF-4331-9E24-907DE6303B52} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {58E156BF-AB22-4F5C-8B74-700C02ADAA31} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {638B6637-88E3-4772-9644-AB15889A170A} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {6B9F0FFC-E6B8-4A82-8C51-53D9CB6B65D4} - System32\Tasks\{96AA3134-EA36-48E9-B092-62560F29DDFF} => C:\Program Files\DYMO\DYMO Label Software\DLS.exe [2010-04-30] (Sanford, L.P.)
Task: {9588E1A3-8C6C-47BE-9227-CEBC401936E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {B434EC2B-7EB9-49CC-BD86-0EA76D4A91A8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe <==== ATTENTION
Task: {B9F09C4F-8493-4338-8E16-0DBF69DA9461} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D7\netengine.exe [2015-04-23] () <==== ATTENTION
Task: {BEBC247D-C259-4E0C-97D7-5B3C6FCE358F} - System32\Tasks\{6B52380E-7C54-426E-BA39-7DA620107F46} => pcalua.exe -a C:\Users\PFC\Downloads\SLinkAllscripts(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {DFFCC7C9-7D28-45F4-A86E-149D9263A8ED} - System32\Tasks\{8D226932-685D-4C33-A07A-13D864232B09} => pcalua.exe -a "C:\Users\PFC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34F1BT75\SLinkAllscripts[1].exe" -d C:\Users\PFC\Desktop
Task: {F2B940BC-E814-465F-9C1F-29B2F88D751F} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\medcity.net -> hxxps://capital.ns.medcity.net
IE trusted site: HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\...\misysmyway.com -> misysmyway.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2576570839-1706067242-2660608356-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3B9AB16A-A5E1-44F4-BAF9-6673F2296151}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{EE68130C-E4BC-4CFA-A973-48341663F0A6}] => (Allow) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{AC0E2659-85A8-4EF4-A857-E1221801D298}] => (Allow) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{F053182F-0C8E-4454-8D02-A2C03F5E1C0F}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{7EAE7D41-5106-436F-9318-71FB3A1583A3}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2015 03:28:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/26/2015 03:28:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/26/2015 03:08:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/26/2015 03:08:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (04/26/2015 03:01:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (04/26/2015 03:35:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.197.343.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/26/2015 03:24:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/26/2015 03:24:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/26/2015 03:24:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (04/26/2015 03:24:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/26/2015 03:24:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/26/2015 03:24:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/26/2015 03:24:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/26/2015 03:24:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ctxusbm
discache
MpFilter
spldr
Wanarpv6
 
Error: (04/26/2015 03:24:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (07/11/2012 09:06:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 21%
Total physical RAM: 3511.25 MB
Available physical RAM: 2771.41 MB
Total Pagefile: 7020.79 MB
Available Pagefile: 6450.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.72 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:294.09 GB) (Free:253.29 GB) NTFS
Drive v: (SYSTEM) (Fixed) (Total:4 GB) (Free:3.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 12B65BC0)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=294.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Shortcuts.txt
-------------------
 
