svchost.exe *32 and internet radio noise

mscrimge · March 29, 2014

Here's the link to the second TDSSKiller log:

Here's the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2014
Scan Time: 1:22:36 AM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.28.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Marcus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275618
Time Elapsed: 40 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [57a9e91709f7aa56a33f88d759a949b7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

B-boy/StyLe/ · March 29, 2014

Ok, the logs are clean (it wasn't needed to push the delete button in roguekiller but it didn't cause any harm).

I am waiting for the last 2 logs and then I will give you my last recommendations.

Regards,

Georgi

mscrimge · March 29, 2014

HitmanPro didn't work - while it would get through the cookies, it kept freezing up on review of various drivers (not usually the same one). It would actually freeze up the hard drive completely (i.e., no activity at all), so that I had to power off the computer. I did it about 6 times; it's just not happy with my system. No logs were generated either, of course (because it never finished the scan). I'm giving up on Hitman (unless you have any ideas about that).

Now for Security Check:

Results of screen317's Security Check version 0.99.81
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.0.3
Java 7 Update 51
Adobe Reader 10.1.9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

B-boy/StyLe/ · March 29, 2014

Hello,

That's pity because HMP is a very fast scanner...I would like to scan your computer with at least one antivirus program before I let you go.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the Run ESET Online Scanner button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
8. Now click on Advanced Settings and select the following:
  - - Scan for potentially unwanted applications
    - Scan for potentially unsafe applications
    - Enable Anti-Stealth Technology

[*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the button. [*]Push

Also your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Download the latest version of Java SE 8.
Click the Java SE 8 "Download JRE" button to the right.
Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-8-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
JavaFX 2.0.3
Java 7 Update 51
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8-windows-i586.exe and select "Run as an Administrator.")

Next please run JavaRa.

Please download JavaRa 2.5 and unzip it to your desktop.
Double-click on JavaRa.exe to start the program.
Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
When that's successfully done, please click OK to close the message.
Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
From the main menu please choose Additional tasks
Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
A log file should be created in the same directory as JavaRa.
Please attach the log to your next reply.
Close JavaRa by clicking the red cross button.

You can choose between 2 variants:

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

It's your call.

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.

Uninstall Adobe Reader 10.1.9 via Start => Control Panel > Uninstall a program
Install the new downloaded updated software.

Run Windows Defragmenter to improve the computer performance (only if your HDD is not SSD)!!

Ways to improve your computer's performance

It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

Visit Microsoft's Windows Update Site Frequently

It is important that you visit Windows Update regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Finally post a new log from SecurityCheck.

Regards,

Georgi

mscrimge · March 30, 2014

And here are the ESET Scan results:

C:\FRST\Quarantine\C\Windows\system32\rpcss.dll.xBAD Win64/Patched.H trojan
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\TDSSKiller_Quarantine\24.03.2014_22.14.03\susp0000\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\TDSSKiller_Quarantine\24.03.2014_22.14.03\susp0001\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\228d538a-56565fd1 multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\34edbb4e-6d76de03 multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\12741c51-2b5c54eb multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2467f72a-78589377 multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\37ad5f2-77e7ddde multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3a714272-75b70025 multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\445cc4b6-47b9806b multiple threats
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4e1ac83f-71283826 multiple threats
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-10 223226\Backup files 72.zip multiple threats
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 11.zip multiple threats
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 4.zip Win64/Patched.H trojan

B-boy/StyLe/ · March 30, 2014

Hello,

Nice work!

Some of your backups are infected and I am going to remove them with a script.

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

And here are my final recommendations to you:

Nicely done ! This is the end of our journey if you don't have any more questions.

Thank you for following my instructions perfectly.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

STEP 1 CleanUp

To remove all of the tools we used and the files and folders they created, please do the following:

Download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

Please download OTC.exe by OldTimer and save it to your desktop.

Right-click the OTC.exe and choose Run as Administrator.
Click on CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Next please download Delfix.exe by Xplode and save it to your desktop.
Please start it and check the box next to "Remove disinfection tools" and click on the run button.
The tool will delete itself once it finishes.

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

STEP 2 SECURITY ADVICES

Change all your passwords !

Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately including those for bank accounts, credit cards and home loans, PIN codes etc)!! (just in case).

If you're storing password in the browser to access websites than they are non encrypted well (only if you use Firefox with master password protection activated provide better security). So I strongly recommend to change as much password as possible. Many of the modern malware samples have backdoor abilities and can steal confidential information from the compromised computer. Also you should check for any suspicious transactions if such occur. If you find out that you have been victim to fraud contact your bank or the appropriate institution for assistance.

Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft

Keep your antivirus software turned on and up-to-date

Make sure your antivirus software is turned on and up-to-date.
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Note:
You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
Be sure to check for and download any definition updates prior to performing a scan.
Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

Install HIPS based software if needed (or use Limited Account with UAC enabled)

I usually recommend to users to install HIPS based software but this type software is only effective in the right hands since it require from the users to take the right decisions.

HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO Firewall, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)

However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. Also note that if you have an antivirus installed then you should install Comodo Firewall (and not Comodo Internet Security to avoid conflicts).

It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.

More information about HIPS can be found here: What is Host Intrusion Prevention System (HIPS) and how does it work?

If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 7. Personally I stick to version 5 at least for now.

If these kind of programs are difficult for you to use then you can use limited user account (LUA) with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

Be prepared for CryptoLocker:

CryptoLocker Ransomware Information Guide and FAQ

Cryptolocker Ransomware: What You Need To Know

New CryptoLocker Ransomware Variant Spread Through Yahoo Messenger

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against this locker.

Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders

You may want to check HitmanPro.Alert.CryptoGuard and add install it to be safe when surfing the net.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
.exe, .com, .bat, .pif, .scr or .cmd do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Tweak your browsers

MOZILLA FIREFOX

To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

Adblock Plus can be found here.

