Jump to content

Recommended Posts

Hi.  I'm the victim of a virus which seems to run svchost.exe *32, which also sends/receives information to/from a bunch of IP addresses.  I can kill the svchost.exe *32 process, but it starts up again in about 10 minutes.  I have tried running McAfee VirusScan, MalwareBytes and Kapersky TDSS Killer, but they don't remove the virus.  MalwareBytes, when left running, would keep it from starting back up (and from trying to contact webpages), but nothing would remove it.  Please help!

 

Here are my logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.51.2
Run by Marcus at 0:25:34 on 2014-03-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8190.5550 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{990D3E30-6E20-469C-8F45-57D79527A5A7} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [skytel] Skytel.exe
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
x64-Run: [RTSS] <no file>
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Hosts: 10.13.1.11 VCottage-dc01
Hosts: 10.13.2.10 pro-fs01
.
============= SERVICES / DRIVERS ===============
.
R0 adp3132;Adaptec AAR-1220SA SATA device Driver;C:\Windows\System32\drivers\adp3132.sys [2012-9-24 389720]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-9-24 27648]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-9 65657]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-12 560528]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\atl01v64.sys [2012-9-23 58880]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-1-30 2725376]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acsint;acsint;C:\Windows\System32\drivers\acsint64.sys [2013-12-12 49520]
S3 acsmux;acsmux;C:\Windows\System32\drivers\acsmux64.sys [2013-12-12 73584]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2012-9-24 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-9-24 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-12 22:21:57 90015360 ----a-w- C:\Windows\System32\mrt.exe
2014-02-23 07:12:29 17847808 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45 10926592 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-23 06:46:08 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-23 05:50:22 12347904 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys
2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll
2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH:  0:26:24.35 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/23/2012 11:38:03 PM
System Uptime: 3/25/2014 12:03:41 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5K
Processor: Intel® Core2 Quad CPU    Q8400  @ 2.66GHz | LGA775 | 2681/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 465 GiB total, 272.644 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 117.557 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP880: 3/14/2014 9:01:06 PM - Installed DirectX
RP882: 3/15/2014 11:54:22 AM - Scheduled Checkpoint
RP883: 3/16/2014 7:00:01 PM - Windows Backup
RP885: 3/18/2014 8:21:41 AM - Windows Update
RP887: 3/19/2014 2:04:58 PM - Scheduled Checkpoint
RP888: 3/19/2014 7:03:06 PM - Installed Cool & Quiet
RP890: 3/20/2014 7:08:39 PM - Scheduled Checkpoint
RP892: 3/21/2014 1:20:38 PM - Scheduled Checkpoint
RP894: 3/24/2014 9:29:05 PM - Installed McAfee VirusScan Enterprise.
RP895: 3/24/2014 11:04:25 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.9)
AI Suite
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Xonar Essence STX Audio Driver
Attansic L1 Gigabit Ethernet Driver
BitTorrent
Bonjour
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Cool & Quiet
CyberSky
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
DVD Flick 1.3.0.7
EPSON Printer Software
EPSON Scan
Fallout 3 Patch v1.3.0
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java 7 Update 51
Java Auto Updater
JavaFX 2.0.3
LightScribe Applications
LightScribe System Software
LightScribe Template Labeler
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.2.0
Mount & Blade: With Fire and Sword
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nero 7 Essentials
Nexus Mod Manager
NOOK for PC
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA Graphics Driver 320.49
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Update 1.12.12
NVIDIA Update Components
OpenAL
PC Probe II
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sid Meier's Civilization V
Skype™ 6.11
Sony Picture Utility
Steam
TechPowerUp GPU-Z
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.3
VoiceOver Kit
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/25/2014 12:08:18 AM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x8050a001   Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.    Signatures loading: Backup   Loading signature version: 1.169.31.0   Loading engine version: 1.1.10302.0
3/25/2014 12:07:59 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/25/2014 12:07:59 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Tablet PC Input Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The ReadyBoost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2014 9:37:54 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2014 9:31:30 PM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/24/2014 10:52:55 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/24/2014 10:52:52 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO DfsC i8042prt mfehidk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The PST Service service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/24/2014 10:52:52 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
3/24/2014 10:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/24/2014 10:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/24/2014 10:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/24/2014 10:52:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/24/2014 10:52:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/24/2014 10:23:10 PM, Error: Schannel [36874]  - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/24/2014 10:08:26 PM, Error: EventLog [6008]  - The previous system shutdown at 10:04:41 PM on 3/24/2014 was unexpected.
3/21/2014 11:24:40 PM, Error: EventLog [6008]  - The previous system shutdown at 10:35:35 PM on 3/21/2014 was unexpected.
3/21/2014 10:03:39 PM, Error: EventLog [6008]  - The previous system shutdown at 4:47:57 PM on 3/21/2014 was unexpected.
3/20/2014 8:14:39 AM, Error: EventLog [6008]  - The previous system shutdown at 1:56:26 AM on 3/20/2014 was unexpected.
3/19/2014 6:07:33 PM, Error: EventLog [6008]  - The previous system shutdown at 5:24:27 PM on 3/19/2014 was unexpected.
3/19/2014 5:22:49 PM, Error: EventLog [6008]  - The previous system shutdown at 5:19:40 PM on 3/19/2014 was unexpected.
3/19/2014 5:16:45 PM, Error: EventLog [6008]  - The previous system shutdown at 5:14:35 PM on 3/19/2014 was unexpected.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software
 

 

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi

Link to post
Share on other sites

Thanks, Georgi, and I will do that tonight.  One quick question - should I kill the svchost.exe *32 process (and the associated virus activity/noise) before I install and run Farbar?  Or should I just let the virus do its thing while I'm installing and running Farbar?  Let me know, thanks.