Users shortcut scan result (x86) Version: 26-04-2015
Ran by PFC at 2015-04-26 15:55:41
Running from C:\Users\PFC\Downloads
Boot Mode: Safe Mode (with Networking)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP User Manuals.lnk -> C:\SWSetup\HP Documentation\start.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureLink for Allscripts\Uninstall SecureLink.lnk -> C:\Program Files\SecureLink\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoteScan\RemoteScan Server.lnk -> C:\Program Files\RemoteScan Server\RemoteScanServer.exe (Dell Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoteScan\Utilities\Link this Scannerless Workstation to Scanner.lnk -> C:\Program Files\RemoteScan Server\ScannerlessToWorkstation.exe (Quest Software Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk -> C:\Program Files\Optimizer Pro 3.84\OptimizerPro.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk -> C:\Program Files\Optimizer Pro 3.84\OptimizerPro.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk -> C:\Program Files\Optimizer Pro 3.84\HomePage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk -> C:\Program Files\Optimizer Pro 3.84\OptimizerPro.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk -> C:\Program Files\Optimizer Pro 3.84\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger Configuration Wizard.lnk -> C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger.lnk -> C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology Installer.LNK -> C:\Program Files\Intel\IAA_Setup\IRST_9.5.0.1037PV.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Management Engine Components\Intel® Management and Security Status.lnk -> C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Cool Tools\HP Cool Tools - Learn More.lnk -> C:\Program Files\Hewlett-Packard\HPCT\HP Cool Tools - Learn More.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Cool Tools\System Information.lnk -> C:\Program Files\Hewlett-Packard\HPCT\HPQSI.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Support Assistant.lnk -> C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Performance Advisor\HP Performance Advisor.lnk -> c:\Windows\Installer\{F68D4EB7-1CB2-4A3B-8922-474878DAEDE9}\_B4608503D8C5AD4B7012A0.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Install.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Install.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme EN.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme EN.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme FR.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme FR.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme GR.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme GR.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme IT.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme IT.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme JP.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme JP.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HP CA Management Agent Readme SP.lnk -> C:\SWSetup\ManagementAgent\HP CA Management Agent Readme SP.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1560-P1600 Series\HP ePrint.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\HP ePrint.exe (HP - TEST)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1560-P1600 Series\HP LaserJet Guide.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\M_help\Help.exe (Hewlett-Packard Development Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1560-P1600 Series\Install Notes.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\English\Manuals\1100SeriesInstallNotes.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1560-P1600 Series\Uninstall.lnk -> C:\Program Files\HP\HP LaserJet P1100 Series\Uninstall.exe (HP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO Productivity Software\DYMO Label v.8.lnk -> C:\Program Files\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO Productivity Software\DYMO QuickPrint.lnk -> C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allscripts\Allscripts MyWay.lnk -> C:\Program Files\Allscripts\MyWay Client\Launcher.exe (Allscripts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 2.0 Configuration.lnk -> C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD Graphics.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\Links\Desktop.lnk -> C:\Users\PFC\Desktop ()
Shortcut: C:\Users\PFC\Links\Downloads.lnk -> C:\Users\PFC\Downloads ()
Shortcut: C:\Users\PFC\Desktop\Continue installation .lnk -> C:\Users\PFC\AppData\Local\temp\sliding scale insulin chart__10924_i1503391731_il829697.exe (No File)
Shortcut: C:\Users\PFC\Desktop\DYMO Label v.8.lnk -> C:\Program Files\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.)
Shortcut: C:\Users\PFC\Desktop\Excel.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\PFC\Desktop\FORMS - Shortcut.lnk -> C:\Users\PFC\Documents\FORMS ()
Shortcut: C:\Users\PFC\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\Desktop\join.me.lnk -> C:\Users\PFC\AppData\Local\join.me\join.me.exe (LogMeIn, Inc.)
Shortcut: C:\Users\PFC\Desktop\Shared (Frontdesk2).lnk -> C:\Shared ()
Shortcut: C:\Users\PFC\Desktop\Word.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk -> C:\Users\PFC\AppData\Local\join.me\join.me.exe (LogMeIn, Inc.)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader\YTDownloader.lnk -> C:\Program Files\YTDownloader\YTDownloader.exe (No File)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Word.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Allscripts MyWay.lnk -> C:\Program Files\Allscripts\MyWay Client\Launcher.exe (Allscripts)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Shop for HP Supplies.lnk -> C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe ()
 
