bree24

Members

View Profile See their activity

Posts
7
Joined
May 27, 2015
Last visited
May 29, 2015

Reputation

0 Neutral

Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01 Ran by Cat's comp (administrator) on CATSCOMP-PC on 28-05-2015 22:37:59 Running from C:\Users\Cat's comp\Downloads Loaded Profiles: Cat's comp (Available Profiles: Cat's comp & Mcx1 & ML) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Lexmark International, Inc.) C:\WINDOWS\System32\spool\drivers\w32x86\3\lxduserv.exe ( ) C:\WINDOWS\System32\lxducoms.exe () C:\WINDOWS\System32\PnkBstrA.exe (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe (America Online, Inc.) C:\Program Files\Common Files\aol\1307588935\ee\aolsoftware.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Hewlett Packard) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe (Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company) HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] () HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1307588935\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.) HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [instaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks) HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [bitComet] => C:\Program Files\BitComet\BitComet.exe /tray HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cat's comp\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk [2014-08-02] ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) GroupPolicyUsers\S-1-5-21-4097726319-1414410365-2442618022-1002\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM -> {623BFBC2-A820-4060-8FCC-9B1AE69A939B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=BASICSEEK111&keywords={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23] (Symantec Corporation) BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23] (Symantec Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 000000000005 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Cat's comp\AppData\Roaming\Mozilla\Firefox\Profiles\xxpyyynu.default-1418170259335 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] () FF Plugin: @daum.net/DaumGameFx -> C:\ProgramData\Daum Games\FXStarter\npDaumGameFx.dll [2014-03-26] (Daum) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-18] (Apple Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-13] Chrome: ======= CHR Profile: C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adguard AdBlocker) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-27] CHR Extension: (Adblock Plus) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-27] CHR Extension: (uTorrent easy client) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfiejlelblhoaflnjajjjjkkgbeifpn [2015-05-27] CHR Extension: (AdBlock) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27] CHR Extension: (Hola Better Internet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-27] CHR Extension: (Bookmark Manager) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27] CHR Extension: (Online Virus Scan) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpacaaphmmpfloeiopekgajdclliokh [2015-05-27] CHR Extension: (Adblock Super) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-05-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27] CHR Extension: (Google Wallet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27] CHR Extension: (Sửa lỗi \) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-05-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.) S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46680 2005-04-18] (America Online) R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation) R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed] R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed] R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation) S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] () R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-05-24] (SurfRight B.V.) S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation) R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed] S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation) R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.) R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( ) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-25] () S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-06-07] (Symantec Corporation) R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [23576 2014-07-28] (Windows ® Win 7 DDK provider) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102760 2006-11-05] (Symantec Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) U3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation) U3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed] S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation) R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-06-07] (Symantec