Link to post
Share on other sites

I ran Farbar, and here are the results.  It generated a FRST.txt, Addition.txt and Shortcut.txt, which I'll post separately.  Let me know what to do from here!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Marcus (administrator) on MARCUS-PC on 25-03-2014 18:38:01
Running from G:\
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [5055488 2007-03-24] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1822720 2007-03-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Cmaudio8788] - C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [RivaTunerStartupDaemon] - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe [24576 2009-08-22] ()
HKLM\...\Run: [RTSS] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Ai Nap] - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1413120 2008-01-28] ()
HKLM-x32\...\Run: [CPU Power Monitor] - C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [627200 2008-01-09] ()
HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {e89840bc-05e1-11e2-9132-806e6f6e6963} - F:\.\Bin\Assetup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-21] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49520 2013-12-12] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73584 2013-12-12] (Cisco Systems, Inc.)
R0 adp3132; C:\Windows\System32\drivers\adp3132.sys [389720 2010-10-19] (Adaptec, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01v64.sys [58880 2007-03-15] (Attansic Technology corporation.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-03-30] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\System32\DRIVERS\acsint64.sys 7A882D5BE87AE21B6E928D6C541295FB
C:\Windows\System32\DRIVERS\acsmux64.sys 8F9DF252919FA3943D9913EF5241904B
C:\Windows\System32\drivers\adp3132.sys FE563D2BCCD063A7D7ABC071983AA2EE
C:\Windows\system32\drivers\adp94xx.sys 9137451D37BA1C325CD6C2DEF3D2D692
C:\Windows\system32\drivers\adpahci.sys 01F80898DF5CC7DF19B3B11351846263
C:\Windows\system32\drivers\adpu160m.sys DA001DB13FFF45DFE9109936E265B7CC
C:\Windows\system32\drivers\adpu320.sys 2B10C35C5B7C5C0C28F572E035319602
C:\Windows\system32\drivers\afd.sys 2BA159E1F9FD75F6A496742B20F1D9CF
C:\Windows\system32\drivers\agp440.sys 5CCDD13BC602AE33CD8B62D33C29AB72
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys DE55DC52F7CEB89A967572D6B491ADA2
C:\Windows\system32\drivers\arc.sys 2E8623F2FED998A97129A3DB919551C8
C:\Windows\system32\drivers\arcsas.sys 741A003C041A3EC480A2E71AF71E9654
C:\Windows\SysWow64\drivers\AsIO.sys 68726474C69B738EAC3A62E06B33ADDC
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DRIVERS\atl01v64.sys 93B74ACE2B50276ACFD0A78FAE790022
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys F28F00596824058BC61D5EDF434C9B82
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\System32\drivers\cmudaxp.sys 0367F029425CBD5506E8DB2757FF3A8F
C:\Windows\system32\drivers\compbatt.sys 0E77A445640BF310817F60941C50560C
C:\Windows\System32\drivers\crcdisk.sys B1192DCD5B9CF46BEED0E2A9E5BCF59A
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 0A3C78677FF62E9E0AE7CC25C790A968
C:\Windows\System32\DRIVERS\E1G6032E.sys D57FE09B575545738A73A0C193D0616A
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys 3D6298AFF3FE06C0616CE5D090A3EEAA
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys B54520CC7B4B55134D7527B1CD3FC1F2
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\HdAudio.sys DF45F8142DC6DF9D18C39B3EFFBD0409
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys 8EDC820115DF1E04763B2923676EA5B2
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys F2901763845570ECAC48E6A50EC50812
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 72C3EE7EA3CD75A772E62AE0E5DF8B8C
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys DFE66F9C8B74BAFBC1C54052552571FF
C:\Windows\system32\drivers\intelide.sys 36A266C673812878996F72B200203FBB
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys EACDBBE429C6D170BDEEE0EFFCBC317B
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys D3BB520B31F28C1A065CD058E762EE73
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys 1572F8D999C0AB4376AFDCE058A78DF9
C:\Windows\system32\drivers\lsi_sas.sys 64470979C3E3C9FF60EDFB5230C56E0E
C:\Windows\system32\drivers\lsi_scsi.sys 4CED7D3B54BFC5BBAE75C4A73C7F7428
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\megasas.sys 2F631C2939D5F2E8958935EE701D70D7
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys ED48EAC719EE28DB773359EB1B06E2B5
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys EEADF970795148BFBB1DB3ABCC89C16B
C:\Windows\system32\drivers\msdsm.sys 96D7C0A1B98434C6E4FF0C2E26A0E20A
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\DRIVERS\ASACPI.sys 6936198F2CC25B39CF5262436C80DF46
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvlddmkm.sys EE6B7B6A54BCAFF516E30B1C15467495
C:\Windows\system32\drivers\nvraid.sys 840EEB44DC49317A6161961F7682CD99
C:\Windows\system32\drivers\nvstor.sys 94C5334040A5D500897F4C5FD12AEEDE
C:\Windows\system32\drivers\nv_agp.sys AA1B6C86A4763502E20B65C025F39BAD
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 6BC78E5F12CBB74E7930AAAA4A0DB387
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 4A29D25704917161BAD9B4659A248DFD
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\atikmdag.sys 2A09A6B271D1F50ADF5E33B37D460DE6
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys 2D98DDA8EDCE73DF99854BF3692CCC87
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys A10B40CF9EB57D24E44717A2D38A00F4
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 2449316316411D65BD2C761A6FFB2CE2
C:\Windows\System32\DRIVERS\serial.sys 4B438170BE2FC8E0BD35EE87A960F84F
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 541B32F8D6B2DCB92EC43BAB267E79EA
C:\Windows\system32\drivers\sffp_mmc.sys 446E7CCA3325C7E0AE0FDE7F73CDD9C2
C:\Windows\system32\drivers\sffp_sd.sys 67EDC221348911E895AF51C57D9A3725
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 08DDA16573FA44F8B13AFE74597AD2E5
C:\Windows\system32\drivers\sisraid4.sys C52259E9DAAF3890D572D87FFEE0979E
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\DRIVERS\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys E4722DFBD6232ACF17543EF2C2DCE8D2
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 5663D7696ABBE71F8C9D915C5374118A
C:\Windows\system32\drivers\uliahci.sys 6030B68E86A30D1B315B51C4D7778B16
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279
C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4
C:\Windows\System32\DRIVERS\usb8023x.sys C690C8B45DB67DBA284B72D1FD649D2C
C:\Windows\System32\DRIVERS\vgapnp.sys 2998DC48905E9B4821AD8FD75B3E070C
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\System32\DRIVERS\vpnva64.sys A8D4FED106B4BD337DF3DA20BA44E18E
C:\Windows\system32\drivers\vsmraid.sys 410AE2C141142C58BC617FC2C677F8B0
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 59B501B0A04C9672142B7FFA2BDBF663
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys AE34218455D5DC12D1E45DE85F160346
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-25 18:37 - 2014-03-25 18:38 - 00000000 ____D () C:\FRST
2014-03-25 00:14 - 2014-03-25 00:14 - 00000081 _____ () C:\Windows\system32\uhkxk.vaz
2014-03-25 00:04 - 2014-03-25 00:04 - 00000064 _____ () C:\Windows\system32\mkrvp.nda
2014-03-25 00:04 - 2014-03-25 00:04 - 00000000 _____ () C:\Windows\system32\dzvvnl.spr
2014-03-24 22:59 - 2014-03-24 22:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 22:59 - 2014-03-24 22:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-24 22:16 - 2014-03-24 22:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-24 21:29 - 2014-03-24 21:29 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-24 21:28 - 2014-03-24 21:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-20 14:10 - 2014-03-20 14:10 - 00377857 ____S () C:\Windows\system32\vhvvyqd.spn
2014-03-19 19:03 - 2008-01-04 13:34 - 00011832 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2014-03-19 19:03 - 2008-01-04 13:34 - 00010216 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2014-03-14 21:01 - 2014-03-14 21:01 - 00421592 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI71D2.txt
2014-03-14 21:01 - 2014-03-14 21:01 - 00011240 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI71D2.txt
2014-03-12 18:23 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 18:23 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 18:23 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 18:23 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 18:23 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 18:23 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 18:23 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 18:23 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 18:23 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 18:23 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 18:23 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 18:23 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 18:23 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 18:23 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 18:23 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 18:23 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 18:23 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 18:23 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 18:23 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 18:23 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 18:23 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 18:23 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 18:23 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-12 18:23 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 18:23 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 18:23 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 18:23 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 18:23 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 18:23 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-12 18:23 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 18:23 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-12 18:23 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 18:20 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:20 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:20 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 18:20 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:20 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:20 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-12 18:20 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-02 00:43 - 2014-03-02 00:43 - 00436070 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI2452.txt
2014-03-02 00:43 - 2014-03-02 00:43 - 00011384 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI2452.txt

