Jump to content

Health Alert and other PUPs are still on my PC after removing them

bree24
 Share

Recommended Posts

MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 Please enable your system to show hidden files: http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

You can also use this version of RogueKiller which works on both 32 and 64 bit:

RogueKiller 32 & 64 bit

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>Sometimes when clearing out an infection the winsock stack will become corrupt and you'll loose your internet connection. To resolve this....reset the stack as outlined HERE

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
bree24

bree24

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/28/2015

Scan Time: 2:52:39 PM

Logfile: mam.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.28.06

Rootkit Database: v2015.05.24.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Cat's comp

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 417307

Time Elapsed: 1 hr, 48 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 8

PUP.Optional.GlobalUpdate.A, C:\Users\Cat's comp\AppData\Local\Temp\comh.429006, , [17ef22770a80df572d0becd6ed16e020], 

PUP.Optional.uTorrentBar.A, C:\Users\Cat's comp\AppData\Local\Temp\uTorrentBar, , [739309904f3b2f072e004487e41fef11], 

PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com, , [33d3b5e4fa90ff3783a0d003d033837d], 

PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\chrome, , [33d3b5e4fa90ff3783a0d003d033837d], 

PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\chrome\content, , [33d3b5e4fa90ff3783a0d003d033837d], 

PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\components, , [33d3b5e4fa90ff3783a0d003d033837d], 

PUP.Optional.ConduitTB.Gen, C:\Users\Cat's comp\AppData\Local\Temp\TestIfExeExist\CT3306061, , [0df96f2ab2d8e2542bf325b9877c07f9], 

PUP.Optional.ConduitTB.Gen, C:\Users\Cat's comp\AppData\Local\Temp\TestIfExeExist\CT3306061\nativeMessaging, , [0df96f2ab2d8e2542bf325b9877c07f9], 

 

Files: 1

Worm.Traces, C:\a.txt, , [f80ed1c8107a7bbb55a1ff6ff90bb947], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
bree24

bree24

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01

Ran by Cat's comp (administrator) on CATSCOMP-PC on 28-05-2015 18:24:57

Running from C:\Users\Cat's comp\Downloads

Loaded Profiles: Cat's comp (Available Profiles: Cat's comp & Mcx1 & ML)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 7 (Default browser not detected!)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Lexmark International, Inc.) C:\WINDOWS\System32\spool\drivers\w32x86\3\lxduserv.exe

( ) C:\WINDOWS\System32\lxducoms.exe

() C:\WINDOWS\System32\PnkBstrA.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(America Online, Inc.) C:\Program Files\Common Files\aol\1307588935\ee\aolsoftware.exe

() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

(Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Hewlett Packard) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)

HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)

HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1307588935\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)

HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()

HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [instaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent

HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [bitComet] => C:\Program Files\BitComet\BitComet.exe /tray

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cat's comp\AppData\Local\Akamai\netsession_win.exe"

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk [2014-08-02]

ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard)

GroupPolicyUsers\S-1-5-21-4097726319-1414410365-2442618022-1002\User: Group Policy Restriction detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

SearchScopes: HKLM -> {623BFBC2-A820-4060-8FCC-9B1AE69A939B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=BASICSEEK111&keywords={searchTerms}

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23] (Symantec Corporation)

BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File

Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23] (Symantec Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

Winsock: Catalog5 000000000005 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Cat's comp\AppData\Roaming\Mozilla\Firefox\Profiles\xxpyyynu.default-1418170259335

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()

FF Plugin: @daum.net/DaumGameFx -> C:\ProgramData\Daum Games\FXStarter\npDaumGameFx.dll [2014-03-26] (Daum)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-18] (Apple Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-13]

 

Chrome: 

=======

CHR Profile: C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Adguard AdBlocker) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-27]

CHR Extension: (Adblock Plus) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-27]

CHR Extension: (uTorrent easy client) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfiejlelblhoaflnjajjjjkkgbeifpn [2015-05-27]

CHR Extension: (AdBlock) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27]

CHR Extension: (Hola Better Internet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-27]

CHR Extension: (Bookmark Manager) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]

CHR Extension: (Online Virus Scan) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpacaaphmmpfloeiopekgajdclliokh [2015-05-27]

CHR Extension: (Adblock Super) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-05-27]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]

CHR Extension: (Google Wallet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]

CHR Extension: (Sửa lỗi \) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-05-27]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46680 2005-04-18] (America Online)

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation)

R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]

R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]

R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation)

S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] ()

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-05-24] (SurfRight B.V.)

S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation)

R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)

R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( )

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-25] ()

S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-06-07] (Symantec Corporation)

R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [23576 2014-07-28] (Windows ® Win 7 DDK provider)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102760 2006-11-05] (Symantec Corporation)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]

S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation)

R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-06-07] (Symantec Corporation)

S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-24] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-24] (Symantec Corporation)

U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-05-28] ()

R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)

S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2014-11-26] (Wondershare)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Three Months Created files and folders ========
Link to post
Share on other sites
bree24

bree24

Posted
  • Author
Posted
RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software





 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Cat's comp [Administrator]

Started from : C:\Users\Cat's comp\Desktop\RogueKiller.exe

Mode : Scan -- Date : 05/28/2015  19:15:50

 

¤¤¤ Processes : 2 ¤¤¤

[suspicious.Path] (SVC) NAVENG -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS[7] -> Stopped

[suspicious.Path] (SVC) NAVEX15 -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS[7] -> Stopped

 

¤¤¤ Registry : 7 ¤¤¤

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤

[sSDT:Addr(Hook.SSDT)] NtConnectPort[54] : Unknown @ 0xc3ffbaa8

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST3250820AS ATA Device +++++

--- User ---

[MBR] 69032381ed6cb208c4735376e490df85

[bSP] 96840f5650cdce42cb1f8e79a6e5e23b : HP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 231325 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 473754960 | Size: 7146 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_SCN_05272015_201417.log - RKreport_DEL_05272015_201806.log - RKreport_DEL_05272015_201823.log - RKreport_DEL_05272015_201837.log