 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www-searching.com/?pid=s&s=F4Nzamodk010924,cea0464c-65e0-4d0a-9a18-ae8a3762fdb5,&pi=2
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\New Microsoft Office Document.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe () -> -n
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Open Microsoft Office Document.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe () -> -f
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Intel Proset.lnk -> C:\SWSetup\Drivers\NIC\Intel\WIN7-32\Proset\QuickLnk.exe (Hewlett-Packard Company) -> -exec /T:"C:\SWSetup\Drivers\NIC\Intel\Win7-32\ProSet\DxSetup.exe" /L:"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Intel Proset.lnk"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemoteScan Server.lnk -> C:\Program Files\RemoteScan Server\RemoteScanServer.exe (Dell Inc) -> startup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoteScan\Uninstall RemoteScan.lnk -> C:\Windows\iun6002.exe (Indigo Rose Corporation) -> "C:\Program Files\RemoteScan Server\irunin.ini"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoteScan\Advanced Features\RemoteScan Service Control Panel.lnk -> C:\Program Files\RemoteScan Server\RemoteScanServer.exe (Dell Inc) -> control
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i {0E64B098-8018-4256-BA23-C316A43AD9B0} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Install HP Power Assistant.lnk -> C:\SWSetup\HP Power Assistant\QuickLnk.exe (Hewlett-Packard Company) -> -exec /T:"C:\SWSetup\HP Power Assistant\HPPA_Setup-1.1.0.20.exe" /L:"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Install HP Power Assistant.lnk"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HPCA-RMA.lnk -> C:\SWSetup\ManagementAgent\QuickLnk.exe (Hewlett-Packard Company) -> -exec /T:"C:\SWSetup\ManagementAgent\HPCA-RMA.msi" /L:"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HPCA Management Agent\HPCA-RMA.lnk"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\PFC\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\PFC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer\Donate.url -> hxxp://www.shadowexplorer.com/donate.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer\Website.url -> hxxp://www.shadowexplorer.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureLink for Allscripts\SecureLink Gatekeeper.url -> C:\Program Files\SecureLink/bin/index.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\PFC\Favorites\... Back Pain Exercises Patient Handout  Can Constipation Cause Back Pain.url -> hxxp://images.search.yahoo.com/images/view;_ylt=A0PDoS1yFuBR8gEAM7.JzbkF;_ylu=X3oDMTFxM3NpaHBxBHNlYwNzcgRzbGsDaW1nBG9pZAMwNDhhM2FmZmUxZTlmY2ZlZjljNWFiN2Y1ODYyOGMzZARncG9zAzI-?back=http%3A%2F%2Fimages.search.yahoo.com%2Fsearch%2Fimages%3F_adv_prop%3Dimage%26va%3Dback%2Bpain%2Bexercises%2Bhandout%26fr%3Dmy-myy-s%26tab%3Dorganic%26ri%3D2&w=744&h=963&imgurl=1.bp.blogspot.com%2F_a2RfdLVLRfs%2FTB2IaXBRPUI%2FAAAAAAAABJw%2FBZCA4XMjiZA%2Fs1600%2Flow%2Bback%2Bpain%2Bexercises.jpg&rurl=http%3A%2F%2Fcanconstipationcausebackpain.net%2Flow-back-pain-exercises-patient-handout%2F&size=104.6KB&name=...+%3Cb%3EBack+Pain+Exercises+%3C%2Fb%3EPatient+%3Cb%3EHandout+%3C%2Fb%3E%7C+Can+Constipation+Cause+%3Cb%3EBack+Pain%3C%2Fb%3E&p=back+pain+exercises+handout&oid=048a3affe1e9fcfef9c5ab7f58628c3d&fr2=&fr=my-myy-s&tt=...+%3Cb%3EBack+Pain+Exercises+%3C%2Fb%3EPatient+%3Cb%3EHandout+%3C%2Fb%3E%7C+Can+Constipation+Cause+%3Cb%3EBack+Pain%3C%2Fb%3E&b=0&ni=21&no=2&ts=&tab=organic&sigr=12ghuvj7f&sigb=13o1qpa6g&sigi=1345vdga6&.crumb=oWVKf6Aloo4&fr=my-myy-s
InternetURL: C:\Users\PFC\Favorites\13 Reviews for Dr. Keenan M. Al-Hojerry  Family Medicine in Portsmouth, NH.url -> hxxp://www.vitals.com/doctors/Dr_Keenan_Al-Hojerry/reviews
InternetURL: C:\Users\PFC\Favorites\2011 ICD-9-CM Diagnosis Codes 339.  Other headache syndromes.url -> hxxp://www.icd9data.com/2011/Volume1/320-389/339-339/339/default.htm