==================== One Month Modified Files and Folders =======

2014-03-25 18:38 - 2014-03-25 18:37 - 00000000 ____D () C:\FRST
2014-03-25 18:37 - 2013-08-10 22:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-25 18:37 - 2012-09-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-25 18:37 - 2006-11-02 11:27 - 00001987 _____ () C:\Windows\setupact.log
2014-03-25 18:35 - 2013-08-10 22:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 18:35 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-25 18:35 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 18:35 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 04:02 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-25 04:02 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-25 04:02 - 2006-11-02 08:33 - 73924608 _____ () C:\Windows\system32\config\software_previous
2014-03-25 04:02 - 2006-11-02 08:33 - 20709376 _____ () C:\Windows\system32\config\system_previous
2014-03-25 04:01 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-25 00:44 - 2006-11-02 11:42 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 00:44 - 2006-11-02 11:27 - 01182437 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 00:14 - 2014-03-25 00:14 - 00000081 _____ () C:\Windows\system32\uhkxk.vaz
2014-03-25 00:11 - 2006-11-02 08:46 - 00843778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-25 00:07 - 2012-09-28 21:29 - 00000000 ____D () C:\Users\Marcus\Documents\Outlook Files
2014-03-25 00:04 - 2014-03-25 00:04 - 00000064 _____ () C:\Windows\system32\mkrvp.nda
2014-03-25 00:04 - 2014-03-25 00:04 - 00000000 _____ () C:\Windows\system32\dzvvnl.spr
2014-03-25 00:04 - 2012-09-23 20:42 - 00000000 ____D () C:\Users\Marcus
2014-03-24 23:53 - 2006-11-02 08:33 - 60030976 _____ () C:\Windows\system32\config\components_previous
2014-03-24 23:53 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-24 23:53 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-24 23:53 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-03-24 22:59 - 2014-03-24 22:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 22:59 - 2014-03-24 22:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-24 22:16 - 2014-03-24 22:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-24 21:29 - 2014-03-24 21:29 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-24 21:29 - 2012-11-09 09:02 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-24 21:28 - 2014-03-24 21:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-20 21:35 - 2012-09-28 20:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-20 17:07 - 2013-02-05 12:35 - 00003694 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98C3FDA4-2311-476E-8E0E-49787E61C174}
2014-03-20 14:10 - 2014-03-20 14:10 - 00377857 ____S () C:\Windows\system32\vhvvyqd.spn
2014-03-19 19:03 - 2012-09-23 21:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-19 19:03 - 2012-09-23 21:34 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-18 19:31 - 2012-09-23 22:55 - 00096768 _____ () C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-18 10:55 - 2012-09-26 21:05 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\DVD Flick
2014-03-17 12:43 - 2012-07-15 03:00 - 00002032 _____ () C:\Users\Marcus\AppData\Local\d3d9caps.dat
2014-03-16 15:02 - 2012-06-24 02:57 - 00000000 ____D () C:\Users\Marcus\AppData\Local\dxhr
2014-03-14 21:02 - 2012-09-25 21:59 - 00245006 _____ () C:\Windows\DirectX.log
2014-03-14 21:01 - 2014-03-14 21:01 - 00421592 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI71D2.txt
2014-03-14 21:01 - 2014-03-14 21:01 - 00011240 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI71D2.txt
2014-03-13 08:44 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-13 08:28 - 2006-11-02 11:21 - 00307128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 18:23 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 18:21 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-10 22:26 - 2011-09-06 21:37 - 00000000 ____D () C:\Users\Marcus\Downloads\Adaptec
2014-03-02 00:43 - 2014-03-02 00:43 - 00436070 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI2452.txt
2014-03-02 00:43 - 2014-03-02 00:43 - 00011384 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI2452.txt
2014-03-01 17:41 - 2011-10-28 22:37 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-01 12:52 - 2012-09-16 21:09 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\vlc
2014-02-28 10:55 - 2011-11-26 22:36 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Microsoft Games
2014-02-23 03:12 - 2014-03-12 18:23 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-12 18:23 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-12 18:23 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-12 18:23 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-12 18:23 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-12 18:23 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-12 18:23 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-12 18:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-12 18:23 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-12 18:23 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-12 18:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-12 18:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-12 18:23 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-12 18:23 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-12 18:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-12 18:23 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-12 18:23 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-12 18:23 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-12 18:23 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-12 18:23 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-12 18:23 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-12 18:23 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-12 18:23 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-12 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-12 18:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-12 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-12 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-12 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-12 18:23 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-12 18:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-12 18:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-12 18:23 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\AutoRun.exe