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

NoScript can be found here

Google Chrome

If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

For Internet Explorer 9/10 read the articles below:

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.

Changelog can be seen here and known issues here.

Make the extensions for known file types visible:

Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

Create an image of your system (you can use the built-in Windows software as well if you prefere)

Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
The download link is here.
The tutorial on how to create an system image can be found here.
The tutorial on how to restore an system image can be found here.
Be sure to read the tutorial first.

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing!

Regards,

Georgi

mscrimge · March 30, 2014

Thanks, Georgi. Here's the fixlog.txt for the first FRST run (to remove the remnants of infection from backups, etc.):

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Marcus at 2014-03-30 11:39:03 Run:2
Running from C:\Users\Marcus\Desktop\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\APN
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-10 223226\Backup files 72.zip
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 11.zip
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 4.zip
end
*****************

C:\ProgramData\APN => Moved successfully.
C:\Users\Marcus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully.
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-10 223226\Backup files 72.zip => Moved successfully.
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 11.zip => Moved successfully.
D:\MARCUS-PC\Backup Set 2014-03-10 223226\Backup Files 2014-03-26 214629\Backup files 4.zip => Moved successfully.

==== End of Fixlog ====

B-boy/StyLe/ · March 30, 2014

Hello,

You're more than welcome!

Take care!

Regards,

Georgi

AdvancedSetup · March 30, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

AdvancedSetup · May 12, 2014

Topic reopened per user request.

mscrimge · May 12, 2014

Hey Georgi. Here we are again....