RKreport_DEL_05272015_201903.log - RKreport_DEL_05272015_201920.log - RKreport_DEL_05272015_201941.log

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

When you ran the scan with FRST...it created 2 logs.
FRST.txt and Addition.txt
You posted the FRST.txt but the bottom of the log is missing
I need to see the complete log.
I also need to see the Addition.txt

The easiest way to do that is for you to attach both of the logs (FRST.txt and Addition.txt)

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites
bree24

bree24

Posted
  • Author
Posted
Users shortcut scan result (x86) Version: 27-05-2015 01

Ran by Cat's comp at 2015-05-28 22:41:37

Running from C:\Users\Cat's comp\Downloads

Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

 

 

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Total Care Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\WINDOWS\ehome\ehshell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk -> C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\Uninstall.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManager_Uninst.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Getting Started Guide.lnk -> C:\hp\documentation\getting_started\index.html ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety & Comfort Guide.lnk -> C:\hp\documentation\297660.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\hp\documentation\upgrading_and_servicing\index.html ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Creator Basic v9.lnk -> C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Express Labeler.lnk -> C:\Program Files\Roxio\Express Labeler 3\stax.exe (MicroVision Development, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\MyDVD Basic v9.lnk -> C:\Program Files\Roxio\VideoUI 9\MyDVD9.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery Help.lnk -> C:\Program Files\Intelore\RAR-PR\urpwdr.chm (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery.lnk -> C:\Program Files\Intelore\RAR-PR\urpwdr11rc16.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\Uninstall RAR Password Recovery.lnk -> C:\Program Files\Intelore\RAR-PR\uninstall.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\RichText.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\PictureViewer.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\QTPlayer.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\HPOOVClient.exe ( )

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Compaq support information.lnk -> C:\hp\support\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk -> C:\Program Files\PC-Doctor 5 for Windows\pcdr5cuiw32.exe (PC-Doctor, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Disc Creation.lnk -> C:\WINDOWS\SMINST\CD Creator.exe (SoftThinks)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Manager.lnk -> C:\WINDOWS\SMINST\Restore7.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\AOL Sign-up.lnk -> C:\Program Files\Online Services\Aolus\InstallAol.exe (Hewlett Packard)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\EarthLink.lnk -> C:\Program Files\Online Services\EarthLink\InstallEarthLink.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Get Vonage.lnk -> C:\Program Files\Online Services\Vonage\core\core_start.exe (Vonage)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\MSN.lnk -> C:\Program Files\Online Services\MSN90\LaunchMsn.exe (Hewlett Packard)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero Dial-up.lnk -> C:\Program Files\Online Services\Netzero_du\NetZeroHSSetup.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero High-speed.lnk -> C:\Program Files\Online Services\Netzero_Acc\NetZeroHSSetup.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage PC Talk.lnk -> C:\Program Files\Online Services\Vonage\pctalk\VonageTalk.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage Small Business Plans.lnk -> C:\Program Files\Online Services\Vonage\smb\smb_start.exe (Vonage)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero Dial-up.lnk -> C:\Program Files\Online Services\Netzero_du_ca\NetZeroHSSetup.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero High-speed.lnk -> C:\Program Files\Online Services\Netzero_Acc_ca\NetZeroHSSetup.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Vonage.lnk -> C:\Program Files\Online Services\Vonageca\core\core_start.exe (Vonage)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Program Files\Microsoft Works\wksgsg.htm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Program Files\Microsoft Works\wksdb.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Program Files\Microsoft Works\wksss.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Program Files\Microsoft Works\WksWP.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Windows Address Book.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Problem Reports and Solutions.lnk -> C:\WINDOWS\System32\wercon.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\WINDOWS\System32\msra.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Express Labeler.lnk -> C:\Program Files\Roxio\Express Labeler 3\stax.exe (MicroVision Development, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Lexmark Service Center.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Diagnostics\lxdudiag.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\User's Guide.LNK -> C:\Program Files\Lexmark 5600-6600 Series\lxduuser.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\EU Waste Electronics Information.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\EU_Waste_Electronic_Information.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Uninstall Lexmark 5600-6600 Series.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Install\x86\Uninst.exe ( )

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Photo Stream.lnk -> C:\Program Files\Common Files\Apple\Internet Services\PhotoStream.exe (Apple Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk -> C:\WINDOWS\System32\WindowsAnytimeUpgrade.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin\Belkin Router Monitor.lnk -> C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\WINDOWS\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\System32\calc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\WINDOWS\System32\NetProj.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\WINDOWS\System32\SoundRecorder.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Sticky Notes.lnk -> C:\WINDOWS\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\WINDOWS\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\WINDOWS\System32\migwiz\migwiz.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\WINDOWS\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\System32\rstrui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{DEEC1E88-94A4-412C-B64A-1D772535AD58}\PlayTasks\0\Play.lnk -> C:\Program Files\MTA San Andreas 1.3\Multi Theft Auto.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\Documents - Shortcut.lnk -> C:\Users\Cat's comp\Desktop\Documents\Documents ()

Shortcut: C:\Users\Cat's comp\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()

Shortcut: C:\Users\Cat's comp\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()

Shortcut: C:\Users\Cat's comp\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()

Shortcut: C:\Users\Cat's comp\Links\Documents.lnk -> C:\Users\Cat's comp\Desktop\Documents\Documents ()

Shortcut: C:\Users\Cat's comp\Links\Music.lnk -> C:\Users\Cat's comp\Music ()

Shortcut: C:\Users\Cat's comp\Links\Pictures.lnk -> C:\Users\Cat's comp\Pictures ()

Shortcut: C:\Users\Cat's comp\Links\Public.lnk -> C:\Users\Public ()

Shortcut: C:\Users\Cat's comp\Links\Recently Changed.lnk -> C:\Users\Cat's comp\Searches\Recently Changed.search-ms ()

Shortcut: C:\Users\Cat's comp\Links\Searches.lnk -> C:\Users\Cat's comp\Searches ()

Shortcut: C:\Users\Cat's comp\Desktop\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)