C:\Users\Marcus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marcus\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Marcus\AppData\Local\Temp\First15.exe
C:\Users\Marcus\AppData\Local\Temp\jna101877831104565892.dll
C:\Users\Marcus\AppData\Local\Temp\jna1024765085071141632.dll
C:\Users\Marcus\AppData\Local\Temp\jna1223583318868885992.dll
C:\Users\Marcus\AppData\Local\Temp\jna1300857746197207191.dll
C:\Users\Marcus\AppData\Local\Temp\jna1484557892715043910.dll
C:\Users\Marcus\AppData\Local\Temp\jna1510273146879951324.dll
C:\Users\Marcus\AppData\Local\Temp\jna1687329771789930100.dll
C:\Users\Marcus\AppData\Local\Temp\jna1721993488100836317.dll
C:\Users\Marcus\AppData\Local\Temp\jna1870158659052889913.dll
C:\Users\Marcus\AppData\Local\Temp\jna2126163562823180848.dll
C:\Users\Marcus\AppData\Local\Temp\jna2139066962463339775.dll
C:\Users\Marcus\AppData\Local\Temp\jna2204873275770221060.dll
C:\Users\Marcus\AppData\Local\Temp\jna2234503642542173962.dll
C:\Users\Marcus\AppData\Local\Temp\jna2260381174618023781.dll
C:\Users\Marcus\AppData\Local\Temp\jna2286009074902652417.dll
C:\Users\Marcus\AppData\Local\Temp\jna2585659543394463358.dll
C:\Users\Marcus\AppData\Local\Temp\jna2621903150090797691.dll
C:\Users\Marcus\AppData\Local\Temp\jna2675652222371527777.dll
C:\Users\Marcus\AppData\Local\Temp\jna273765670158409987.dll
C:\Users\Marcus\AppData\Local\Temp\jna2800365082381352275.dll
C:\Users\Marcus\AppData\Local\Temp\jna2828341051729692148.dll
C:\Users\Marcus\AppData\Local\Temp\jna2866935142323829876.dll
C:\Users\Marcus\AppData\Local\Temp\jna2882751094354546565.dll
C:\Users\Marcus\AppData\Local\Temp\jna2995975860405264855.dll
C:\Users\Marcus\AppData\Local\Temp\jna3004663076835991798.dll
C:\Users\Marcus\AppData\Local\Temp\jna3300559007545883950.dll
C:\Users\Marcus\AppData\Local\Temp\jna3373800435867408712.dll
C:\Users\Marcus\AppData\Local\Temp\jna3585760590885931899.dll
C:\Users\Marcus\AppData\Local\Temp\jna3600008224513824503.dll
C:\Users\Marcus\AppData\Local\Temp\jna3708740131189411525.dll
C:\Users\Marcus\AppData\Local\Temp\jna3710256504110824705.dll
C:\Users\Marcus\AppData\Local\Temp\jna3722129531418021170.dll
C:\Users\Marcus\AppData\Local\Temp\jna3785516003379133720.dll
C:\Users\Marcus\AppData\Local\Temp\jna401033534863268744.dll
C:\Users\Marcus\AppData\Local\Temp\jna4019168868598347829.dll
C:\Users\Marcus\AppData\Local\Temp\jna401942120308642427.dll
C:\Users\Marcus\AppData\Local\Temp\jna410962023546683880.dll
C:\Users\Marcus\AppData\Local\Temp\jna4132282375104272685.dll
C:\Users\Marcus\AppData\Local\Temp\jna4328474993934724042.dll
C:\Users\Marcus\AppData\Local\Temp\jna4329650959848061044.dll
C:\Users\Marcus\AppData\Local\Temp\jna4422157617163113013.dll
C:\Users\Marcus\AppData\Local\Temp\jna4438590302430943206.dll
C:\Users\Marcus\AppData\Local\Temp\jna4475219578224262047.dll
C:\Users\Marcus\AppData\Local\Temp\jna4761382200642166654.dll
C:\Users\Marcus\AppData\Local\Temp\jna478309836541462560.dll
C:\Users\Marcus\AppData\Local\Temp\jna4940237423677345215.dll
C:\Users\Marcus\AppData\Local\Temp\jna5153589800679369672.dll
C:\Users\Marcus\AppData\Local\Temp\jna519906753946441416.dll
C:\Users\Marcus\AppData\Local\Temp\jna5234755821960401521.dll
C:\Users\Marcus\AppData\Local\Temp\jna5356804695076367034.dll
C:\Users\Marcus\AppData\Local\Temp\jna5381495348826390072.dll
C:\Users\Marcus\AppData\Local\Temp\jna5464336967493205332.dll
C:\Users\Marcus\AppData\Local\Temp\jna5517410164465893235.dll
C:\Users\Marcus\AppData\Local\Temp\jna5750623849565345522.dll
C:\Users\Marcus\AppData\Local\Temp\jna5815157195701033130.dll
C:\Users\Marcus\AppData\Local\Temp\jna5857389806100794984.dll
C:\Users\Marcus\AppData\Local\Temp\jna5985237739945327773.dll
C:\Users\Marcus\AppData\Local\Temp\jna6042277037400566753.dll
C:\Users\Marcus\AppData\Local\Temp\jna6157604472680708842.dll
C:\Users\Marcus\AppData\Local\Temp\jna620960555254192455.dll
C:\Users\Marcus\AppData\Local\Temp\jna6276420374120479640.dll
C:\Users\Marcus\AppData\Local\Temp\jna6407306211862018950.dll
C:\Users\Marcus\AppData\Local\Temp\jna6462639980420329364.dll
C:\Users\Marcus\AppData\Local\Temp\jna6696998118851376082.dll
C:\Users\Marcus\AppData\Local\Temp\jna6735076293585662535.dll
C:\Users\Marcus\AppData\Local\Temp\jna6774954274044062968.dll
C:\Users\Marcus\AppData\Local\Temp\jna6823407265046033711.dll
C:\Users\Marcus\AppData\Local\Temp\jna684606979021091383.dll
C:\Users\Marcus\AppData\Local\Temp\jna6876297891848525476.dll
C:\Users\Marcus\AppData\Local\Temp\jna7044266519194423198.dll
C:\Users\Marcus\AppData\Local\Temp\jna7191703344544632784.dll
C:\Users\Marcus\AppData\Local\Temp\jna7534797665505737402.dll
C:\Users\Marcus\AppData\Local\Temp\jna7809930288651551282.dll
C:\Users\Marcus\AppData\Local\Temp\jna8093420182529587502.dll
C:\Users\Marcus\AppData\Local\Temp\jna8379211035867186927.dll
C:\Users\Marcus\AppData\Local\Temp\jna8782732933750985484.dll
C:\Users\Marcus\AppData\Local\Temp\jna8790647163024423933.dll
C:\Users\Marcus\AppData\Local\Temp\jna884075573613120117.dll
C:\Users\Marcus\AppData\Local\Temp\jna8911205458981053199.dll
C:\Users\Marcus\AppData\Local\Temp\jna8940577871361519220.dll
C:\Users\Marcus\AppData\Local\Temp\jna9040964121258218268.dll
C:\Users\Marcus\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exe
C:\Users\Marcus\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Marcus\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Marcus\AppData\Local\Temp\nvStInst.exe
C:\Users\Marcus\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Marcus\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Marcus\AppData\Local\Temp\VP6Install.exe
C:\Users\Marcus\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-09-24 23:39] - [2009-04-11 03:11] - 0721408 ____A (Microsoft Corporation) FE9B9C987302486ECB5F4FF4B153E066

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {01306d17-0601-11e2-b0d4-8dd6aa6e6aa6}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {01306d17-0601-11e2-b0d4-8dd6aa6e6aa6}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

 