InternetURL: C:\Users\PFC\Favorites\A year with Russia’s reindeer herders – CNN Photos - CNN.com Blogs.url -> hxxp://cnnphotos.blogs.cnn.com/2011/12/08/a-year-with-russias-reindeer-herders/
InternetURL: C:\Users\PFC\Favorites\Allscripts ProSuite Community.url -> hxxp://www.promisepoint.com/allscriptsprosuitelogin/
InternetURL: C:\Users\PFC\Favorites\american imaging portsmouth nh - Yahoo! Search Results.url -> hxxp://search.yahoo.com/search;_ylt=Ar3F.2jQP8bAu3AeIl2s9DZG2vAI?p=american+imaging+portsmouth+nh&fr=my-myy-s&toggle=1&cop=&ei=UTF-8
InternetURL: C:\Users\PFC\Favorites\Appointments at Massachusetts Eye & Ear, Boston, MA  Dr. Gregory W. Randolph, MD.url -> hxxp://gregoryrandolph.md.com/appointments/office/35770
InternetURL: C:\Users\PFC\Favorites\Australian Medical Products And Services.url -> hxxp://www.amps.me/Welch-Allyn-AudioScope-3-Hearing-Screener-Oto-with-Charging-Stand.html
InternetURL: C:\Users\PFC\Favorites\Betty's Dream.url -> hxxp://www.bettysdream.org/page1.html
InternetURL: C:\Users\PFC\Favorites\Bizarre, see-through sea creature baffles angler  GrindTV.com.url -> hxxp://www.grindtv.com/outdoor/nature/post/bizarre-see-through-sea-creature-baffles-angler/
InternetURL: C:\Users\PFC\Favorites\Cardiology CPT.url -> hxxp://www.cmsimedical.com/CUSI/cptcodes.html
InternetURL: C:\Users\PFC\Favorites\Caremark - Prior Authorization Information.url -> https://www.caremark.com/wps/portal/!ut/p/c4/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gnC3NzC-8gw1CXAB8DA08zY1cfD0MXY_dgU_2CbEdFADHSTZw!/
InternetURL: C:\Users\PFC\Favorites\CDC  TB  Testing & Diagnosis.url -> hxxp://www.cdc.gov/tb/topic/testing/
InternetURL: C:\Users\PFC\Favorites\CDC - Seasonal Influenza (Flu) - Q & A Seasonal Flu Vaccine Safety and Pregnant Women.url -> hxxp://www.cdc.gov/flu/protect/vaccine/qa_vacpregnant.htm
InternetURL: C:\Users\PFC\Favorites\City Of Portsmouth, New Hampshire, USA.url -> hxxp://www.cityofportsmouth.com/
InternetURL: C:\Users\PFC\Favorites\CLAD Program « Seacoast Mental Health Center.url -> hxxp://www.smhc-nh.org/services/clad-program/
InternetURL: C:\Users\PFC\Favorites\Coding Ahead List of Preventive Services Covered by Medicare.url -> hxxp://www.codingahead.com/2012/07/list-of-preventive-services-covered-by.html
InternetURL: C:\Users\PFC\Favorites\Coding Ahead Medicare Non-covered ICD-9-CM Codes.url -> hxxp://www.codingahead.com/2012/05/medicare-non-covered-icd-9-cm-codes.html
InternetURL: C:\Users\PFC\Favorites\Contact Us  Holy Family Hospital  Steward Health Care.url -> hxxp://www.holyfamily-hospital.org/ContactUs?__utma=69047688.811891848.1423512304.1423512304.1423512304.1&__utmb=69047688.0.10.1423512304&__utmc=69047688&__utmx=-&__utmz=69047688.1423512304.1.1.utmcsr=google
utmccn=(organic)
utmcmd=organic
utmctr=holy+family+hospital&__utmv=-&__utmk=180227555
InternetURL: C:\Users\PFC\Favorites\Contact Us - Shields.url -> hxxp://www.shields.com/en/MRI/Contact%20Us.aspx
InternetURL: C:\Users\PFC\Favorites\Contact.url -> hxxp://sleepne.com/contact/
InternetURL: C:\Users\PFC\Favorites\CoverMyMeds  Prior Authorization Software.url -> https://www.covermymeds.com/main/
InternetURL: C:\Users\PFC\Favorites\CPT codes for precertifying NCS and EMG.url -> hxxp://www.nervespecialists.com/forms/Codes.html
InternetURL: C:\Users\PFC\Favorites\CT UROGRAM.url -> hxxp://valleyrad.com/downloads/VRC_CTGeneral.pdf
InternetURL: C:\Users\PFC\Favorites\Current local time in Amman, Jordan.url -> hxxp://www.worldtimeserver.com/current_time_in_JO.aspx?city=Amman
InternetURL: C:\Users\PFC\Favorites\Department of Neurology Doctors - Massachusetts General Hospital, Boston, MA.url -> hxxp://www.massgeneral.org/neurology/doctors/
InternetURL: C:\Users\PFC\Favorites\Diabetes & Endocrinology Associates of York Hospital - Offices - York, ME, (Maine).url -> hxxp://www.healthgrades.com/group-directory/maine-me/york/diabetes-endocrinology-associates-of-york-hospital-aeb28611/offices
InternetURL: C:\Users\PFC\Favorites\Diabetes Care-Healthreach Diabetes-Diabetes Fitness - New Hampshire - Exeter Hospital.url -> hxxp://www.exeterhospital.com/services/diabetes-care/