Here are my results from FRST; first the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Marcus (administrator) on MARCUS-PC on 12-05-2014 07:25:43
Running from C:\Users\Marcus\Desktop\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5055488 2007-03-24] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Ai Nap] => C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1413120 2008-01-28] ()
HKLM-x32\...\Run: [CPU Power Monitor] => C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [627200 2008-01-09] ()
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {b9fa75db-09c8-11e2-ae34-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {e89840bc-05e1-11e2-9132-806e6f6e6963} - F:\.\Bin\Assetup.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9fa75db-09c8-11e2-ae34-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e89840bc-05e1-11e2-9132-806e6f6e6963} - F:\.\Bin\Assetup.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-05-11] (BioWare)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-21] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49520 2013-12-12] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73584 2013-12-12] (Cisco Systems, Inc.)
R0 adp3132; C:\Windows\System32\drivers\adp3132.sys [389720 2010-10-19] (Adaptec, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01v64.sys [58880 2007-03-15] (Attansic Technology corporation.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-04-25] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\System32\DRIVERS\acsint64.sys 7A882D5BE87AE21B6E928D6C541295FB
C:\Windows\System32\DRIVERS\acsmux64.sys 8F9DF252919FA3943D9913EF5241904B
C:\Windows\System32\drivers\adp3132.sys FE563D2BCCD063A7D7ABC071983AA2EE
C:\Windows\system32\drivers\adp94xx.sys 9137451D37BA1C325CD6C2DEF3D2D692
C:\Windows\system32\drivers\adpahci.sys 01F80898DF5CC7DF19B3B11351846263
C:\Windows\system32\drivers\adpu160m.sys DA001DB13FFF45DFE9109936E265B7CC
C:\Windows\system32\drivers\adpu320.sys 2B10C35C5B7C5C0C28F572E035319602
C:\Windows\system32\drivers\afd.sys 2BA159E1F9FD75F6A496742B20F1D9CF
C:\Windows\system32\drivers\agp440.sys 5CCDD13BC602AE33CD8B62D33C29AB72
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys DE55DC52F7CEB89A967572D6B491ADA2
C:\Windows\system32\drivers\arc.sys 2E8623F2FED998A97129A3DB919551C8
C:\Windows\system32\drivers\arcsas.sys 741A003C041A3EC480A2E71AF71E9654
C:\Windows\SysWow64\drivers\AsIO.sys 68726474C69B738EAC3A62E06B33ADDC
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DRIVERS\atl01v64.sys 93B74ACE2B50276ACFD0A78FAE790022
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys F28F00596824058BC61D5EDF434C9B82
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\System32\drivers\cmudaxp.sys 0367F029425CBD5506E8DB2757FF3A8F
C:\Windows\system32\drivers\compbatt.sys 0E77A445640BF310817F60941C50560C
C:\Windows\System32\drivers\crcdisk.sys B1192DCD5B9CF46BEED0E2A9E5BCF59A
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 0A3C78677FF62E9E0AE7CC25C790A968
C:\Windows\System32\DRIVERS\E1G6032E.sys D57FE09B575545738A73A0C193D0616A
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys 3D6298AFF3FE06C0616CE5D090A3EEAA
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys B54520CC7B4B55134D7527B1CD3FC1F2
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\HdAudio.sys DF45F8142DC6DF9D18C39B3EFFBD0409
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hitmanpro37.sys DD9C88B116408B30F855A76E09DD2962
C:\Windows\system32\drivers\hpcisss.sys 8EDC820115DF1E04763B2923676EA5B2
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys F2901763845570ECAC48E6A50EC50812
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 72C3EE7EA3CD75A772E62AE0E5DF8B8C
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys DFE66F9C8B74BAFBC1C54052552571FF
C:\Windows\system32\drivers\intelide.sys 36A266C673812878996F72B200203FBB
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys EACDBBE429C6D170BDEEE0EFFCBC317B
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys D3BB520B31F28C1A065CD058E762EE73
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys 1572F8D999C0AB4376AFDCE058A78DF9
C:\Windows\system32\drivers\lsi_sas.sys 64470979C3E3C9FF60EDFB5230C56E0E
C:\Windows\system32\drivers\lsi_scsi.sys 4CED7D3B54BFC5BBAE75C4A73C7F7428
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13
C:\Windows\system32\drivers\megasas.sys 2F631C2939D5F2E8958935EE701D70D7
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys ED48EAC719EE28DB773359EB1B06E2B5
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys EEADF970795148BFBB1DB3ABCC89C16B
C:\Windows\system32\drivers\msdsm.sys 96D7C0A1B98434C6E4FF0C2E26A0E20A
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\DRIVERS\ASACPI.sys 6936198F2CC25B39CF5262436C80DF46
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvlddmkm.sys EE6B7B6A54BCAFF516E30B1C15467495
C:\Windows\system32\drivers\nvraid.sys 840EEB44DC49317A6161961F7682CD99
C:\Windows\system32\drivers\nvstor.sys 94C5334040A5D500897F4C5FD12AEEDE
C:\Windows\system32\drivers\nv_agp.sys AA1B6C86A4763502E20B65C025F39BAD
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 6BC78E5F12CBB74E7930AAAA4A0DB387
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 4A29D25704917161BAD9B4659A248DFD
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\atikmdag.sys 2A09A6B271D1F50ADF5E33B37D460DE6
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys 2D98DDA8EDCE73DF99854BF3692CCC87
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 2449316316411D65BD2C761A6FFB2CE2
C:\Windows\System32\DRIVERS\serial.sys 4B438170BE2FC8E0BD35EE87A960F84F
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 541B32F8D6B2DCB92EC43BAB267E79EA
C:\Windows\system32\drivers\sffp_mmc.sys 446E7CCA3325C7E0AE0FDE7F73CDD9C2
C:\Windows\system32\drivers\sffp_sd.sys 67EDC221348911E895AF51C57D9A3725
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 08DDA16573FA44F8B13AFE74597AD2E5
C:\Windows\system32\drivers\sisraid4.sys C52259E9DAAF3890D572D87FFEE0979E
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\DRIVERS\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys E4722DFBD6232ACF17543EF2C2DCE8D2
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 5663D7696ABBE71F8C9D915C5374118A
C:\Windows\system32\drivers\uliahci.sys 6030B68E86A30D1B315B51C4D7778B16
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279
C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4
C:\Windows\System32\DRIVERS\usb8023x.sys C690C8B45DB67DBA284B72D1FD649D2C
C:\Windows\System32\DRIVERS\vgapnp.sys 2998DC48905E9B4821AD8FD75B3E070C
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\System32\DRIVERS\vpnva64.sys A8D4FED106B4BD337DF3DA20BA44E18E
C:\Windows\system32\drivers\vsmraid.sys 410AE2C141142C58BC617FC2C677F8B0
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 59B501B0A04C9672142B7FFA2BDBF663
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys AE34218455D5DC12D1E45DE85F160346
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-12 07:24 - 2014-05-12 07:25 - 00000000 ____D () C:\FRST
2014-05-11 17:48 - 2014-05-11 17:48 - 00000000 ____D () C:\ProgramData\BioWare
2014-05-11 17:37 - 2014-05-11 17:37 - 00000000 ____D () C:\Users\Marcus\Documents\BioWare
2014-05-11 17:36 - 2014-05-11 17:37 - 00007768 _____ () C:\Users\Marcus\Documents\DAO Ultimate Addins Updater.log
2014-05-11 15:35 - 2014-05-11 15:35 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 15:35 - 2014-05-11 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-11 15:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-11 15:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-11 15:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:08 - 2014-05-11 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 23:40 - 2014-04-29 07:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-01 23:40 - 2014-04-29 07:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 23:40 - 2014-04-29 06:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-01 23:40 - 2014-04-29 06:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 00:22 - 2014-04-25 01:27 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-21 13:04 - 2014-04-21 13:04 - 00003402 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update
2014-04-21 13:04 - 2014-04-21 13:04 - 00003384 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine
2014-04-21 13:04 - 2014-04-21 13:04 - 00003210 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2014-04-21 13:04 - 2014-04-21 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2014-04-21 13:04 - 2014-04-21 13:04 - 00000000 ____D () C:\Program Files\Motorola Mobility LLC
2014-04-21 12:19 - 2014-04-21 13:04 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-04-21 12:17 - 2014-04-21 12:17 - 00000000 ____D () C:\Users\Marcus\Downloads\Motorola
2014-04-21 11:23 - 2012-01-10 14:57 - 00637848 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-04-21 11:23 - 2012-01-10 14:57 - 00567696 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-04-18 21:55 - 2014-04-18 21:55 - 00360984 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI4A57.txt
2014-04-18 21:55 - 2014-04-18 21:55 - 00011194 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI4A57.txt