LastRegBack: 2014-03-25 18:41

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Marcus at 2014-03-25 18:39:18
Running from G:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.03.29 - )
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Attansic L1 Gigabit Ethernet Driver (HKLM-x32\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version:  - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
CyberSky (HKLM-x32\...\CyberSky) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fallout 3 Patch v1.3.0 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.3.0 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
LightScribe Applications (HKLM-x32\...\{7D8B9DA5-370A-48B6-AD8D-63574C974AAC}) (Version: 1.18.26.7 - LightScribe)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{B28B351F-1232-46EA-85EF-B8EA91641033}) (Version: 7.02.5017 - Nero AG)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.5 - Black Tree Gaming)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.19 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
The Sims 2 Family Fun Stuff (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
The Sims 2 Glamour Life Stuff (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
The Sims 2 University (HKLM-x32\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version:  - )
The Sims™ 2 Apartment Life (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
The Sims™ 2 Celebration! Stuff (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
The Sims™ 2 FreeTime (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
The Sims™ 2 IKEA® Home Stuff (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
The Sims™ 2 Kitchen & Bath Interior Design Stuff (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
The Sims™ 2 Mansion and Garden Stuff (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
The Sims™ 2 Teen Style Stuff (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

15-03-2014 01:01:06 Installed DirectX
15-03-2014 15:54:22 Scheduled Checkpoint
16-03-2014 23:00:01 Windows Backup
18-03-2014 12:21:41 Windows Update
19-03-2014 18:04:58 Scheduled Checkpoint
19-03-2014 23:03:06 Installed Cool & Quiet
20-03-2014 23:08:39 Scheduled Checkpoint
21-03-2014 17:20:38 Scheduled Checkpoint
25-03-2014 01:29:05 Installed McAfee VirusScan Enterprise.
25-03-2014 03:04:25 Windows Backup
25-03-2014 04:29:33 Windows Update

==================== Hosts content: ==========================

2006-11-02 08:34 - 2012-10-01 18:49 - 00000808 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
10.13.1.11 VCottage-dc01
10.13.2.10 pro-fs01

==================== Scheduled Tasks (whitelisted) =============

Task: {03E926CE-66AB-4EE8-9203-9E6BE5935CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0CA42E24-7E36-495E-B9A4-DB09C41A8E99} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.59\AsLoader.exe [2007-03-23] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {3B1DEF9E-7E2A-403D-890E-4E0F07333899} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {585BA718-B7D9-422B-A08C-91C464B6A3B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7B000B15-20DB-4573-9D83-48FE389E8FC7} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {8E775335-216B-40B1-B122-5E24806495CC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {9763BBDE-C536-4053-AB3E-5418931F212F} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {9CD9AEDD-20AB-47CE-86A9-EC44E34DC84E} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {B31C91E4-9273-47A6-80D5-E63C253A370B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {B576F397-51DA-4FC6-A79E-D81CD61A8467} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {C87B6D7D-DA21-4F25-9F21-DBB8B2967C52} - System32\Tasks\ASUS\ASUS Energy Saving => C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe [2008-01-28] ()
Task: {CC1EBF4A-1409-41CB-8FD8-306A479F0282} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D73620B6-5962-48BA-82B5-9A8AA0C2B8E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-09-23] ()
Task: {EC045C66-8FFF-404D-8F7E-A99B993B95B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {ECD6437A-4038-4037-975D-9B9319F27B22} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe [2008-01-24] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-21 21:39 - 2013-04-21 21:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-09-23 21:34 - 2008-01-24 18:53 - 00613376 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
2013-01-30 21:26 - 2008-07-11 03:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-01-30 21:26 - 2008-07-11 03:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-10-23 19:51 - 2008-01-28 12:55 - 01413120 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
2013-12-12 18:36 - 2013-12-12 18:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 22:35 - 2012-09-07 22:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 22:35 - 2012-09-07 22:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 22:37 - 2012-09-07 22:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 22:36 - 2012-09-07 22:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 22:36 - 2012-09-07 22:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-06-20 17:35 - 2013-06-20 17:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-09-23 21:34 - 2005-06-23 01:39 - 00204851 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\PowerDll.dll
2012-09-23 21:34 - 2008-01-18 00:46 - 00053248 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\cpuutil.dll
2012-09-23 21:34 - 2006-05-26 01:18 - 00106548 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\PowNap.dll
2014-01-08 01:28 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 01:28 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 17:10 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-24 18:51 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2012-09-24 18:51 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-10-23 19:51 - 2008-01-16 20:08 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
2012-10-23 19:51 - 2007-01-03 22:25 - 00008704 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
2013-01-30 21:26 - 2007-10-22 08:08 - 00139264 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Marcus\Documents\letter of reference.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 00:29:33 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/25/2014 00:29:33 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/24/2014 11:04:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/24/2014 10:52:12 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/24/2014 10:46:55 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/24/2014 10:40:21 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (03/24/2014 10:37:21 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0000abf6,
process id 0x390, application start time 0xsvchost.exe0.

Error: (03/24/2014 10:26:16 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xfeeefeee,
process id 0x38c, application start time 0xsvchost.exe0.

Error: (03/24/2014 10:01:26 PM) (Source: Application Error) (User: )
Description: Faulting application mcshield.exe, version 15.0.0.466, time stamp 0x4fbbb991, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000000000000,
process id 0x7a0, application start time 0xmcshield.exe0.

Error: (03/24/2014 10:01:25 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: VSCORE.15.0.0.466
Exception Code       : 0X00000000C0000005
Exception Address    : 0000000000000000
Exception Parameters : 2
 Param 1 = 0X0000000000000008
 Param 2 = 0000000000000000

More information :
ScanRequest : NTName is \Device\HarddiskVolume1\Windows\system32\drivers\85373854.sys.

System errors:
=============
Error: (03/25/2014 06:37:50 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (03/25/2014 06:37:50 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (03/25/2014 00:08:18 AM) (Source: WinDefend) (User: )
Description: %%%82527 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %%%82524

 Error Code: 0x8050a001

 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.

 Signatures loading: %%825

 Loading signature version: 1.169.31.0

 Loading engine version: %%%825270

Error: (03/25/2014 00:07:59 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (03/25/2014 00:07:59 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (03/24/2014 11:53:04 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (03/24/2014 11:53:04 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (03/24/2014 11:10:22 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (03/24/2014 11:10:22 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (03/24/2014 10:56:50 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Microsoft Office Sessions:
=========================
Error: (03/25/2014 00:29:33 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/25/2014 00:29:33 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/24/2014 11:04:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (03/24/2014 10:52:12 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/24/2014 10:46:55 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/24/2014 10:40:21 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Error: (03/24/2014 10:37:21 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89msvcrt.dll7.0.6002.185514ee8cc5ac00000050000abf639001cf47d2f1bf6f00

Error: (03/24/2014 10:26:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c0000005feeefeee38c01cf47d07f31745b

Error: (03/24/2014 10:01:26 PM) (Source: Application Error)(User: )
Description: mcshield.exe15.0.0.4664fbbb991unknown0.0.0.000000000c000000500000000000000007a001cf47c9f605749d

Error: (03/24/2014 10:01:25 PM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: VSCORE.15.0.0.466
Exception Code       : 0X00000000C0000005
Exception Address    : 0000000000000000
Exception Parameters : 2
 Param 1 = 0X0000000000000008
 Param 2 = 0000000000000000

More information :
ScanRequest : NTName is \Device\HarddiskVolume1\Windows\system32\drivers\85373854.sys.