Shortcut: C:\Users\Cat's comp\Desktop\µTorrent.lnk -> C:\Users\Cat's comp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files\Steam\Steam.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google  Chrome.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Cat's comp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{91C3A118-12AA-44C6-91F4-AB06829B267C}\PlayTasks\0\Play.lnk -> C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{8238AD32-562E-4E97-82F0-3815955E3391}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Temp1_GTA 3.zip\GTA3\gta3.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{5C7070B5-DCC4-4D34-8536-B5828037A445}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Rar$EX47.785\GTA3\gta3.exe (No File)

Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{52073ADD-618F-46B4-AECB-DFD7050EBCF8}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Rar$EX91.784\GTA3\gta3.exe (No File)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()

Shortcut: C:\Users\ML\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()

Shortcut: C:\Users\ML\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()

Shortcut: C:\Users\ML\Links\Documents.lnk -> C:\Users\ML\Desktop\Documents\Documents (No File)

Shortcut: C:\Users\ML\Links\Music.lnk -> C:\Users\ML\Music ()

Shortcut: C:\Users\ML\Links\Pictures.lnk -> C:\Users\ML\Pictures ()

Shortcut: C:\Users\ML\Links\Public.lnk -> C:\Users\Public ()

Shortcut: C:\Users\ML\Links\Recently Changed.lnk -> C:\Users\ML\Searches\Recently Changed.search-ms ()

Shortcut: C:\Users\ML\Links\Searches.lnk -> C:\Users\ML\Searches ()

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)

Shortcut: C:\Users\Public\Desktop\HP Total Care Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

Shortcut: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File)

Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)

Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()

Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe ()

Shortcut: C:\Users\Public\Desktop\Windows Media Center.lnk -> C:\WINDOWS\ehome\ehshell.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()

 

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Zip.ca - Online DVD Rentals.lnk -> C:\Program Files\Online Services\zipca\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=zipca&pf=desktop&locale=en_ca&bd=all&c=71

 

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) -> -startup

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\WINDOWS\System32\wuapp.exe (Microsoft Corporation) -> startmenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\VzDownloadManager.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe (Electrorent Corporation) -> VzDownloadManager

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> -Iskins

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) -> -startup

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) -> /i {AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} /qf

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Easy Internet Services.lnk -> C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe (Hewlett-Packard) -> /LaunchPage /eis

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Help and Support.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (Symantec Corporation) -> -dll isDataCl.dll -func FetchURL -hint 1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\More Symantec Solutions.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (Symantec Corporation) -> -dll isDataCl.dll -func FetchURL -hint 2

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk -> C:\Program Files\Common Files\Symantec Shared\NPC\uiStub.exe (Symantec Corporation) -> {68175F05-68E7-47e7-A1F2-4CE1DEE316EE}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\-  My HP Game Console  -.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bistro Stars.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bistro Stars\BistroStars-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blackhawk Striker 2.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blasterball 2 Revolution.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 2 Revolution\bb2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blasterball 3.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 3\BlasterBall3-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Boggle Supreme.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Boggle Supreme\BoggleSupreme-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bookworm Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bookworm Deluxe\BookWorm-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Chuzzle Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Crystal Maze.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Crystal Maze\Maze-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Diner Dash.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Diner Dash\Diner Dash-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Family Feud.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Family Feud\FamilyFeud-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\FATE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\FATE\Fate-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Final Drive Nitro.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Final Drive Nitro\Racing-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Insaniquarium Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Insaniquarium Deluxe\InsaniquariumDeluxe-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\JEOPARDY.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\JEOPARDY\JEOPARDY!-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Jewel Quest.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Jewel Quest\JewelQuest-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\LEGO Builder Bots.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\LEGO Builder Bots\LEGO Builder Bots-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Mahjong Journey of Enlightenment.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\MahJong-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Ocean Express.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Ocean Express\OceanExpress-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Penguins!.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Penguins!\penguins-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Bowler.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Bowler\Polar-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Golfer Pineapple Cup.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\golf-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Golfer.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer\golf-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\SCRABBLE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\SCRABBLE\Scrabble-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Slingo Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Super Granny.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Super Granny\granny-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\The Apprentice.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\The Apprentice\Apprentice-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Tornado Jockey.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tornado Jockey\Tornado-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Tradewinds.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tradewinds\tradewinds-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Wheel of Fortune.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Zuma Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Zuma Deluxe\Zuma-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Network Configuration.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=317

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Release Notes.LNK -> C:\WINDOWS\System32\write.exe (Microsoft Corporation) -> C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdurme.doc

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Wireless Setup Utility.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Wireless\lxduwpss.exe (Lexmark International, Inc.) -> /ini=lxduina.ini /title="Wireless Setup Utility"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Special Offers\Lexmark Connect.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=653

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Printivity\Lexmark Fast Pics.LNK -> C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.) -> -h204

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Align Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=304

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Clean Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=305

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Install Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=318

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Print A Test Page.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=311

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\-  My HP Game Console  -.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni XviD.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\AOL Search.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SAOLSearch

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\My AOL.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SMyAOL

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Radio @ AOL.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SAOLRadio

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Read Mail.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SMailbox

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Send Instant Message.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SIM

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Sign on to AOL Now.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SWelcome

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\WINDOWS\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation) -> /open