==================== One Month Modified Files and Folders =======

2014-05-12 07:25 - 2014-05-12 07:24 - 00000000 ____D () C:\FRST
2014-05-12 07:25 - 2012-09-28 21:29 - 00000000 ____D () C:\Users\Marcus\Documents\Outlook Files
2014-05-12 06:46 - 2013-08-10 22:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 06:38 - 2014-03-29 09:30 - 00000000 ____D () C:\Users\Marcus\AppData\Local\CrashDumps
2014-05-12 05:26 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 05:26 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 01:17 - 2014-03-29 00:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 00:12 - 2013-02-05 12:35 - 00003694 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98C3FDA4-2311-476E-8E0E-49787E61C174}
2014-05-11 17:48 - 2014-05-11 17:48 - 00000000 ____D () C:\ProgramData\BioWare
2014-05-11 17:37 - 2014-05-11 17:37 - 00000000 ____D () C:\Users\Marcus\Documents\BioWare
2014-05-11 17:37 - 2014-05-11 17:36 - 00007768 _____ () C:\Users\Marcus\Documents\DAO Ultimate Addins Updater.log
2014-05-11 17:35 - 2012-09-25 21:59 - 00491816 _____ () C:\Windows\DirectX.log
2014-05-11 15:35 - 2014-05-11 15:35 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 15:35 - 2014-05-11 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-11 15:35 - 2014-05-10 22:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-11 15:33 - 2006-11-02 08:46 - 00843778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 15:32 - 2006-11-02 11:27 - 02081636 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 15:31 - 2012-09-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 15:26 - 2013-08-10 22:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 15:26 - 2012-09-23 20:42 - 00000000 ____D () C:\Users\Marcus
2014-05-11 15:26 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 15:26 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-11 15:22 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-05-11 15:22 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-05-11 15:22 - 2006-11-02 08:33 - 73924608 _____ () C:\Windows\system32\config\software_previous
2014-05-11 15:22 - 2006-11-02 08:33 - 21233664 _____ () C:\Windows\system32\config\system_previous
2014-05-11 15:19 - 2006-11-02 08:33 - 60030976 _____ () C:\Windows\system32\config\components_previous
2014-05-11 15:19 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-05-11 15:16 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-11 15:15 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-10 22:07 - 2012-07-15 03:00 - 00002032 _____ () C:\Users\Marcus\AppData\Local\d3d9caps.dat
2014-05-08 13:41 - 2013-08-10 22:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 13:41 - 2013-08-10 22:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 22:50 - 2012-10-01 18:45 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Deployment
2014-05-02 00:29 - 2006-11-02 11:42 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 07:39 - 2014-05-01 23:40 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 07:15 - 2014-05-01 23:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 06:28 - 2014-05-01 23:40 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 06:07 - 2014-05-01 23:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 01:46 - 2014-03-29 01:35 - 00032152 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-25 01:46 - 2014-03-29 01:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 01:41 - 2012-09-24 23:21 - 00185570 _____ () C:\Windows\PFRO.log
2014-04-25 01:27 - 2014-04-25 00:22 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-25 01:27 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\Speech
2014-04-25 00:22 - 2012-09-23 20:42 - 00000000 ___RD () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 13:04 - 2014-04-21 13:04 - 00003402 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update
2014-04-21 13:04 - 2014-04-21 13:04 - 00003384 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine
2014-04-21 13:04 - 2014-04-21 13:04 - 00003210 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2014-04-21 13:04 - 2014-04-21 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2014-04-21 13:04 - 2014-04-21 13:04 - 00000000 ____D () C:\Program Files\Motorola Mobility LLC
2014-04-21 13:04 - 2014-04-21 12:19 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-04-21 13:04 - 2012-09-23 21:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-21 12:22 - 2006-11-02 11:27 - 00002782 _____ () C:\Windows\setupact.log
2014-04-21 12:17 - 2014-04-21 12:17 - 00000000 ____D () C:\Users\Marcus\Downloads\Motorola
2014-04-21 11:25 - 2012-11-23 23:09 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-04-21 11:24 - 2013-07-25 22:36 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Black_Tree_Gaming
2014-04-21 11:23 - 2012-06-20 23:23 - 00000000 ____D () C:\Program Files (x86)\Oracle
2014-04-21 11:22 - 2012-09-23 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-21 11:22 - 2012-09-23 21:34 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-18 21:57 - 2011-09-05 18:42 - 00000000 ____D () C:\Users\Marcus\Documents\My Games
2014-04-18 21:55 - 2014-04-18 21:55 - 00360984 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistMSI4A57.txt
2014-04-18 21:55 - 2014-04-18 21:55 - 00011194 _____ () C:\Users\Marcus\AppData\Local\dd_vcredistUI4A57.txt
2014-04-18 00:43 - 2011-10-27 00:30 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Apple Computer
2014-04-17 19:39 - 2012-06-24 02:57 - 00000000 ____D () C:\Users\Marcus\AppData\Local\dxhr
2014-04-16 00:12 - 2012-09-23 22:55 - 00099840 _____ () C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\AutoRun.exe
C:\Users\Marcus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marcus\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Marcus\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Marcus\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {01306d17-0601-11e2-b0d4-8dd6aa6e6aa6}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {01306d17-0601-11e2-b0d4-8dd6aa6e6aa6}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

LastRegBack: 2014-05-12 04:37

==================== End Of Log ============================

mscrimge · May 12, 2014

By the way, yesterday, before you and the moderator got back to me, I did a System Restore, and moved the computer back to a point before the virus became active. That seems to have "stopped" it, for now. However, my sense is that I've only temporarily "deactivated" the virus, and that it is still on the computer here. I just wanted to let you know so that you're aware of everything on this end!

Now, the addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Marcus at 2014-05-12 07:26:38
Running from C:\Users\Marcus\Desktop\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.03.29 - )
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Attansic L1 Gigabit Ethernet Driver (HKLM-x32\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
CyberSky (HKLM-x32\...\CyberSky) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
LightScribe Applications (HKLM-x32\...\{7D8B9DA5-370A-48B6-AD8D-63574C974AAC}) (Version: 1.18.26.7 - LightScribe)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{B28B351F-1232-46EA-85EF-B8EA91641033}) (Version: 7.02.5017 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.19 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version: - )
The Sims 2 Family Fun Stuff (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version: - )
The Sims 2 Glamour Life Stuff (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
The Sims 2 University (HKLM-x32\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version: - )
The Sims™ 2 Apartment Life (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
The Sims™ 2 Celebration! Stuff (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
The Sims™ 2 FreeTime (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
The Sims™ 2 IKEA® Home Stuff (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
The Sims™ 2 Kitchen & Bath Interior Design Stuff (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
The Sims™ 2 Mansion and Garden Stuff (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
The Sims™ 2 Teen Style Stuff (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points =========================