InternetURL: C:\Users\PFC\Favorites\Diabetes Services.url -> hxxp://www.wdhospital.com/body.cfm?id=62
InternetURL: C:\Users\PFC\Favorites\docstoc Make Your Business Better.url -> hxxp://www.docstoc.com/
InternetURL: C:\Users\PFC\Favorites\Dr. Keenan Al-Hojerry - PORTSMOUTH, NH - Family - G.P. - 12 doctor reviews  RateMDs.com.url -> hxxp://www.ratemds.com/doctor-ratings/365908/NH/Portsmouth/Al-Hojerry
InternetURL: C:\Users\PFC\Favorites\Dr. Taraneh Azar, MD  Otolaryngologist in Portsmouth, NH.url -> hxxp://taranehazar.md.com/
InternetURL: C:\Users\PFC\Favorites\ECHO CPT code list - 93350, 93351, 93303 - Medical billing CPT modifiers and list of medicare modifier..url -> hxxp://www.medicalbillingcptmodifiers.com/2011/10/echo-cpt-code-list-93350-93351-93303.html
InternetURL: C:\Users\PFC\Favorites\EMG codes.url -> hxxp://www.neuroland.com/nn/Business/cpt_emg.htm
InternetURL: C:\Users\PFC\Favorites\find a code.url -> hxxp://www.findacode.com/search/search.php
InternetURL: C:\Users\PFC\Favorites\Find a Doctor - Beth Israel Deaconness Medical Center.url -> 0
InternetURL: C:\Users\PFC\Favorites\Health Information Network, Clearinghouse, RCM Workflow  Availity.url -> hxxp://availity.com/
InternetURL: C:\Users\PFC\Favorites\Hearing Aids Fitting & Repair, Hearing Loss & Tinnitus Help - Portsmouth & Stratham, NH - Professional Audiology.url -> hxxp://www.professionalaudiology.com/
InternetURL: C:\Users\PFC\Favorites\Herron and Smith - New Englands Premier HomeCare Equipment Specialists.url -> hxxp://www.herronandsmith.com/
InternetURL: C:\Users\PFC\Favorites\HIDA scan - MayoClinic.com.url -> hxxp://www.mayoclinic.com/health/hida-scan/MY00320
InternetURL: C:\Users\PFC\Favorites\Home Page.url -> hxxp://www.chirofamilydoc.com/
InternetURL: C:\Users\PFC\Favorites\http--portsmouthhospital.com-physicians-profile-Donato-A-Sisto-MD-FACS.url -> hxxp://portsmouthhospital.com/physicians/profile/Donato-A-Sisto-MD-FACS
InternetURL: C:\Users\PFC\Favorites\http--www.amedisys.com-assets-pdfs-home_health_hospice_referrals_amedisys.url -> hxxp://www.amedisys.com/assets/pdfs/home_health_hospice_referrals_amedisys
InternetURL: C:\Users\PFC\Favorites\http--www.medicarepaymentandreimbursement.com-2011-07-holter-monitoring-cpt-93224-93225-93226.html.url -> hxxp://www.medicarepaymentandreimbursement.com/2011/07/holter-monitoring-cpt-93224-93225-93226.html
InternetURL: C:\Users\PFC\Favorites\I need a ICD-9 Code to support billing a breast pump - Medical Coder Jobs  Indeed.com.url -> hxxp://www.indeed.com/forum/job/medical-coder/need-ICD-9-Code-support-billing-breast-pump/t194124
InternetURL: C:\Users\PFC\Favorites\ICD-9 Code Lookup.url -> hxxp://www.cms.gov/medicare-coverage-database/staticpages/icd-9-code-lookup.aspx
InternetURL: C:\Users\PFC\Favorites\Index of -quickguide.url -> hxxp://www.iowaradiology.com/quickguide/
InternetURL: C:\Users\PFC\Favorites\Information for New Hampshire Drivers With Disabilities at DMV.org The DMV Made Simple.url -> hxxp://www.dmv.org/nh-new-hampshire/disabled-drivers.php
InternetURL: C:\Users\PFC\Favorites\Infusion solutions bedford - Yahoo Search Results.url -> hxxp://search.yahoo.com/search;_ylt=Aj.PV6d.6946g8XrDJC8BbNG2vAI;_ylc=X1MDMjE0MjQ3ODk0OARfcgMyBGZyA3VoM19teV93ZWJfZ3MEbl9ncHMDMARvcmlnaW4DbXkueWFob28uY29tBHF1ZXJ5A0luZnVzaW9uIHNvbHV0aW9ucyBiZWRmb3JkBHNhbwMx?p=Infusion+solutions+bedford&type=1button&fr=uh3_my_web_gs
InternetURL: C:\Users\PFC\Favorites\Insulin Sliding Scale Protocol for Type II Diabetic Patients - DOC - DOC.url -> hxxp://www.docstoc.com/docs/34285069/Insulin-Sliding-Scale-Protocol-for-Type-II-Diabetic-Patients---DOC---DOC
InternetURL: C:\Users\PFC\Favorites\Insulin Sliding Scale.url -> hxxp://www.docstoc.com/docs/158422315/Insulin-Sliding-Scale
InternetURL: C:\Users\PFC\Favorites\July 4th Fireworks in York Beach, ME 2014 Fireworks & Parades.url -> hxxp://www.americantowns.com/me/yorkbeach/4th-of-july-2014-fireworks-parades