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fb8cec27-10f6-465d-b812-297d5ea7fc8f}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Final Drive Nitro\Racing-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f26fa1cd-5643-4d9c-8174-bf8b9afcf8ae}\PlayTasks\0\JEOPARDY.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\JEOPARDY\JEOPARDY!-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e8314eef-6558-4f65-8230-5c23eb8f74a8}\PlayTasks\0\Tornado Jockey.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tornado Jockey\Tornado-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c7070d83-d8a5-4f36-b082-310a54769fbc}\PlayTasks\0\Diner Dash.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Diner Dash\Diner Dash-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c5f14846-9946-47d8-b15d-33f15e7199fe}\PlayTasks\0\SCRABBLE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\SCRABBLE\Scrabble-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c24273e8-da4f-4fff-bac9-d8b5b16fb74c}\PlayTasks\0\The Apprentice.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\The Apprentice\Apprentice-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c1447196-778c-4b18-a954-2db42bd8df8b}\PlayTasks\0\Family Feud.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Family Feud\FamilyFeud-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ad191d2c-bbd5-46a9-bd1f-670de55c2bd3}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer\golf-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a38aeee7-8e46-44cf-8e86-b9599d5d1948}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{92c38374-d56f-4ebd-a30a-12e06fdb0b41}\PlayTasks\0\Wheel of Fortune.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8fce831d-7b4d-4f75-bb60-f7764ba08472}\PlayTasks\0\Tradewinds.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tradewinds\tradewinds-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{857deeb7-0612-45c4-96c2-0fca2270585e}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{84a24ec6-3215-40f0-80e8-877759bc177a}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Bowler\Polar-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{77e00b13-7923-4014-b43b-185b2ad772a8}\PlayTasks\0\Slingo Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{752b5f1a-6a8f-40e8-9e27-2b2dbdaf3a20}\PlayTasks\0\Crystal Maze.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Crystal Maze\Maze-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{70bb3f26-7f92-46e2-853c-97f3ebeb9b3c}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 2 Revolution\bb2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{586bedf5-568e-4914-98e8-38d40cd97c2e}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Zuma Deluxe\Zuma-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{53d10759-b54e-4e7d-a21e-f506b0ad1530}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3f24aef6-2c8c-469b-a4bd-daec83bf9407}\PlayTasks\0\Super Granny.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Super Granny\granny-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3cb37e73-972c-4d88-8550-9f9a5eab5711}\PlayTasks\0\Insaniquarium Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Insaniquarium Deluxe\InsaniquariumDeluxe-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3a158259-5778-4bfb-94ba-a60fa67073cf}\PlayTasks\0\Penguins!.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Penguins!\penguins-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{35eb4999-46c9-43a4-845b-30a8188e153e}\PlayTasks\0\Bookworm Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bookworm Deluxe\BookWorm-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{27eaedc1-90e0-4c6f-a533-2138d7233ee7}\PlayTasks\0\FATE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\FATE\Fate-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{21ee1f28-2e1e-4e07-824a-499ecce4c3ce}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 3\BlasterBall3-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0d27d293-9782-4bd6-b1e0-2b48db674965}\PlayTasks\0\Jewel Quest.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Jewel Quest\JewelQuest-WT.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0178d2fd-a379-4bd0-9d82-9e147d300d7a}\PlayTasks\0\Polar Golfer Pineapple Cup.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\golf-WT.exe"

ShortcutWithArgument: C:\Users\Cat's comp\Desktop\Chrome App Launcher.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Cat's comp\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Plus.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nejpkcilphefkpemgoiicdmohoijefif

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Avast Antivirus 2014.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=leacnaaaapmnlhhjpoboiepbefecbdkb

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Public\Desktop\My HP Games.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe"

ShortcutWithArgument: C:\Users\Public\Desktop\VzDownloadManager.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe (Electrorent Corporation) -> VzDownloadManager

 

 

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.url -> hxxp://www.lightscribe.com/

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.url -> hxxp://www.lightscribe.com/go/videos/QuickDemo

InternetURL: C:\Users\Cat's comp\Music\www.torrentazos.com - The best web of music torrents!.url -> hxxp://torrentazos.com/index.php

InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172

InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925

InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729

InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920

InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919

InternetURL: C:\Users\Cat's comp\Favorites\Links\Customize Links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540

InternetURL: C:\Users\Cat's comp\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice

InternetURL: C:\Users\Cat's comp\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\Cat's comp\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\APB Reloaded.url -> steam://rungameid/113400

InternetURL: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items\VzDownloadManager.url -> file:///C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe

InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\Mcx1\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172

InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925

InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729

InternetURL: C:\Users\ML\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920

InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919

InternetURL: C:\Users\ML\Favorites\Links\Customize Links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540

InternetURL: C:\Users\ML\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71

InternetURL: C:\Users\ML\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71

 

==================== End of log =============================

Link to post
Share on other sites
bree24

bree24

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01

Ran by Cat's comp (administrator) on CATSCOMP-PC on 28-05-2015 22:37:59

Running from C:\Users\Cat's comp\Downloads

Loaded Profiles: Cat's comp (Available Profiles: Cat's comp & Mcx1 & ML)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 7 (Default browser not detected!)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Lexmark International, Inc.) C:\WINDOWS\System32\spool\drivers\w32x86\3\lxduserv.exe

( ) C:\WINDOWS\System32\lxducoms.exe

() C:\WINDOWS\System32\PnkBstrA.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(America Online, Inc.) C:\Program Files\Common Files\aol\1307588935\ee\aolsoftware.exe

() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

(Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Hewlett Packard) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe

(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)

HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)

HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1307588935\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)

HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()

HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [instaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent

HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [bitComet] => C:\Program Files\BitComet\BitComet.exe /tray

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cat's comp\AppData\Local\Akamai\netsession_win.exe"

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk [2014-08-02]

ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard)

GroupPolicyUsers\S-1-5-21-4097726319-1414410365-2442618022-1002\User: Group Policy Restriction detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

SearchScopes: HKLM -> {623BFBC2-A820-4060-8FCC-9B1AE69A939B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=BASICSEEK111&keywords={searchTerms}

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23] (Symantec Corporation)

BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File

Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23] (Symantec Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

Winsock: Catalog5 000000000005 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Cat's comp\AppData\Roaming\Mozilla\Firefox\Profiles\xxpyyynu.default-1418170259335

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()

FF Plugin: @daum.net/DaumGameFx -> C:\ProgramData\Daum Games\FXStarter\npDaumGameFx.dll [2014-03-26] (Daum)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-18] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-18] (Apple Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-13]

 

Chrome: 

=======

CHR Profile: C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Adguard AdBlocker) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-27]

CHR Extension: (Adblock Plus) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-27]

CHR Extension: (uTorrent easy client) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfiejlelblhoaflnjajjjjkkgbeifpn [2015-05-27]

CHR Extension: (AdBlock) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27]

CHR Extension: (Hola Better Internet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-27]

CHR Extension: (Bookmark Manager) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]

CHR Extension: (Online Virus Scan) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpacaaphmmpfloeiopekgajdclliokh [2015-05-27]

CHR Extension: (Adblock Super) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-05-27]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]

CHR Extension: (Google Wallet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]

CHR Extension: (Sửa lỗi \) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-05-27]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46680 2005-04-18] (America Online)

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation)

R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]

R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]

R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)

S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation)

S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] ()

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-05-24] (SurfRight B.V.)