Corporation) S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-24] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-24] (Symantec Corporation) R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2014-11-26] (Wondershare) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8 C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit C:\Windows\System32\drivers\DbusAudio.sys 4A42D2A8091E9211E545A141D728B60B C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys FB069D8270853023F6E315745B5BBAD4 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys C2B7492EAEA689E812BBBD01EBC9418A C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HSX_DP.sys 88749FBF8BEB18C90E7D6626C8C1910B C:\Windows\System32\DRIVERS\HSXHWBS2.sys FE440536BD98AF772130DC3A6FE1915F C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHDA.sys 721B1A0434647418F98D034BEBD4B4DB C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401 C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\system32\drivers\kbdhid.sys D2600CB17B7408B4A83F231DC9A11AC3 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\system32\drivers\mbamchameleon.sys 155BF99B2B87E0C298CAC3B4B8136D83 C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF C:\Windows\system32\drivers\MBAMSwissArmy.sys 04B309A1A653177994630C2773E659F1 C:\Windows\system32\drivers\mwac.sys 3F435B1E9F5B3EF95669344FD8E9DCF9 C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7 C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS EF04748A7A7266EDBDBE02B161A0685D C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS 09F3BFDC47718459B42D696CB671F65F C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\DRIVERS\nvm60x32.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys 640088B163AFD252AF717698945662E2 C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84 C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\System32\Drivers\PxHelp20.sys FEFFCFDC528764A04C8ED63D5FA6E711 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 905782BCF15B6E5AF9905B77923C7FA2 C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\Drivers\SRTSP.SYS 15E29EB26DD53EB6385629F4622B5519 C:\Windows\System32\Drivers\SRTSPL.SYS FD0C0333FAE09DBD1170E0D607ECA5C8 C:\Windows\System32\Drivers\SRTSPX.SYS 7E60A4A4035BE470F47C6806DA57DB99 C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\System32\DRIVERS\sxuptp.sys 86083B04DC2B90397F4B47ADD6EAA407 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\Drivers\SYMEVENT.SYS 9D98270B5F10A4C84E8DA417C30756E1 C:\Windows\System32\Drivers\SYMREDRV.SYS 7F4011A719BF30E3DBD84D3A0A45C91C C:\Windows\System32\Drivers\SYMTDI.SYS 2F03CBDB0F22278D05D5D616C993AB58 C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\DRIVERS\umpass.sys 88BD96A1BAEED33EE8BDF9499C07A841 C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanatw4.sys 0A716C08CB13C3A8F4F51E882DBF7416 C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\VirtualAudio1.sys F67C4950E3B07684AC483CB718C2A3C1 C:\Windows\System32\drivers\VirtualAudio2.sys F67C4950E3B07684AC483CB718C2A3C1 C:\Windows\System32\drivers\VirtualAudio3.sys F67C4950E3B07684AC483CB718C2A3C1 C:\Windows\System32\drivers\VirtualAudio4.sys F67C4950E3B07684AC483CB718C2A3C1 C:\Windows\System32\drivers\VirtualAudio5.sys F67C4950E3B07684AC483CB718C2A3C1 C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B C:\Windows\System32\DRIVERS\xnacc.sys 9EEA6D029FEF5F3016D089B1A603837D ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 19:18 - 2015-05-28 19:18 - 00003782 _____ () C:\Users\Cat's comp\Desktop\RKreport_SCN_05282015_191549.log 2015-05-28 18:30 - 2015-05-28 18:30 - 00035649 _____ () C:\Users\Cat's comp\Desktop\FRST.txt 2015-05-28 18:29 - 2015-05-28 18:29 - 00073626 _____ () C:\Users\Cat's comp\Downloads\Shortcut.txt 2015-05-28 17:12 - 2015-05-28 17:12 - 00019844 _____ () C:\Users\Cat's comp\Downloads\Addition.txt 2015-05-28 17:07 - 2015-05-28 22:37 - 00036013 _____ () C:\Users\Cat's comp\Downloads\FRST.txt 2015-05-28 17:02 - 2015-05-28 22:38 - 00000000 ____D () C:\FRST 2015-05-28 16:44 - 2015-05-28 16:44 - 00002270 _____ () C:\Users\Cat's comp\Desktop\mam.txt 2015-05-28 16:44 - 2015-05-28 16:44 - 00002270 _____ () C:\mam.txt 2015-05-28 16:43 - 2015-05-28 16:43 - 00002292 _____ () C:\Users\Cat's comp\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-28 16:41 - 2015-05-28 16:41 - 00002270 _____ () C:\Users\Cats comp\Desktop\mbm.txt 2015-05-28 14:51 - 2015-05-28 14:53 - 01147392 _____ (Farbar) C:\Users\Cat's comp\Downloads\FRST.exe 2015-05-27 22:26 - 2015-05-27 22:26 - 00001910 _____ () C:\Users\Cat's comp\Desktop\AdwCleaner[s3].txt 2015-05-27 22:16 - 2015-05-28 17:31 - 00000000 ____D () C:\Users\Cat's comp\AppData\Local\CrashDumps 2015-05-27 20:20 - 2015-05-27 20:25 - 00002564 _____ () C:\Users\Cat's comp\Desktop\Rkill.txt 2015-05-27 19:31 - 2015-05-28 