InternetURL: C:\Users\PFC\Favorites\labcorp LabCorp Home Page.url -> https://www.labcorp.com/wps/portal/
InternetURL: C:\Users\PFC\Favorites\Lahey Hospital & Medical Center  Institute of Urology.url -> hxxp://www.lahey.org/Urology/?_vsignck&_vsrefdom=urology_multiple&utm_campaign=paid&utm_source=bing&utm_medium=cpc
InternetURL: C:\Users\PFC\Favorites\Lanny Y. Xue, MD – Anna Jaques Hospital.url -> hxxp://www.ajh.org/services_and_departments/186-lanny_y_xue_md/view_doctor
InternetURL: C:\Users\PFC\Favorites\Main Entry Page - Online Registration and Accreditation (TCEOnline) - CDC.url -> hxxp://www2a.cdc.gov/TCEOnline/
InternetURL: C:\Users\PFC\Favorites\Maine Medical Center - Computerized Tomography (CT Scan).url -> hxxp://mmc.org/mmc_body.cfm?id=2155
InternetURL: C:\Users\PFC\Favorites\Mantoux Test  - AAPC Medical Coding & Billing Forums.url -> https://www.aapc.com/memberarea/forums/showthread.php?t=9006
InternetURL: C:\Users\PFC\Favorites\Massachusetts General Hospital Cardiology Division Home.url -> hxxp://www.massgeneral.org/cardiology/
InternetURL: C:\Users\PFC\Favorites\medco.com® Physician Services, Medco mail order.url -> hxxp://www.medcohealth.com/medco/corporate/home.jsp?ltSess=y&articleID=CorpHomeDelivery
InternetURL: C:\Users\PFC\Favorites\Medicaid HIPAA Administrative Simplification - Centers for Medicare & Medicaid Services.url -> hxxp://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/MMIS/MedicaidHIPAASim.html
InternetURL: C:\Users\PFC\Favorites\Medical Coding Career ICD 9 code for Antibody Titers.url -> hxxp://medical-coding-carers.blogspot.com/2010/01/icd-coding-for-titers.html
InternetURL: C:\Users\PFC\Favorites\Medical Examiners & Assistants.url -> https://nationalregistry.fmcsa.dot.gov/NRPublicUI/MedExAssist.seam
InternetURL: C:\Users\PFC\Favorites\Medicare Coverage Database – Centers for Medicare & Medicaid Services.url -> hxxp://www.cms.gov/medicare-coverage-database/
InternetURL: C:\Users\PFC\Favorites\Midmark-Ritter M9 Ultraclave - Automatic Autoclave Sterilizer (9 Chamber) - Booth Medical.url -> hxxp://www.boothmed.com/midmark-ritter-m9-autoclave-ultraclave/
InternetURL: C:\Users\PFC\Favorites\Moore Medical, Medical Supplies, Surgical Supplies & Exam Room Supplies.url -> https://www.mooremedical.com/Index.cfm?Nao=0&Search=Search&Ntx=mode+matchpartialmax&Ntk=all&Ns=Searchorder%7C0%7C&No=0&Ntt=sterilizer
InternetURL: C:\Users\PFC\Favorites\My Rock-Bottom Mom Moment Caught on Camera  Parenting - Yahoo Shine.url -> hxxp://shine.yahoo.com/parenting/my-rock-bottom-mom-moment-caught-on-camera-153727765.html
InternetURL: C:\Users\PFC\Favorites\National Coverage Determination (NCD) for Thyroid Testing (190.22).url -> hxxp://www.cms.gov/medicare-coverage-database/details/ncd-details.aspx?NCDId=101&ncdver=1&CALId=138&CalName=Thyroid+Testing+(Inclusion+of+ICD-9-CM+Code+733.02+for+Idiopathic+Osteoporosis)&IsPopup=y&bc=AAAAAAABAAAA&
InternetURL: C:\Users\PFC\Favorites\National Plan & Provider Enumeration System - Home Page.url -> https://nppes.cms.hhs.gov/NPPES/Welcome.do
InternetURL: C:\Users\PFC\Favorites\NPI Lookup - Find Doctors NPI Number.url -> hxxp://npidb.org/npi/
InternetURL: C:\Users\PFC\Favorites\Offices  Dr. Constance M. Passas, MD  Rheumatologist in Dover, NH.url -> hxxp://constancepassas.md.com/offices
InternetURL: C:\Users\PFC\Favorites\Omron Replacement Blood Pressure Cuff - Medium.url -> hxxp://www.heartratemonitorsusa.com/omron-cuff.html
InternetURL: C:\Users\PFC\Favorites\Opum Rx fax rx form.url -> https://www.optumrx.com/vgnlive/HCP/Assets/PDF/ORxQuickFax.pdf
InternetURL: C:\Users\PFC\Favorites\Ordering Sleep Studies (FOR PHYSICIANS ONLY).url -> hxxp://www.tmh.org/OrderingSleepStudiesFORPHYSICIANSONLY
InternetURL: C:\Users\PFC\Favorites\OSHA WARNING Warning Blank Write-On Sign OWE-L-BLANK Custom.url -> hxxp://www.compliancesigns.com/OWE-L_BLANK.shtml
InternetURL: C:\Users\PFC\Favorites\Pay Medicare » ICD 9 Code Physical.url -> hxxp://www.paymedicare.com/icd-9-code-physical/
InternetURL: C:\Users\PFC\Favorites\pcg Portsmouth NH's Expert Managed IT Services Company.url -> hxxp://www.pcgit.com/