S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation)

R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)

R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( )

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-25] ()

S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-06-07] (Symantec Corporation)

R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [23576 2014-07-28] (Windows ® Win 7 DDK provider)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102760 2006-11-05] (Symantec Corporation)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

U3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation)

U3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]

S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation)

R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-06-07] (Symantec Corporation)

S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-24] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-24] (Symantec Corporation)

R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)

S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2014-11-26] (Wondershare)

S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2014-11-26] (Wondershare)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

 

========================== Drivers MD5 =======================

 

C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4

C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6

C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA

C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit

C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit

C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit

C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit

C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit

C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A

C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132

C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8

C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit

C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit

C:\Windows\System32\drivers\DbusAudio.sys 4A42D2A8091E9211E545A141D728B60B

C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C

C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A

C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80

C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA

C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit

C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371

C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys FB069D8270853023F6E315745B5BBAD4

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys C2B7492EAEA689E812BBBD01EBC9418A

C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE

C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8

C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F

C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE

C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05

C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB

C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC

C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HSX_DP.sys 88749FBF8BEB18C90E7D6626C8C1910B

C:\Windows\System32\DRIVERS\HSXHWBS2.sys FE440536BD98AF772130DC3A6FE1915F

C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE

C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD

C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\RTKVHDA.sys 721B1A0434647418F98D034BEBD4B4DB

C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3

C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68

C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034

C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E

C:\Windows\system32\drivers\kbdhid.sys D2600CB17B7408B4A83F231DC9A11AC3

C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20

C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC

C:\Windows\system32\drivers\mbamchameleon.sys 155BF99B2B87E0C298CAC3B4B8136D83

C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF

C:\Windows\system32\drivers\MBAMSwissArmy.sys 04B309A1A653177994630C2773E659F1

C:\Windows\system32\drivers\mwac.sys 3F435B1E9F5B3EF95669344FD8E9DCF9

C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA

C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8

C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263

C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F

C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C

C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2

C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03

C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C

C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515

C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62

C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07

C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E

C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B

C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB

C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C

C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A

C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C

C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416

C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS EF04748A7A7266EDBDBE02B161A0685D

C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS 09F3BFDC47718459B42D696CB671F65F

C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42

C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61

C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389

C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3

C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3

C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78

C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26

C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF

C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7

C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E

C:\Windows\System32\DRIVERS\nvm60x32.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nvlddmkm.sys 640088B163AFD252AF717698945662E2

C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C

C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9

C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit

C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB

C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84

C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA

C:\Windows\System32\Drivers\PxHelp20.sys FEFFCFDC528764A04C8ED63D5FA6E711

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7

C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3

C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0

C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF

C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D

C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935

C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899

C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C

C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A

C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 905782BCF15B6E5AF9905B77923C7FA2

C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF

C:\Windows\System32\Drivers\SRTSP.SYS 15E29EB26DD53EB6385629F4622B5519

C:\Windows\System32\Drivers\SRTSPL.SYS FD0C0333FAE09DBD1170E0D607ECA5C8

C:\Windows\System32\Drivers\SRTSPX.SYS 7E60A4A4035BE470F47C6806DA57DB99

C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91

C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF

C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44

C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56

C:\Windows\System32\DRIVERS\sxuptp.sys 86083B04DC2B90397F4B47ADD6EAA407

C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit

C:\Windows\system32\Drivers\SYMEVENT.SYS 9D98270B5F10A4C84E8DA417C30756E1

C:\Windows\System32\Drivers\SYMREDRV.SYS 7F4011A719BF30E3DBD84D3A0A45C91C

C:\Windows\System32\Drivers\SYMTDI.SYS 2F03CBDB0F22278D05D5D616C993AB58

C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit

C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966

C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966

C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7

C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56

C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021

C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54

C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7

C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3

C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38

C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit

C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2

C:\Windows\System32\DRIVERS\umpass.sys 88BD96A1BAEED33EE8BDF9499C07A841

C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9

C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2

C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888

C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC

C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5

C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169

C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD

C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C

C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC

C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43

C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28

C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

C:\Windows\System32\DRIVERS\wanatw4.sys 0A716C08CB13C3A8F4F51E882DBF7416

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645

C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA

C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C

C:\Windows\System32\drivers\VirtualAudio1.sys F67C4950E3B07684AC483CB718C2A3C1

C:\Windows\System32\drivers\VirtualAudio2.sys F67C4950E3B07684AC483CB718C2A3C1

C:\Windows\System32\drivers\VirtualAudio3.sys F67C4950E3B07684AC483CB718C2A3C1

C:\Windows\System32\drivers\VirtualAudio4.sys F67C4950E3B07684AC483CB718C2A3C1

C:\Windows\System32\drivers\VirtualAudio5.sys F67C4950E3B07684AC483CB718C2A3C1

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B

C:\Windows\System32\DRIVERS\xnacc.sys 9EEA6D029FEF5F3016D089B1A603837D

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Three Months Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-28 19:18 - 2015-05-28 19:18 - 00003782 _____ () C:\Users\Cat's comp\Desktop\RKreport_SCN_05282015_191549.log

2015-05-28 18:30 - 2015-05-28 18:30 - 00035649 _____ () C:\Users\Cat's comp\Desktop\FRST.txt

2015-05-28 18:29 - 2015-05-28 18:29 - 00073626 _____ () C:\Users\Cat's comp\Downloads\Shortcut.txt

2015-05-28 17:12 - 2015-05-28 17:12 - 00019844 _____ () C:\Users\Cat's comp\Downloads\Addition.txt

2015-05-28 17:07 - 2015-05-28 22:37 - 00036013 _____ () C:\Users\Cat's comp\Downloads\FRST.txt