CodeIntegrity Errors:
===================================
  Date: 2014-03-24 23:25:39.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:25:39.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:25:39.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:25:39.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:35.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:35.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:35.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:34.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:07.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 23:17:07.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8190.18 MB
Available physical RAM: 5319.47 MB
Total Pagefile: 16431.41 MB
Available Pagefile: 13591.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.41 GB) (Free:271.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup Disk) (Fixed) (Total:232.88 GB) (Free:117.56 GB) NTFS
Drive e: (LRMCxFRE_EN_DVD) (CDROM) (Total:3.54 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 17499EEF)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465 GB) (Disk ID: 5979E30A)
Partition 1: (Active) - (Size=465 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 992 MB) (Disk ID: 075E1FC7)
Partition 1: (Active) - (Size=991 MB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Users shortcut scan result (x64) Version: 13-03-2014
Ran by Marcus at 2014-03-25 18:43:47
Running from G:\
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom HOME 2.lnk -> C:\Windows\Installer\{99072AB4-D795-44D5-9D65-E3C9F8322C97}\NewShortcut1_BB5D96B1D05B428EBAD4A437B7244768.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Cyber-shot Viewer.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\Browser\SPUBrowser.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Tools\Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Tools\Settings Initialization Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\InitTool\SPUInit.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Uninstall Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero CD-DVD Speed [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero CoverDesigner Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Express Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\NeroExpress_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Recode Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Recode\NeroRecode_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Vision Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVisionExpress_ENG.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility\MotoCast.lnk -> C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager\Motorola Device Manager.lnk -> C:\Windows\Installer\{C89FA20F-0236-424C-B7D8-8E5EEDC20E15}\_FAD87DAE7EEFA274B7BADE.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Problem Reports and Solutions.lnk -> C:\Windows\System32\wercon.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Template Labeler.lnk -> C:\Program Files (x86)\LightScribe Template Labeler\TemplateLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgrade.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan\EPSON Scan Settings.lnk -> C:\Windows\twain_32\escndv\escfg.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Uninstall The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\The Sims 2™ Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\TSBin\Sims2EP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Uninstall The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Uninstall The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Uninstall The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Uninstall The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\TSBin\Sims2SP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Uninstall The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Uninstall The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\TSBin\Sims2SP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Uninstall The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Uninstall The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Uninstall The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\The Sims 2 University.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\TSBin\Sims2EP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Uninstall The Sims 2 University.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\The Sims 2 Pets.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\TSBin\Sims2EP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Uninstall The Sims 2 Pets.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\The Sims 2 Open For Business.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\TSBin\Sims2EP3.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Uninstall The Sims 2 Open For Business.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\The Sims 2 Nightlife.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Uninstall The Sims 2 Nightlife.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\The Sims 2 Glamour Life Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\TSBin\Sims2SP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Uninstall The Sims 2 Glamour Life Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\The Sims 2 Family Fun Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\TSBin\Sims2SP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Uninstall The Sims 2 Family Fun Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\The Sims 2.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Uninstall The Sims 2.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall  DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk -> C:\Program Files (x86)\DVD Flick\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk -> C:\Program Files (x86)\DVD Flick\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk -> C:\Program Files (x86)\DVD Flick\guide\index_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk -> C:\Program Files (x86)\DVD Flick\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky Help.lnk -> C:\Program Files (x86)\CyberSky\CyberSky.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky Home Page.lnk -> C:\Program Files (x86)\CyberSky\CyberSky Home Page.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky.lnk -> C:\Program Files (x86)\CyberSky\CyberSky.exe (Stephen Michael Schimpf)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\Uninstall CyberSky.lnk -> C:\Program Files (x86)\CyberSky\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\NOOK for PC.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe (Barnes & Noble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\Uninstall.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe (Barnes & Noble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar Essence STX Audio\Xonar Essence STX Audio Center.lnk -> C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (CMedia)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\Manual for PC Probe II.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\PC Probe II V1.04.19.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\UnInstall PC Probe II .lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\Cool & Quiet 2.18.01.lnk -> C:\Program Files (x86)\ASUS\Cool & Quiet\cnq.exe (ASUSTeK)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\UnInstall Cool & Quiet.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\User Guide.lnk -> C:\Program Files (x86)\ASUS\Cool & Quiet\Cool 'n' Quiet.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\AI Suite v1.03.29.lnk -> C:\Program Files (x86)\ASUS\AI Suite\AiSuite.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\UnInstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\Windows\System32\sdclt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\SysWOW64\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F248ADFA-64E0-4B03-8A83-059078BED6A0}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F248ADFA-64E0-4B03-8A83-059078BED6A0}\PlayTasks\0\Play The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EAA38532-7AD0-4F78-918A-4F4F02096ECE}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EAA38532-7AD0-4F78-918A-4F4F02096ECE}\PlayTasks\0\Play The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\TSBin\Sims2SP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{B6F5B704-06D3-4687-90F3-6195304AD755}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{B6F5B704-06D3-4687-90F3-6195304AD755}\PlayTasks\0\Play The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{A8EDECEE-3DC6-4BA0-84F7-1DCC9E5237D6}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe (Square Enix Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{87F6C83D-F949-4D14-B5CB-DC8C75F8932D}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{87F6C83D-F949-4D14-B5CB-DC8C75F8932D}\PlayTasks\0\Play The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{84DDE556-43EF-43ED-B2DF-37AF9E5DDD75}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{84DDE556-43EF-43ED-B2DF-37AF9E5DDD75}\PlayTasks\0\Play The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\TSBin\Sims2SP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}\PlayTasks\0\Play The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{5C648FDB-0138-4619-B66E-230EF53E8E2C}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{5C648FDB-0138-4619-B66E-230EF53E8E2C}\PlayTasks\0\Play The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{54AB1C1C-CB5D-47D4-A741-42D776B60585}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\steamapps\common\DXHRML\dxhrml.exe (Square Enix Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\3\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\2\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\0\Play The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A2A15C2-6780-49C1-B296-503230E9DE00}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A2A15C2-6780-49C1-B296-503230E9DE00}\PlayTasks\0\Play The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()
Shortcut: C:\Users\Marcus\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Marcus\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Marcus\Links\Documents.lnk -> C:\Users\Marcus\Documents ()
Shortcut: C:\Users\Marcus\Links\Music.lnk -> C:\Users\Marcus\Music ()
Shortcut: C:\Users\Marcus\Links\Pictures.lnk -> C:\Users\Marcus\Pictures ()
Shortcut: C:\Users\Marcus\Links\Public.lnk -> C:\Users\Public ()
Shortcut: C:\Users\Marcus\Links\Recently Changed.lnk -> C:\Users\Marcus\Searches\Recently Changed.search-ms ()
Shortcut: C:\Users\Marcus\Links\Searches.lnk -> C:\Users\Marcus\Searches ()
Shortcut: C:\Users\Marcus\Desktop\Desktop\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\Users\Marcus\Desktop\Desktop\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\Desktop\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\Users\Marcus\Desktop\Desktop\Xonar Essence STX Audio Center.lnk -> C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (CMedia)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Word\Mt%20Carberry_13-0250_Draft%20-%20Comments%201-13-303520461588394384\Mt%20Carberry_13-0250_Draft%20-%20Comments%201-13-2014.doc.lnk -> C:\Users\Marcus\Desktop\Desktop\Mt Carberry_13-0250_Draft - Comments 1-13-2014.doc (No File)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Word\2013%20GCCS%20Monitoring%20Plan%20Update.v3.10-15-303520201237844080\2013%20GCCS%20Monitoring%20Plan%20Update.v3.10-15-13.docx.lnk -> C:\Users\Marcus\Desktop\Desktop\Monitoring Plan Update\2013 GCCS Monitoring Plan Update.v3.10-15-13.docx (No File)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\TechPowerUp GPU-Z.lnk -> C:\Program Files (x86)\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\Uninstall.lnk -> C:\Program Files (x86)\GPU-Z\uninstall.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\D3DOverrider.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Patch scripts folder.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\PatchScripts ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner documentation.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Doc\RivaTuner.chm ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner SDK documentation.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\SDK\SDK.chm ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner Statistics Server.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Uninstall.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Uninstall.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{FAD368C3-A7DF-43F4-BA72-5CEEA3BB3765}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\TSBin\Sims2EP3.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\The Sims 2™ Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\0\Play The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\TSBin\Sims2EP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DBB664FA-2798-4327-A655-F274F0DEF739}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\TSBin\Sims2EP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{D7F34A08-60B3-409A-8F37-83D5BD312510}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{C89B8151-D73E-42B8-9C20-C986F28FFFE6}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\TSBin\Sims2SP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{80F639E7-17A4-4AD9-B687-3B776D26BDEE}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\TSBin\Sims2EP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{7D004460-C55F-4E20-A35D-41C521A645FF}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\Users\Public\Desktop\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\NOOK for PC.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe (Barnes & Noble, Inc.)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Uninstall TomTom HOME 2.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {99072AB4-D795-44D5-9D65-E3C9F8322C97}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming) -> -trace
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero Online Upgrade.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroUpgrade.exe (Nero AG) -> -ScParameter=8  ShowOffer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero ProductSetup.lnk -> C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=8  MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero CD-DVD Speed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero Scout.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroScoutOptions.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Photo and Video\Nero Recode Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Recode\Recode.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Photo and Video\Nero Vision Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Labels\Nero CoverDesigner Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe (Nero AG) -> -ScParameter=8 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Data\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8  /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Audio\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8  /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Printer Software Uninstall.lnk -> C:\Windows\System32\spool\drivers\x64\3\EPUPDATE.EXE (SEIKO EPSON CORPORATION) -> /R
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus CX4200 Series Buy Ink.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_IARNAEA.EXE (SEIKO EPSON CORPORATION) -> /T "MENU" /D "EPSON Stylus CX4200 Series" /M "Stylus CX4200" /A
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EReg.exe (Electronic Arts, Inc.) -> "Sims2EP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP3.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP3.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EasyInfo.exe (Electronic Arts) -> "Sims2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EReg.exe (Electronic Arts, Inc.) -> "Sims2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner documentation (international).lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe () -> /?
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8  /w
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Help\Cyber-shot Viewer.url -> C:\Program Files (x86)\Sony\Sony Picture Utility\Browser\help\Index.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us