08-05-2014 15:12:30 Scheduled Checkpoint
09-05-2014 18:48:33 Scheduled Checkpoint
11-05-2014 19:18:31 Restore Operation
11-05-2014 21:34:42 Installed DirectX
11-05-2014 21:35:47 Installed Microsoft Visual C++ 2005 Redistributable
11-05-2014 23:00:03 Windows Backup

==================== Hosts content: ==========================

2006-11-02 08:34 - 2014-03-29 00:20 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03E926CE-66AB-4EE8-9203-9E6BE5935CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0CA42E24-7E36-495E-B9A4-DB09C41A8E99} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.59\AsLoader.exe [2007-03-23] ()
Task: {0CE7B91A-C9E4-445A-AA48-0875F98E8E84} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {3B1DEF9E-7E2A-403D-890E-4E0F07333899} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {585BA718-B7D9-422B-A08C-91C464B6A3B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {970A84D2-74B6-4E87-A4BF-644F556F532C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {9763BBDE-C536-4053-AB3E-5418931F212F} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {B576F397-51DA-4FC6-A79E-D81CD61A8467} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {C87B6D7D-DA21-4F25-9F21-DBB8B2967C52} - System32\Tasks\ASUS\ASUS Energy Saving => C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe [2008-01-28] ()
Task: {CC1EBF4A-1409-41CB-8FD8-306A479F0282} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D73620B6-5962-48BA-82B5-9A8AA0C2B8E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-09-23] ()
Task: {EC045C66-8FFF-404D-8F7E-A99B993B95B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {ECD6437A-4038-4037-975D-9B9319F27B22} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe [2008-01-24] ()
Task: {F7FE1AE5-0602-4C10-8B7D-F8388DEFEF9E} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-23 21:34 - 2008-01-24 18:53 - 00613376 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
2013-04-21 21:39 - 2013-04-21 21:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-30 21:26 - 2008-07-11 03:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-01-30 21:26 - 2008-07-11 03:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-10-23 19:51 - 2008-01-28 12:55 - 01413120 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
2013-12-12 18:36 - 2013-12-12 18:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-09-23 21:34 - 2005-06-23 01:39 - 00204851 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\PowerDll.dll
2012-09-23 21:34 - 2008-01-18 00:46 - 00053248 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\cpuutil.dll
2012-09-23 21:34 - 2006-05-26 01:18 - 00106548 _____ () C:\Program Files (x86)\ASUS\AASP\1.00.59\PowNap.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-01-08 01:28 - 2014-04-21 18:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-22 20:49 - 2014-04-21 18:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-03-12 17:10 - 2014-03-31 18:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-24 18:51 - 2014-04-23 18:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2012-09-24 18:51 - 2014-03-03 15:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-24 18:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-10-23 19:51 - 2008-01-16 20:08 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
2012-10-23 19:51 - 2007-01-03 22:25 - 00008704 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
2013-01-30 21:26 - 2007-10-22 08:08 - 00139264 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Marcus\Documents\letter of reference.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22388711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22388711.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 07:23:54 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4ec
Start Time: 01cf6d5037261e50
Termination Time: 2

Error: (05/12/2014 06:38:09 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x15fc, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 06:16:35 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x1614, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 05:56:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x180, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 05:44:15 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0xca8, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 05:28:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x1498, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 05:17:53 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0xcb8, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 05:02:14 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x12bc, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 04:51:24 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x13bc, application start time 0xPhotoScreensaver.scr0.

Error: (05/12/2014 04:14:41 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application PhotoScreensaver.scr, version 6.0.6002.18005, time stamp 0x49e031d3, faulting module nvd3dumx.dll, version 9.18.13.2049, time stamp 0x51c4102d, exception code 0xc0000005, fault offset 0x00000000006b481f,
process id 0x93c, application start time 0xPhotoScreensaver.scr0.

System errors:
=============
Error: (05/11/2014 03:29:26 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: NVIDIA Update Service Daemon%%1069

Error: (05/11/2014 03:29:26 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (05/11/2014 03:26:40 PM) (Source: Print) (User: NT AUTHORITY) (EventID: 19)
Description: The print spooler failed to share printer EPSON Stylus CX4200 Series with shared resource name EPSON Stylus CX4200 Series. Error 2114. The printer cannot be used by others on the network.

Error: (05/11/2014 03:17:50 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: NVIDIA Update Service Daemon%%1069

Error: (05/11/2014 03:17:50 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (05/11/2014 03:16:36 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: 30000vpnagent

Error: (05/11/2014 03:15:05 PM) (Source: Print) (User: NT AUTHORITY) (EventID: 19)
Description: The print spooler failed to share printer EPSON Stylus CX4200 Series with shared resource name EPSON Stylus CX4200 Series. Error 2114. The printer cannot be used by others on the network.

Error: (05/10/2014 11:59:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: NVIDIA Update Service Daemon%%1069

Error: (05/10/2014 11:59:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (05/10/2014 11:57:14 PM) (Source: Print) (User: NT AUTHORITY) (EventID: 19)
Description: The print spooler failed to share printer EPSON Stylus CX4200 Series with shared resource name EPSON Stylus CX4200 Series. Error 2114. The printer cannot be used by others on the network.