2015-05-28 17:02 - 2015-05-28 22:38 - 00000000 ____D () C:\FRST

2015-05-28 16:44 - 2015-05-28 16:44 - 00002270 _____ () C:\Users\Cat's comp\Desktop\mam.txt

2015-05-28 16:44 - 2015-05-28 16:44 - 00002270 _____ () C:\mam.txt

2015-05-28 16:43 - 2015-05-28 16:43 - 00002292 _____ () C:\Users\Cat's comp\Desktop\Malwarebytes Anti-Malware.lnk

2015-05-28 16:41 - 2015-05-28 16:41 - 00002270 _____ () C:\Users\Cats comp\Desktop\mbm.txt

2015-05-28 14:51 - 2015-05-28 14:53 - 01147392 _____ (Farbar) C:\Users\Cat's comp\Downloads\FRST.exe

2015-05-27 22:26 - 2015-05-27 22:26 - 00001910 _____ () C:\Users\Cat's comp\Desktop\AdwCleaner[s3].txt

2015-05-27 22:16 - 2015-05-28 17:31 - 00000000 ____D () C:\Users\Cat's comp\AppData\Local\CrashDumps

2015-05-27 20:20 - 2015-05-27 20:25 - 00002564 _____ () C:\Users\Cat's comp\Desktop\Rkill.txt

2015-05-27 19:31 - 2015-05-28 18:35 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-05-27 19:31 - 2015-05-27 20:19 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-05-27 19:25 - 2015-05-27 19:26 - 17023576 _____ () C:\Users\Cat's comp\Desktop\RogueKiller.exe

2015-05-26 15:42 - 2015-05-26 15:42 - 00001417 _____ () C:\Users\Cat's comp\Desktop\JRT.txt

2015-05-26 15:32 - 2015-05-26 15:32 - 00000680 _____ () C:\Users\Cat's comp\AppData\Local\d3d9caps.dat

2015-05-26 14:27 - 2015-05-26 14:27 - 00001977 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-05-26 14:27 - 2015-05-26 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-05-26 13:39 - 2015-05-26 13:39 - 00002009 _____ () C:\Users\Cat's comp\Desktop\Chrome App Launcher.lnk

2015-05-26 00:20 - 2015-05-26 00:20 - 00144544 _____ () C:\Windows\Minidump\Mini052615-01.dmp

2015-05-24 10:52 - 2015-05-27 23:04 - 00001252 _____ () C:\Windows\system32\.crusader

2015-05-24 10:34 - 2015-05-24 10:53 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-05-24 10:34 - 2015-05-24 10:34 - 00001738 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-05-24 10:34 - 2015-05-24 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-05-24 10:34 - 2015-05-24 10:34 - 00000000 ____D () C:\Program Files\HitmanPro

2015-05-24 10:08 - 2015-05-28 22:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-24 10:08 - 2015-05-28 17:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-24 10:02 - 2015-05-23 06:29 - 02720636 _____ (Thisisu) C:\Users\Cat's comp\Desktop\JRT_NEW.exe

2015-05-24 09:46 - 2015-05-24 09:46 - 00000104 _____ () C:\Users\Cat's comp\Desktop\Internet - Shortcut.lnk

2015-05-22 23:01 - 2015-05-22 23:02 - 00144544 _____ () C:\Windows\Minidump\Mini052215-01.dmp

2015-05-22 22:25 - 2015-05-22 22:25 - 00000466 _____ () C:\Windows\certutil.log

2015-05-15 18:57 - 2015-05-15 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-05-14 19:45 - 2015-05-14 19:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATSCOMP-PC-Windows-Vista--Home-Premium-(32-bit).dat

2015-05-14 19:45 - 2015-05-14 19:45 - 00000000 ____D () C:\RegBackup

2015-05-14 19:25 - 2015-05-14 19:25 - 00000000 __RSH () C:\MSDOS.SYS

2015-05-14 19:25 - 2015-05-14 19:25 - 00000000 __RSH () C:\IO.SYS

2015-05-14 19:20 - 2015-05-27 22:21 - 00000000 ____D () C:\AdwCleaner

2015-05-14 17:26 - 2015-05-14 17:26 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\F73FEA00-1431638772-1012-AA7A-CC2EB3BA7B62

2015-05-14 16:07 - 2015-05-14 16:08 - 02209792 _____ () C:\Users\Cat's comp\Desktop\adwcleaner_4.204.exe

2015-05-14 16:05 - 2015-05-14 16:05 - 00001063 _____ () C:\Users\Cat's comp\Desktop\Revo Uninstaller.lnk

2015-05-14 16:05 - 2015-05-14 16:05 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-05-13 22:26 - 2015-05-14 15:29 - 00004640 _____ () C:\Windows\system32\Wefdapnakm.ini

2015-05-13 22:26 - 2015-05-14 15:29 - 00002544 _____ () C:\Windows\system32\WefdapnakmOff.ini

2015-05-13 22:26 - 2015-05-13 20:10 - 00286720 _____ () C:\Windows\system32\Wefdapnakm.dll

2015-05-13 21:59 - 2015-05-13 22:09 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

2015-05-13 21:48 - 2015-05-14 19:06 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\F73FEA00-1431568102-1012-AA7A-CC2EB3BA7B62

2015-05-13 21:42 - 2015-05-13 21:42 - 00631296 _____ () C:\Windows\smu.dat

2015-05-13 21:24 - 2015-05-13 21:24 - 00000000 ____D () C:\Windows\system32\Flash

2015-05-13 21:04 - 2015-05-13 21:04 - 00000000 _____ () C:\Windows\system32\Number of results

2015-05-13 20:44 - 2015-05-13 20:47 - 00000112 _____ () C:\ProgramData\5646Bn.dat

2015-05-13 20:17 - 2006-09-18 17:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hp.bak

2015-04-29 16:06 - 2015-04-29 17:55 - 00000000 ____D () C:\Users\Cat's comp\Downloads\leggypauline 2010-05-19