InternetURL: C:\Users\Marcus\Favorites\Aetna Login.url -> https://member.aetna.com/appConfig/login/login.fcc?TYPE=33554433&REALMOID=06-36d8cb4d-4ac1-44c7-b12d-a80fba4b718e&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-xU5km2Pz5%2f9A%2f2FCwUlXE48HlDkyH9ruz3da8Iqw6pwcy09mgHFN5RmlkMNqguY5&TARGET=-SM-HTTPS%3a%2f%2fmember%2eaetna%2ecom%2fMbrLanding%2fRoutingServlet%3fcreateSession%3dtrue

InternetURL: C:\Users\Marcus\Favorites\Central Desktop.url -> https://scsengineers.centraldesktop.com/login








InternetURL: C:\Users\Marcus\Favorites\SCS ESS.url -> https://scs.sentric.net/default.aspx?Tab=821caefe-9d45-44e7-9d5e-126c172dc991






















InternetURL: C:\Users\Marcus\Favorites\Links\Bank of America  Home  Personal.url -> https://www.bankofamerica.com/














==================== End of log =============================

Link to post
Share on other sites

Hello,

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi

I did this, but no Search.txt file was created.

Link to post
Share on other sites

Sorry, it appears I was pressing the "Scan" button, not the "search" button.  Here is the log you requested (the search/scan for one file took a LONG time!):

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Marcus at 2014-03-25 22:03:00
Running from C:\Users\Marcus\Desktop\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2012-09-24 23:39] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2012-09-23 23:43] - [2012-09-23 23:43] - 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2012-09-23 23:43] - [2012-09-23 23:43] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
[2012-09-24 20:38] - [2008-01-19 00:03] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2012-09-23 23:43] - [2012-09-23 23:43] - 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2012-09-23 23:43] - [2012-09-23 23:43] - 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_c3b2b583f9525e9e\rpcss.dll
[2006-11-02 05:36] - [2006-11-02 07:19] - 0719872 ____A (Microsoft Corporation) 947C1BC8FC0DC36FDA353476A5665907

C:\Windows\System32\rpcss.dll
[2012-09-24 23:39] - [2009-04-11 03:11] - 0721408 ____A (Microsoft Corporation) FE9B9C987302486ECB5F4FF4B153E066

====== End Of Search ======

Link to post
Share on other sites

I'm very nervous about how my computer is behaving while left running.  I sense that I'm leaving a back door open for a hacker.  So, if you have no objection, I'm simply going to disconnect it from the Internet, and only connect it as necessary to respond to you or to download files for diagnosing and disinfecting.

Link to post
Share on other sites

I'm very nervous about how my computer is behaving while left running.  I sense that I'm leaving a back door open for a hacker.  So, if you have no objection, I'm simply going to disconnect it from the Internet, and only connect it as necessary to respond to you or to download files for diagnosing and disinfecting.