Microsoft Office Sessions:
=========================
Error: (05/12/2014 07:23:54 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: mbam.exe1.0.0.5004ec01cf6d5037261e502

Error: (05/12/2014 06:38:09 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f15fc01cf6dcca9203550

Error: (05/12/2014 06:16:35 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f161401cf6dc9e4b624b0

Error: (05/12/2014 05:56:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f18001cf6dc824df1440

Error: (05/12/2014 05:44:15 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481fca801cf6dc5e88bba90

Error: (05/12/2014 05:28:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f149801cf6dc47747b740

Error: (05/12/2014 05:17:53 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481fcb801cf6dc2466d6090

Error: (05/12/2014 05:02:14 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f12bc01cf6dc0c3088e60

Error: (05/12/2014 04:51:24 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f13bc01cf6dbba2e4cf90

Error: (05/12/2014 04:14:41 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: PhotoScreensaver.scr6.0.6002.1800549e031d3nvd3dumx.dll9.18.13.204951c4102dc000000500000000006b481f93c01cf6db9ca4a2d70

CodeIntegrity Errors:
===================================
Date: 2014-05-12 07:26:26.442
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:26.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:26.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:26.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:25.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:25.737
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:25.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:25.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:10.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-12 07:26:10.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8190.18 MB
Available physical RAM: 5603.8 MB
Total Pagefile: 16599.41 MB
Available Pagefile: 13908.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.41 GB) (Free:256.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup Disk) (Fixed) (Total:232.88 GB) (Free:67.51 GB) NTFS
Drive e: (Sims2EP9) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 17499EEF)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465 GB) (Disk ID: 5979E30A)
Partition 1: (Active) - (Size=465 GB) - (Type=07 NTFS)

==================== End Of Log ============================

mscrimge · May 12, 2014

And finally, the shortcut.txt file:

Users shortcut scan result (x64) Version: 11-05-2014 01
Ran by Marcus at 2014-05-12 07:27:12
Running from C:\Users\Marcus\Desktop\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom HOME 2.lnk -> C:\Windows\Installer\{99072AB4-D795-44D5-9D65-E3C9F8322C97}\NewShortcut1_BB5D96B1D05B428EBAD4A437B7244768.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Cyber-shot Viewer.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\Browser\SPUBrowser.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Tools\Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Tools\Settings Initialization Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\InitTool\SPUInit.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero CD-DVD Speed [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero CoverDesigner Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Express Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\NeroExpress_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Recode Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Recode\NeroRecode_eng.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Manuals\Nero Vision Essentials [English Help].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVisionExpress_ENG.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager\Motorola Device Manager.lnk -> C:\Windows\Installer\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}\_EED70B3E82A514A7A6E8F1.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Problem Reports and Solutions.lnk -> C:\Windows\System32\wercon.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Template Labeler.lnk -> C:\Program Files (x86)\LightScribe Template Labeler\TemplateLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgrade.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan\EPSON Scan Settings.lnk -> C:\Windows\twain_32\escndv\escfg.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Uninstall The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\The Sims 2™ Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\TSBin\Sims2EP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Uninstall The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Uninstall The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Uninstall The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Uninstall The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\TSBin\Sims2SP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Uninstall The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Uninstall The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\TSBin\Sims2SP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Uninstall The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Uninstall The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Uninstall The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\The Sims 2 University.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\TSBin\Sims2EP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Uninstall The Sims 2 University.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\The Sims 2 Pets.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\TSBin\Sims2EP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Uninstall The Sims 2 Pets.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\The Sims 2 Open For Business.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\TSBin\Sims2EP3.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Uninstall The Sims 2 Open For Business.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\The Sims 2 Nightlife.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Uninstall The Sims 2 Nightlife.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\The Sims 2 Glamour Life Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\TSBin\Sims2SP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Uninstall The Sims 2 Glamour Life Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\The Sims 2 Family Fun Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\TSBin\Sims2SP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Uninstall The Sims 2 Family Fun Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\The Sims 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\The Sims 2.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Uninstall The Sims 2.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk -> C:\Program Files (x86)\DVD Flick\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk -> C:\Program Files (x86)\DVD Flick\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk -> C:\Program Files (x86)\DVD Flick\guide\index_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk -> C:\Program Files (x86)\DVD Flick\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky Help.lnk -> C:\Program Files (x86)\CyberSky\CyberSky.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky Home Page.lnk -> C:\Program Files (x86)\CyberSky\CyberSky Home Page.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\CyberSky.lnk -> C:\Program Files (x86)\CyberSky\CyberSky.exe (Stephen Michael Schimpf)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberSky\Uninstall CyberSky.lnk -> C:\Program Files (x86)\CyberSky\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\NOOK for PC.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe (Barnes & Noble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\Uninstall.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe (Barnes & Noble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar Essence STX Audio\Xonar Essence STX Audio Center.lnk -> C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (CMedia)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\Manual for PC Probe II.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\PC Probe II V1.04.19.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\UnInstall PC Probe II .lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\AI Suite v1.03.29.lnk -> C:\Program Files (x86)\ASUS\AI Suite\AiSuite.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\UnInstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\Windows\System32\sdclt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\SysWOW64\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F248ADFA-64E0-4B03-8A83-059078BED6A0}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F248ADFA-64E0-4B03-8A83-059078BED6A0}\PlayTasks\0\Play The Sims™ 2 Bon Voyage.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EAA38532-7AD0-4F78-918A-4F4F02096ECE}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EAA38532-7AD0-4F78-918A-4F4F02096ECE}\PlayTasks\0\Play The Sims™ 2 Celebration! Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\TSBin\Sims2SP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{B6F5B704-06D3-4687-90F3-6195304AD755}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{B6F5B704-06D3-4687-90F3-6195304AD755}\PlayTasks\0\Play The Sims™ 2 Apartment Life.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{87F6C83D-F949-4D14-B5CB-DC8C75F8932D}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{87F6C83D-F949-4D14-B5CB-DC8C75F8932D}\PlayTasks\0\Play The Sims™ 2 FreeTime.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 FreeTime\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{84DDE556-43EF-43ED-B2DF-37AF9E5DDD75}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{84DDE556-43EF-43ED-B2DF-37AF9E5DDD75}\PlayTasks\0\Play The Sims™ 2 H&M® Fashion Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\TSBin\Sims2SP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}\PlayTasks\0\Play The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{5C648FDB-0138-4619-B66E-230EF53E8E2C}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{5C648FDB-0138-4619-B66E-230EF53E8E2C}\PlayTasks\0\Play The Sims™ 2 Teen Style Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\3\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\2\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4DDB8C5E-1423-4D17-B3AD-E061297CEC4B}\PlayTasks\0\Play The Sims™ 2 IKEA® Home Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 IKEA® Home Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A2A15C2-6780-49C1-B296-503230E9DE00}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A2A15C2-6780-49C1-B296-503230E9DE00}\PlayTasks\0\Play The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()
Shortcut: C:\Users\Marcus\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Marcus\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Marcus\Links\Documents.lnk -> C:\Users\Marcus\Documents ()
Shortcut: C:\Users\Marcus\Links\Music.lnk -> C:\Users\Marcus\Music ()
Shortcut: C:\Users\Marcus\Links\Pictures.lnk -> C:\Users\Marcus\Pictures ()
Shortcut: C:\Users\Marcus\Links\Public.lnk -> C:\Users\Public ()
Shortcut: C:\Users\Marcus\Links\Recently Changed.lnk -> C:\Users\Marcus\Searches\Recently Changed.search-ms ()
Shortcut: C:\Users\Marcus\Links\Searches.lnk -> C:\Users\Marcus\Searches ()
Shortcut: C:\Users\Marcus\Desktop\Desktop\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\Desktop\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\Users\Marcus\Desktop\Desktop\Xonar Essence STX Audio Center.lnk -> C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (CMedia)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Word\Mt%20Carberry_13-0250_Draft%20-%20Comments%201-13-303520461588394384\Mt%20Carberry_13-0250_Draft%20-%20Comments%201-13-2014.doc.lnk -> C:\Users\Marcus\Desktop\Desktop\Mt Carberry_13-0250_Draft - Comments 1-13-2014.doc (No File)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Word\2013%20GCCS%20Monitoring%20Plan%20Update.v3.10-15-303520201237844080\2013%20GCCS%20Monitoring%20Plan%20Update.v3.10-15-13.docx.lnk -> C:\Users\Marcus\Desktop\Desktop\Monitoring Plan Update\2013 GCCS Monitoring Plan Update.v3.10-15-13.docx (No File)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\TechPowerUp GPU-Z.lnk -> C:\Program Files (x86)\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\Uninstall.lnk -> C:\Program Files (x86)\GPU-Z\uninstall.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{FAD368C3-A7DF-43F4-BA72-5CEEA3BB3765}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\TSBin\Sims2EP3.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\The Sims 2™ Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\0\Play The Sims™ 2 Seasons.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\TSBin\Sims2EP5.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{DBB664FA-2798-4327-A655-F274F0DEF739}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\TSBin\Sims2EP1.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{D7F34A08-60B3-409A-8F37-83D5BD312510}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{C89B8151-D73E-42B8-9C20-C986F28FFFE6}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\TSBin\Sims2SP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{80F639E7-17A4-4AD9-B687-3B776D26BDEE}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\TSBin\Sims2EP4.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{7D004460-C55F-4E20-A35D-41C521A645FF}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\Users\Marcus\AppData\Local\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\Users\Public\Desktop\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\NOOK for PC.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe (Barnes & Noble, Inc.)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Uninstall TomTom HOME 2.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {99072AB4-D795-44D5-9D65-E3C9F8322C97}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero Online Upgrade.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroUpgrade.exe (Nero AG) -> -ScParameter=8 ShowOffer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero ProductSetup.lnk -> C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=8 MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero CD-DVD Speed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Tools\Nero Scout.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroScoutOptions.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Photo and Video\Nero Recode Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Recode\Recode.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Photo and Video\Nero Vision Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Labels\Nero CoverDesigner Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe (Nero AG) -> -ScParameter=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Data\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Audio\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Printer Software Uninstall.lnk -> C:\Windows\System32\spool\drivers\x64\3\EPUPDATE.EXE (SEIKO EPSON CORPORATION) -> /R
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus CX4200 Series Buy Ink.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_IARNAEA.EXE (SEIKO EPSON CORPORATION) -> /T "MENU" /D "EPSON Stylus CX4200 Series" /M "Stylus CX4200" /A
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Seasons\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 H&M® Fashion Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP5.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Celebration! Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Celebration! Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 University\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EReg.exe (Electronic Arts, Inc.) -> "Sims2EP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Pets\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP4.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP3.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Open For Business\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP3.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EasyInfo.exe (Electronic Arts) -> "Sims2EP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Nightlife\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Nightlife\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2EP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Glamour Life Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Glamour Life Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EasyInfo.exe (Electronic Arts) -> "Sims2SP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2 Family Fun Stuff\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EReg.exe (Electronic Arts Inc.) -> "Sims2SP1.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\EAsy Info.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EasyInfo.exe (Electronic Arts) -> "Sims2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims 2\Electronic Registration.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2\Support\EReg.exe (Electronic Arts, Inc.) -> "Sims2.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Nero Express Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 /w
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility\Help\Cyber-shot Viewer.url -> C:\Program Files (x86)\Sony\Sony Picture Utility\Browser\help\Index.html

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Teen Style Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Mansion and Garden Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Kitchen & Bath Interior Design Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 IKEA® Home Stuff\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 FreeTime\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Bon Voyage\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Apartment Life\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us

InternetURL: C:\Users\Marcus\Favorites\Aetna Login.url -> https://member.aetna.com/appConfig/login/login.fcc?TYPE=33554433&REALMOID=06-36d8cb4d-4ac1-44c7-b12d-a80fba4b718e&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-xU5km2Pz5%2f9A%2f2FCwUlXE48HlDkyH9ruz3da8Iqw6pwcy09mgHFN5RmlkMNqguY5&TARGET=-SM-HTTPS%3a%2f%2fmember%2eaetna%2ecom%2fMbrLanding%2fRoutingServlet%3fcreateSession%3dtrue