2015-04-28 22:14 - 2015-04-28 22:19 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Tove Lo -Truth Serum - Deluxe ( 3 Bonus Tracks )

2015-04-28 22:13 - 2015-04-28 22:15 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Ludacris - Ludaversal (Deluxe) (2015) {MP3 320 KBPS}~{VBUc}

2015-04-10 22:13 - 2015-04-26 15:21 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\vlc

2015-04-10 18:45 - 2015-04-10 18:48 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Stone Temple Pilots - Core (1992) FLAC

2015-04-10 18:43 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Stone Temple Pilots - Thank You (2003) vtwin88cube

2015-04-10 18:26 - 2015-04-10 18:32 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Lloyd Banks

2015-04-10 18:24 - 2015-04-10 18:26 - 00000000 ____D () C:\Users\Cat's comp\Downloads\The Marshall Mathers LP 2 [2013]

2015-04-10 16:54 - 2015-04-10 18:09 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Dizzee Rascal - The Fifth (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]

2015-04-10 16:40 - 2015-04-10 19:37 - 00000000 ____D () C:\Users\Cat's comp\Downloads\L7 - Hungry_For_Stink - (1994)

2015-04-10 16:40 - 2015-04-10 16:40 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Fabolous - Street Dreams (Bonus Track Version) [iTunes Plus]

2015-04-10 16:39 - 2015-04-10 19:30 - 00000000 ____D () C:\Users\Cat's comp\Downloads\L7 - Bricks Are Heavy - 320kbps

2015-04-09 22:05 - 2015-04-09 22:17 - 00000000 ____D () C:\Users\Cat's comp\Downloads\GTA IV Complete Radio

2015-04-09 22:01 - 2015-04-09 22:03 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Kendrick Lamar Discography (2010-2012) VBR

2015-04-09 21:17 - 2015-04-09 21:18 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Nirvana - Nevermind - Classic Albums - Full Album Plus 3 Clips

2015-04-09 20:02 - 2015-04-09 20:30 - 00000000 ____D () C:\Users\Cat's comp\Downloads\sadiespanties.com

2015-04-09 19:56 - 2015-04-10 01:03 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Various Artists – WWE 2K15 The Soundtrack (2014) ~{B@tman}

2015-04-09 19:39 - 2015-04-10 04:40 - 00000000 ____D () C:\Users\Cat's comp\Downloads\WWE Entrance Theme Songs 2014 Pack

2015-04-09 19:24 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Cat's comp\Downloads\The GAME  Discography and a lot more (32 Albums)(RAP)(by dragan09)

2015-04-09 19:03 - 2015-04-09 19:06 - 00000000 ____D () C:\Users\Cat's comp\Downloads\LANA DEL REY - DISCOGRAPHY (2005-14) [CHANNEL NEO]

2015-03-12 15:09 - 2015-05-15 18:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

 

==================== Three Months Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-28 22:16 - 2012-04-02 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-28 21:25 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-28 21:25 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-28 20:39 - 2011-06-09 01:38 - 01887931 _____ () C:\Windows\WindowsUpdate.log

2015-05-28 20:39 - 2006-11-02 08:52 - 00071360 _____ () C:\Windows\setupact.log

2015-05-28 17:25 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-28 17:24 - 2006-11-02 09:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-05-28 14:51 - 2014-12-10 18:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-27 22:23 - 2007-06-07 11:58 - 00159768 _____ () C:\Windows\PFRO.log

2015-05-27 19:04 - 2011-07-08 16:44 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\HpUpdate

2015-05-26 00:20 - 2012-10-10 21:01 - 00000000 ____D () C:\Windows\Minidump

2015-05-26 00:19 - 2012-10-10 21:01 - 938029337 _____ () C:\Windows\MEMORY.DMP

2015-05-24 11:37 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache

2015-05-24 10:09 - 2012-07-06 23:12 - 00000000 ____D () C:\Users\Cat's comp\AppData\Local\Google

2015-05-24 10:08 - 2014-07-28 15:59 - 00000000 ____D () C:\Program Files\Google

2015-05-24 09:40 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages

2015-05-24 09:30 - 2014-08-02 02:45 - 00001920 _____ () C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-05-24 09:30 - 2014-08-01 15:45 - 00001920 _____ () C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-05-24 09:30 - 2007-06-07 11:46 - 00001920 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk

2015-05-24 08:46 - 2013-07-01 22:59 - 00198656 _____ () C:\Users\Cat's comp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-05-22 22:32 - 2011-06-09 01:49 - 00000000 ____D () C:\Users\Cat's comp

2015-05-18 21:12 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-05-15 23:40 - 2006-11-02 06:33 - 00780920 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-14 15:42 - 2014-12-10 18:12 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-05-14 15:42 - 2014-12-10 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-14 15:42 - 2014-12-10 18:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-05-13 23:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\System

2015-05-13 22:38 - 2014-08-02 20:06 - 00000000 ____D () C:\Program Files\Aeria Games

2015-05-13 22:15 - 2006-11-02 06:23 - 00000351 _____ () C:\Windows\win.ini

2015-05-13 20:53 - 2014-06-25 17:15 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-29 23:58 - 2013-08-30 19:48 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\uTorrent

 

==================== Files in the root of some directories =======

 

2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Cat's comp\AppData\Roaming\BWWSKOVQ

2011-07-06 18:36 - 2011-07-06 18:36 - 0000000 _____ () C:\Users\Cat's comp\AppData\Roaming\wklnhst.dat

2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Cat's comp\AppData\Roaming\XSPGB

2015-05-26 15:32 - 2015-05-26 15:32 - 0000680 _____ () C:\Users\Cat's comp\AppData\Local\d3d9caps.dat

2013-07-01 22:59 - 2015-05-24 08:46 - 0198656 _____ () C:\Users\Cat's comp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-05-13 20:44 - 2015-05-13 20:47 - 0000112 _____ () C:\ProgramData\5646Bn.dat

2011-06-12 23:43 - 2011-06-12 23:43 - 0000252 _____ () C:\ProgramData\FastPics.log