 

Hello,

 

I am sorry about the delay but we have a different timezone.

 

Please download the following file => fixlist.txt and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also let me know how are things now.

 

 

Regards,

Georgi

Link to post
Share on other sites

No problem regarding the time difference - I just wanted to indicate what I was doing so that you were aware in your troubleshooting efforts.  I appreciate the help you're providing me.

 

I will attempt this fix tonight, and let you know how it goes.  A couple questions - again, should I kill the svchost.exe *32 process before I apply this change?  If not, should I be expecting the noise and other virus behavior (e.g., high processor usage, hard disk I/O, memory hard faults) to go back to normal?  What should I be looking for to evaluate how things are after I apply the change. 

 

Thanks a lot.

 

P.S. To giantmalware- unfortunately, the viral activity on my machine doesn't have anything to do with BitTorrent or torrents I've downloaded.  I haven't used that program to download anything in several months.  My wife was surfing online movies (e.g., YouTube; not torrents) the other day, and it was very clear that the virus came from this activity.  But I appreciate the advice; thanks for your input.

Link to post
Share on other sites

Sounds good.  But, so you know, I have disconnected that computer from the internet (i.e., I pulled the network cable from the back of the machine).  Does the computer need to be connected to the internet to apply the change, or is everything that it needs in fixlist.txt?

Link to post
Share on other sites

Hello,

 

It's not needed to be connected to the internet during the fix.The file should be replaced on reboot and the problems should be gone afterwards.

More information about the infection can be found here:

 

https://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/

 

http://blog.avast.com/2014/01/22/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-2/

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi. The fix seems to have worked. Thanks so very much for your help!! I would send you the fixlog.txt to review to ensure there's nothing else I need to do, but it's too long to post here, and I don't know what else to do with it.  Let me know if you think it's even necessary.

 

Otherwise, thank again for your MOST excellent help with this! I left you a token of my appreciation.

Link to post
Share on other sites

Hello,

 

I am glad I could help. :)

You can upload the fixlog here => http://www.filedropper.com/ and then post the link to the log in your next reply for my review.

 

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. smile.png

 

 

Regards,

Georgi

Link to post
Share on other sites

Alright, I'm getting back with all the other goodies.  Here's Step 1 - RKill.txt:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/29/2014 12:05:14 AM in x64 mode.
Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  10.13.1.11 VCottage-dc01
  10.13.2.10 pro-fs01

Program finished at: 03/29/2014 12:06:16 AM
Execution time: 0 hours(s), 1 minute(s), and 2 seconds(s)

Link to post
Share on other sites

The RogueKillerX64 log file wasn't terribly long, so instead of attaching it to pastebin, here it is:

 

(Note that I know what are 10.13.1.11 VCottage-dc01 and 10.13.2.10 pro-fs01; they are my work servers)

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Marcus [Admin rights]
Mode : Scan -- Date : 03/29/2014 00:13:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : WMPNSCFG (C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [-][x][-][x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2303092546-2931844446-616707999-1000\[...]\Run : WMPNSCFG (C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [-][x][-][x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : ieframe.dll -> HOOKED (C:\Windows\system32\authui.dll @ 0xEC7C6650)
[Address] EAT @explorer.exe (DllGetClassObject) : ieframe.dll -> HOOKED (C:\Windows\system32\authui.dll @ 0xEC7C6664)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost
10.13.1.11 VCottage-dc01
10.13.2.10 pro-fs01

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
--- User ---
[MBR] 4f21a427065b5eb9820c528c1445e131
[bSP] 4ec6445f95eadb91a5b9845dfbf4d000 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) ADAPTEC RAID 0 SCSI Disk Device +++++
--- User ---
[MBR] a9efbc907036702b04f0e06ae8274864
[bSP] 64af8f0be78159007e5467bbaa090297 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476578 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_03292014_001317.txt >>

 

 

Link to post
Share on other sites

By the way, RogueKillerX64 is prompting me to hit the "delete" button, so I did.  Apparently, it deleted a few registry entries, and replaced some.  I also pressed, "Fix Host", "Fix Proxy", "Fix DNS" and "Fix Shortcuts".  I hope this was a good move.

 

 

The log file from TDSSKiller will follow in my next post.

Link to post
Share on other sites

There were actually two logs generated by TDSSKiller.  Here's the first:

 

00:24:35.0579 0x1a24  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
00:24:40.0260 0x1a24  ============================================================
00:24:40.0260 0x1a24  Current date / time: 2014/03/29 00:24:40.0260
00:24:40.0260 0x1a24  SystemInfo:
00:24:40.0261 0x1a24 
00:24:40.0261 0x1a24  OS Version: 6.0.6002 ServicePack: 2.0
00:24:40.0261 0x1a24  Product type: Workstation
00:24:40.0261 0x1a24  ComputerName: MARCUS-PC
00:24:40.0261 0x1a24  UserName: Marcus
00:24:40.0261 0x1a24  Windows directory: C:\Windows
00:24:40.0261 0x1a24  System windows directory: C:\Windows
00:24:40.0261 0x1a24  Running under WOW64
00:24:40.0261 0x1a24  Processor architecture: Intel x64
00:24:40.0261 0x1a24  Number of processors: 4
00:24:40.0261 0x1a24  Page size: 0x1000
00:24:40.0261 0x1a24  Boot type: Normal boot
00:24:40.0261 0x1a24  ============================================================
00:24:40.0369 0x1a24  KLMD registered as C:\Windows\system32\drivers\85323308.sys
00:24:40.0453 0x1a24  System UUID: {26FE2743-89B7-2457-5E8C-6D8579ACF505}
00:24:40.0815 0x1a24  Drive \Device\Harddisk1\DR1 - Size: 0x745A400000 (465.41 Gb), SectorSize: 0x200, Cylinders: 0xED53, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:40.0825 0x1a24  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:40.0829 0x1a24  ============================================================
00:24:40.0829 0x1a24  \Device\Harddisk1\DR1:
00:24:40.0832 0x1a24  MBR partitions:
00:24:40.0832 0x1a24  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A2D1000
00:24:40.0832 0x1a24  \Device\Harddisk0\DR0:
00:24:40.0832 0x1a24  MBR partitions:
00:24:40.0832 0x1a24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
00:24:40.0832 0x1a24  ============================================================
00:24:40.0856 0x1a24  C: <-> \Device\Harddisk1\DR1\Partition1
00:24:40.0875 0x1a24  D: <-> \Device\Harddisk0\DR0\Partition1
00:24:40.0875 0x1a24  ============================================================
00:24:40.0875 0x1a24  Initialize success
00:24:40.0875 0x1a24  ============================================================
00:24:59.0779 0x48ec  KLMD registered as C:\Windows\system32\drivers\41581403.sys
00:25:00.0332 0x48ec  Deinitialize success
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.