InternetURL: C:\Users\Marcus\Favorites\Central Desktop.url -> https://scsengineers.centraldesktop.com/login

InternetURL: C:\Users\Marcus\Favorites\SCS ESS.url -> https://scs.sentric.net/default.aspx?Tab=821caefe-9d45-44e7-9d5e-126c172dc991

InternetURL: C:\Users\Marcus\Favorites\Links\Bank of America Home Personal.url -> https://www.bankofamerica.com/

==================== End of log =============================

B-boy/StyLe/ · May 13, 2014

Hello,

I guess that that you resolved the problem by yourself because your logs are clean (except for one malware related entry which we should delete).

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also I don't know how you were reinfected but I will post this warning again and I hope you will take it seriously:

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."

Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

So I suggest you to uninstall BitTorrent right now.

Also it's a good idea to read again my recommendations above and install a HIPS based software or create a standard user account to avoid future problems with malware.

Check the browsers part as well (because I guess the malware above uses some kind of exploit to infect you through the browser)... I didn't mention a few programs here because they are too confusing to use for home users but you can take a look at them:

EMET

VoodooShield

However I would not install them all because they could render your pc unusable and will slow it down like a turtle.
Having more than one "real-time" program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Regards,

Georgi

mscrimge · May 13, 2014

Hi Georgi. It does seem like the system's been very stable since I did the System Restore; I've been monitoring it closely while in use (including keeping the network cable plugged in; which I had disconnected previously to positively prevent any sensitive information leaking out of my computer).

I'll use the fixlist.txt tonight - thanks again for preparing that!

To be clear, my computer wasn't re-infected; this does not appear to be the same virus. There was no internet radio noise accompanying the internet traffic this time, and last time, I wasn't able to resolve the virus problem by doing a system restore. The computer was, however infected again by simple web browsing - the key though was that I didn't have an antivirus on. That's going to be remedied right after I do the fixlist.txt. My company has provided us all with free access to McAfee Security Suite. Given your experience, let me know if it's worth installing that software, or if you think it's fairly useless, and that I should go for something else. My experience with it in the past has been lukewarm; significant performance losses for little gain (i.e., I've seen viruses slip past it ).

As for BitTorrent, I simply don't use it. I haven't used it in...oh, about a year I think, and it's not active on my machine (i.e., it's not seeding or receiving). And when I did use it, I used it only to download movies that are generally recognized to be public domain (generally movies from the 30's/early 40's). In any event, my virus problem is unconnected to BitTorrent. But with that said, I think I will uninstall it tonight, just after I apply your fixlist.txt.

Thanks again for your help, and I'll send the log tonight after I've made the fix.

B-boy/StyLe/ · May 14, 2014

Hi,

I am sorry about the delay. I've been busy in the last two days.

Hi Georgi. It does seem like the system's been very stable since I did the System Restore;

Yes, the latest logs prove that.

To be clear, my computer wasn't re-infected; this does not appear to be the same virus.

Well...I can agree...you probably was hit by Ranmsomware

C:\ProgramData\2992199F9A

It's not the same like the one you had at the beginning of the topic and I would advise you to work harder on the prevention tasks then.

My company has provided us all with free access to McAfee Security Suite. Given your experience, let me know if it's worth installing that software, or if you think it's fairly useless, and that I should go for something else. My experience with it in the past has been lukewarm; significant performance losses for little gain (i.e., I've seen viruses slip past it ).

Unfortunately I don't have experience with the McAfee products but they should be better than nothing. Regarding the latest tests it's not so bad!

http://news.softpedia.com/news/Kaspersky-Internet-Security-2014-Crowned-the-Best-Anti-Virus-in-the-World-After-New-Tests-441033.shtml

http://chart.av-comparatives.org/chart1.php

You should try and decide what is best for you based on your experience level and computer knowledge.

This is really a matter of personal choice depending on what your needs, computer skills, computer resources and comfort level. All antivirus programs have advantages and disadvantages. Keep in mind that there is no antivirus that catches everything. You still should be very careful when surfing and having good browsing habits...

Regards,

Georgi

B-boy/StyLe/ · May 19, 2014

Hi,

Do you still need assistance?

Regards,

Georgi

mscrimge · May 19, 2014

All set, Georgi: Uninstalled BitTorrent, installed McAfee (and it didn't slow down the computer much), so all is good. Thanks again for your help; I'm glad it didn't take as long as last time!

B-boy/StyLe/ · May 21, 2014

Hello,

You missed to post the fixlog.txt?

Also update Mcafee and run a complete system scan and let me know about the results.

Regards,

Georgi

mscrimge · May 21, 2014

That's funny - I was sure that I uploaded the fixlog.txt; I'm not sure what happened to that post. Unfortunately, I have since deleted the file, so there's not much I can send at this point. In any event, the computer has been behaving normally since I did the system restore, and there were no error messages when I applied the fix (though I did not read the fixlog in detail). I did run a full McAfee scan and there were no detections. As such, I think we can probably make this thread dormant now. Thanks again for your help.

B-boy/StyLe/ · May 23, 2014

Hi,

Make sure that the following folder was deleted C:\ProgramData\2992199F9A and run a scan with MBAM and if clean you are good to go.

Then go ahead and delete C:\FRST\Quarantine folder manually. Don't delete the whole C:\FRST folder because the folder contains a registry backup that can be used at later stage if needed.

I'll ask the moderators to close this topic again. If you have any questions send me a PM.

Regards,

Georgi

AdvancedSetup · May 23, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

svchost.exe *32 and internet radio noise

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information