2011-06-12 23:11 - 2011-06-12 23:11 - 0000087 _____ () C:\ProgramData\lxdu.log

2011-06-12 23:38 - 2011-06-12 23:38 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

 

Files to move or delete:

====================

C:\ProgramData\5646Bn.dat

C:\Users\Cat's comp\MetricCollection.dll

C:\Users\Public\LeagueofLegends_NA_Installer_9_15_2014.exe

 

 

Some files in TEMP:

====================

C:\Users\Cat's comp\AppData\Local\Temp\130578809329817723.exe

C:\Users\Cat's comp\AppData\Local\Temp\13057880946042772387.exe

C:\Users\Cat's comp\AppData\Local\Temp\6_Offer_16.exe

C:\Users\Cat's comp\AppData\Local\Temp\6_Offer_17.exe

C:\Users\Cat's comp\AppData\Local\Temp\aacenc3.exe

C:\Users\Cat's comp\AppData\Local\Temp\AcsInstall.dll

C:\Users\Cat's comp\AppData\Local\Temp\avguidx.dll

C:\Users\Cat's comp\AppData\Local\Temp\C4810D25-29C9-B176-8369-77630CBF9544.dll

C:\Users\Cat's comp\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Cat's comp\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Cat's comp\AppData\Local\Temp\ffmpeg12.exe

C:\Users\Cat's comp\AppData\Local\Temp\GenericUninstall.exe

C:\Users\Cat's comp\AppData\Local\Temp\GLF1588.tmp.ConduitEngineSetup.exe

C:\Users\Cat's comp\AppData\Local\Temp\hsbing_717_active.exe

C:\Users\Cat's comp\AppData\Local\Temp\htmlayout.dll

C:\Users\Cat's comp\AppData\Local\Temp\ICReinstall_winzip19-home.exe

C:\Users\Cat's comp\AppData\Local\Temp\installhelper.dll

C:\Users\Cat's comp\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Cat's comp\AppData\Local\Temp\mediaget-uninstaller.exe

C:\Users\Cat's comp\AppData\Local\Temp\mp3el2.exe

C:\Users\Cat's comp\AppData\Local\Temp\ms.exe

C:\Users\Cat's comp\AppData\Local\Temp\mssinstaller.exe

C:\Users\Cat's comp\AppData\Local\Temp\mytmpinstaller.exe

C:\Users\Cat's comp\AppData\Local\Temp\oi_{0022CC3F-AE00-4B6C-B80D-7EBA8499D718}.exe

C:\Users\Cat's comp\AppData\Local\Temp\oi_{DD18A7BD-24E1-4E1B-8295-85ED51C58CC2}.exe

C:\Users\Cat's comp\AppData\Local\Temp\plushd_moca.exe

C:\Users\Cat's comp\AppData\Local\Temp\qms_new.exe

C:\Users\Cat's comp\AppData\Local\Temp\Quarantine.exe

C:\Users\Cat's comp\AppData\Local\Temp\Runner.exe

C:\Users\Cat's comp\AppData\Local\Temp\Setup_21312.exe

C:\Users\Cat's comp\AppData\Local\Temp\SHFOLDER.DLL

C:\Users\Cat's comp\AppData\Local\Temp\SpOrder.dll

C:\Users\Cat's comp\AppData\Local\Temp\sqlite3.dll

C:\Users\Cat's comp\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Cat's comp\AppData\Local\Temp\symlcsv1.exe

C:\Users\Cat's comp\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Cat's comp\AppData\Local\Temp\System.Data.SQLitef0d21cee-bd25-407e-a47e-0bbedae2720c.dll

C:\Users\Cat's comp\AppData\Local\Temp\t.dll

C:\Users\Cat's comp\AppData\Local\Temp\TFR7061.exe

C:\Users\Cat's comp\AppData\Local\Temp\toolbar53600898.exe

C:\Users\Cat's comp\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Cat's comp\AppData\Local\Temp\uninst.dll

C:\Users\Cat's comp\AppData\Local\Temp\uninst.exe

C:\Users\Cat's comp\AppData\Local\Temp\uninstall53966829.exe

C:\Users\Cat's comp\AppData\Local\Temp\uninstall53967095.exe

C:\Users\Cat's comp\AppData\Local\Temp\UninstallModule.exe

C:\Users\Cat's comp\AppData\Local\Temp\uttD23.tmp.exe

C:\Users\Cat's comp\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Cat's comp\AppData\Local\Temp\vmpremov.exe

C:\Users\Cat's comp\AppData\Local\Temp\winzip1632_2_wrapped.exe

C:\Users\Cat's comp\AppData\Local\Temp\WSSetup.exe

C:\Users\ML\AppData\Local\Temp\symlcsv1.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=C:

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {a558c925-1511-11dc-b939-d61014fa7847}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

resume                  No

 

Windows Boot Loader

-------------------

identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}

device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

path                    \windows\system32\boot\winload.exe

description             HP Recovery Manager

osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

systemroot              \windows

nx                      OptIn

detecthal               Yes

winpe                   Yes

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Microsoft Windows Vista

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {a558c925-1511-11dc-b939-d61014fa7847}

nx                      OptOut

increaseuserva          3072

 

Resume from Hibernate

---------------------

identifier              {a558c925-1511-11dc-b939-d61014fa7847}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

pae                     Yes

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=C:

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

Windows Legacy OS Loader

------------------------

identifier              {ntldr}

device                  partition=C:

path                    \ntldr

description             Earlier Version of Windows

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description             Ramdisk Device Options

ramdisksdidevice        partition=D:

ramdisksdipath          \boot\boot.sdi

 

Setup Ramdisk Options

---------------------

identifier              {ramdiskoptions}

description             RAM Disk Settings

ramdisksdidevice        partition=D:

ramdisksdipath          \boot\boot.sdi

 

 

 

LastRegBack: 2015-05-28 17:33

 

==================== End of log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I don't know why you can't follow my instructions????

You are asking for help and I'm trying to help you.......but without the proper logs I can't.

So I'll leave you with this:

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    ============================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ==========================

    Lets check for any adware/spyware now:

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please Update and run a Threat Scan (Malwarebytes)

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

fixlist.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.