InternetURL: C:\Users\PFC\Favorites\Physicians.url -> hxxp://wdhospital.com/body.cfm?id=242
InternetURL: C:\Users\PFC\Favorites\Portsmouth Foot & Ankle Care - Dr. Sartori & Baczewski - Foot Doctor Portsmouth, NH.url -> hxxp://www.portsmouthfootandankle.com/
InternetURL: C:\Users\PFC\Favorites\Portsmouth, NH - Affordable, Convenient, Primary Health and Medical Care - New Hampshire Seacoast  Lafayette Family Care.url -> hxxp://lafayettefamilycare.com/
InternetURL: C:\Users\PFC\Favorites\Pre-Authorizations.url -> https://martinspoint.org/for-providers/preauthorizations
InternetURL: C:\Users\PFC\Favorites\Prescription Monitoring Program - Informational Page.url -> hxxp://www.nh.gov/pharmacy/prescription-monitoring/
InternetURL: C:\Users\PFC\Favorites\ProviderPortal 2.0.url -> https://www.providerportal.com/
InternetURL: C:\Users\PFC\Favorites\Psych Central - Diagnostic Codes for Anxiety Disorders (DSM).url -> hxxp://psychcentral.com/disorders/sx24-c.htm
InternetURL: C:\Users\PFC\Favorites\Radiology.url -> hxxp://www.wdhospital.com/body.cfm?id=445
InternetURL: C:\Users\PFC\Favorites\Reimbursement Codes For Bone Densitometry.url -> hxxp://www.mechealthcareonline.com/t-bone_densitometry_reimbursement1.aspx
InternetURL: C:\Users\PFC\Favorites\Request Prior Authorization - Express-Scripts.com.url -> hxxp://www.express-scripts.com/services/physicians/pa/
InternetURL: C:\Users\PFC\Favorites\Rockingham VNA and Hospice (219324) - Home Health Care and more in Exeter, NH.url -> hxxp://www.providerdata.com/exeter-nh/219324/rockingham-vna-and-hospice.aspx
InternetURL: C:\Users\PFC\Favorites\Schedule an online appointment with Dr. Danette Cole, D.C. in Exeter, New Hampshire.url -> hxxp://www.genbook.com/bookings/slot/reservation/30184828
InternetURL: C:\Users\PFC\Favorites\Sell Us Your Autoclave Sterilizer - Working or Not.url -> hxxp://www.boothmed.com/autoclave-trade-in/
InternetURL: C:\Users\PFC\Favorites\September 2014 Portsmouth calendar of classes at Art with a Splash.url -> hxxp://www.artwithasplash.com/5calendarSEPT2014.html
InternetURL: C:\Users\PFC\Favorites\services.bidmc.org-Find_a_doc-doc_detail.aspsid=41415043474742.url -> 0
InternetURL: C:\Users\PFC\Favorites\Should You Bill Injection With TB Test.url -> hxxp://codingnews.inhealthcare.com/coding-challenge/should-you-bill-injection-with-tb-test/
InternetURL: C:\Users\PFC\Favorites\Sleep Resources Sleep Studies.url -> hxxp://www.sleepresources.com/pages/Studies.html
InternetURL: C:\Users\PFC\Favorites\State of New Hampshire  Web Portal  Main.url -> https://newhampshire.magellanmedicaid.com/portal/spring/main?execution=e1s2
InternetURL: C:\Users\PFC\Favorites\Stress Echocardiogram.url -> hxxp://www.vcscardiology.com.au/services/stress-echocardiogram
InternetURL: C:\Users\PFC\Favorites\Structured Adult ADHD Self-Test (SAAST) Test Yourself for ADHD.url -> hxxp://counsellingresource.com/lib/quizzes/adhd-testing/adhd-test/
InternetURL: C:\Users\PFC\Favorites\The Scoop On Finding Cheap Test Strips and Meters - Costs & Insurance - Diabetes.url -> hxxp://www.healthcentral.com/diabetes/c/9993/84117/finding-meters
InternetURL: C:\Users\PFC\Favorites\TiLite TR Series 3 - TiLite Rigid Wheelchairs.url -> hxxp://www.spinlife.com/TiLite-TR-Series-3-Rigid-Wheelchair/spec.cfm?productID=96733
InternetURL: C:\Users\PFC\Favorites\Transcript - Online Registration and Accreditation (TCEOnline) - CDC.url -> hxxp://www2a.cdc.gov/TCEOnline/transcript.asp?ShowGrades=
InternetURL: C:\Users\PFC\Favorites\Travel Medicine  Travel clinics  Travel vaccines  Travel immunizations  yellow fever vaccines.url -> hxxp://www.travmed.com/clinics/index.html?mode=st&st=NH
InternetURL: C:\Users\PFC\Favorites\Travel Medicine-Clinic-Vacation-Yellow Fever - New Hampshire - Core Physicians.url -> hxxp://www.corephysicians.org/services/travel-medicine/
InternetURL: C:\Users\PFC\Favorites\Tufts Health Plan  Providers  Forms Resources  Prov Forms.url -> hxxp://www.tuftshealthplan.com/providers/provider.php?sec=forms_resources&content=prov_forms&WT.mc_id=providers_help_me_find_forms&WT.mc_ev=click
InternetURL: C:\Users\PFC\Favorites\Tufts Health Plan Navigator.url -> hxxp://www.mass.gov/anf/employee-insurance-and-retirement-benefits/employee-health-and-other-insurance-benefits/health-plans/active-state-employees/tufts-health-plan-navigator.html
InternetURL: C:\Users\PFC\Favorites\vaccines Pubs-VIS-Fact Sheet.url -> hxxp://www.cdc.gov/vaccines/pubs/vis/vis-facts.htm
InternetURL: C:\Users\PFC\Favorites\Vibrant Health Naturopathic Medical Center.url -> hxxp://www.vibranthealthnaturalmedicine.com/
InternetURL: C:\Users\PFC\Favorites\Walk-In Urgent Care in Lee.url -> hxxp://www.wdhospital.com/body.cfm?id=355
InternetURL: C:\Users\PFC\Favorites\Welcome to Access Vaccines.url -> hxxp://accessvaccines.com/contactus.html
InternetURL: C:\Users\PFC\Favorites\Welcome to Health PAS-Online.url -> https://mainecare.maine.gov/Provider%20Forms/Forms/Publication.aspx
InternetURL: C:\Users\PFC\Favorites\What 4-Year-Olds Should Never Do  Parenting - Yahoo Shine.url -> hxxp://shine.yahoo.com/parenting/what-4-year-olds-should-never-do-210739219.html
InternetURL: C:\Users\PFC\Favorites\Wix.com DrAl-Hojerry created by SplashDesign based on BodyCare Center  Wix.com.url -> hxxp://splashdesign.wix.com/dral-hojerry
InternetURL: C:\Users\PFC\Favorites\Young's Experiment.url -> hxxp://www.physicsclassroom.com/class/light/Lesson-3/Young-s-Experiment
InternetURL: C:\Users\PFC\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\PFC\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\PFC\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\PFC\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\PFC\Favorites\Tess\Lahey Clinic Medical Center, North Shore  Lahey Clinic.url -> hxxp://www.lahey.org/NorthShore/
InternetURL: C:\Users\PFC\Favorites\Tess\Nutrition Connection of Portsmouth Regional Hospital, Portsmouth, NH (New Hampshire)  Upspring.url -> hxxp://www.upspring.com/nutrition-connection-of-portsmouth-regional-hospital-portsmouth-nh.html
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\PFC\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\PFC\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\PFC\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\PFC\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\PFC\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\PFC\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\PFC\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\PFC\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\PFC\Favorites\Links\My Yahoo! (2).url -> hxxp://my.yahoo.com/
InternetURL: C:\Users\PFC\Favorites\Links\My Yahoo!.url -> hxxp://my.yahoo.com/
InternetURL: C:\Users\PFC\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\PFC\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\PFC\Desktop\Allscripts Pro Suite.url -> https://prosuite.allscriptscloud.com/RDWeb/Pages/en-US/default.aspx
InternetURL: C:\Users\PFC\Desktop\MetaFrame Presentation Server Log In.url -> https://services.medicalhealthcaresolutions.com/Citrix/MetaFrame/auth/login.aspx
InternetURL: C:\Users\PFC\Desktop\Portsmouth Hospital.url -> https://capital.ns.medcity.net/Citrix/Capital/
 
==================== End of log =============================
 

 



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:50 AM

Posted 05 May 2015 - 11:05 AM

Hi there,

unfortunately your computer got badly infected with malware (Teslacrypt). :(

Whereas, Service Pack 1 is missing, I can recommend only:

1. Try the Tesla Decryptor

http://www.bleepingcomputer.com/forums/t/568525/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/

http://www.bleepingcomputer.com/forums/t/574560/ciscos-talos-group-releases-decryptor-for-teslacrypt/

http://blogs.cisco.com/security/talos/teslacrypt

2. Reinstall the operating system with a SP1 DVD


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:50 AM

Posted 10 May 2015 - 04:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users