18:35 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-05-27 19:31 - 2015-05-27 20:19 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-27 19:25 - 2015-05-27 19:26 - 17023576 _____ () C:\Users\Cat's comp\Desktop\RogueKiller.exe 2015-05-26 15:42 - 2015-05-26 15:42 - 00001417 _____ () C:\Users\Cat's comp\Desktop\JRT.txt 2015-05-26 15:32 - 2015-05-26 15:32 - 00000680 _____ () C:\Users\Cat's comp\AppData\Local\d3d9caps.dat 2015-05-26 14:27 - 2015-05-26 14:27 - 00001977 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-26 14:27 - 2015-05-26 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-26 13:39 - 2015-05-26 13:39 - 00002009 _____ () C:\Users\Cat's comp\Desktop\Chrome App Launcher.lnk 2015-05-26 00:20 - 2015-05-26 00:20 - 00144544 _____ () C:\Windows\Minidump\Mini052615-01.dmp 2015-05-24 10:52 - 2015-05-27 23:04 - 00001252 _____ () C:\Windows\system32\.crusader 2015-05-24 10:34 - 2015-05-24 10:53 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-24 10:34 - 2015-05-24 10:34 - 00001738 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2015-05-24 10:34 - 2015-05-24 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-05-24 10:34 - 2015-05-24 10:34 - 00000000 ____D () C:\Program Files\HitmanPro 2015-05-24 10:08 - 2015-05-28 22:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-24 10:08 - 2015-05-28 17:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-24 10:02 - 2015-05-23 06:29 - 02720636 _____ (Thisisu) C:\Users\Cat's comp\Desktop\JRT_NEW.exe 2015-05-24 09:46 - 2015-05-24 09:46 - 00000104 _____ () C:\Users\Cat's comp\Desktop\Internet - Shortcut.lnk 2015-05-22 23:01 - 2015-05-22 23:02 - 00144544 _____ () C:\Windows\Minidump\Mini052215-01.dmp 2015-05-22 22:25 - 2015-05-22 22:25 - 00000466 _____ () C:\Windows\certutil.log 2015-05-15 18:57 - 2015-05-15 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-14 19:45 - 2015-05-14 19:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATSCOMP-PC-Windows-Vista--Home-Premium-(32-bit).dat 2015-05-14 19:45 - 2015-05-14 19:45 - 00000000 ____D () C:\RegBackup 2015-05-14 19:25 - 2015-05-14 19:25 - 00000000 __RSH () C:\MSDOS.SYS 2015-05-14 19:25 - 2015-05-14 19:25 - 00000000 __RSH () C:\IO.SYS 2015-05-14 19:20 - 2015-05-27 22:21 - 00000000 ____D () C:\AdwCleaner 2015-05-14 17:26 - 2015-05-14 17:26 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\F73FEA00-1431638772-1012-AA7A-CC2EB3BA7B62 2015-05-14 16:07 - 2015-05-14 16:08 - 02209792 _____ () C:\Users\Cat's comp\Desktop\adwcleaner_4.204.exe 2015-05-14 16:05 - 2015-05-14 16:05 - 00001063 _____ () C:\Users\Cat's comp\Desktop\Revo Uninstaller.lnk 2015-05-14 16:05 - 2015-05-14 16:05 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-05-13 22:26 - 2015-05-14 15:29 - 00004640 _____ () C:\Windows\system32\Wefdapnakm.ini 2015-05-13 22:26 - 2015-05-14 15:29 - 00002544 _____ () C:\Windows\system32\WefdapnakmOff.ini 2015-05-13 22:26 - 2015-05-13 20:10 - 00286720 _____ () C:\Windows\system32\Wefdapnakm.dll 2015-05-13 21:59 - 2015-05-13 22:09 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-05-13 21:48 - 2015-05-14 19:06 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\F73FEA00-1431568102-1012-AA7A-CC2EB3BA7B62 2015-05-13 21:42 - 2015-05-13 21:42 - 00631296 _____ () C:\Windows\smu.dat 2015-05-13 21:24 - 2015-05-13 21:24 - 00000000 ____D () C:\Windows\system32\Flash 2015-05-13 21:04 - 2015-05-13 21:04 - 00000000 _____ () C:\Windows\system32\Number of results 2015-05-13 20:44 - 2015-05-13 20:47 - 00000112 _____ () C:\ProgramData\5646Bn.dat 2015-05-13 20:17 - 2006-09-18 17:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hp.bak 2015-04-29 16:06 - 2015-04-29 17:55 - 00000000 ____D () C:\Users\Cat's comp\Downloads\leggypauline 2010-05-19 2015-04-28 22:14 - 2015-04-28 22:19 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Tove Lo -Truth Serum - Deluxe ( 3 Bonus Tracks ) 2015-04-28 22:13 - 2015-04-28 22:15 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Ludacris - Ludaversal (Deluxe) (2015) {MP3 320 KBPS}~{VBUc} 2015-04-10 22:13 - 2015-04-26 15:21 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\vlc 2015-04-10 18:45 - 2015-04-10 18:48 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Stone Temple Pilots - Core (1992) FLAC 2015-04-10 18:43 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Stone Temple Pilots - Thank You (2003) vtwin88cube 2015-04-10 18:26 - 2015-04-10 18:32 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Lloyd Banks 2015-04-10 18:24 - 2015-04-10 18:26 - 00000000 ____D () C:\Users\Cat's comp\Downloads\The Marshall Mathers LP 2 [2013] 2015-04-10 16:54 - 2015-04-10 18:09 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Dizzee Rascal - The Fifth (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL] 2015-04-10 16:40 - 2015-04-10 19:37 - 00000000 ____D () C:\Users\Cat's comp\Downloads\L7 - Hungry_For_Stink - (1994) 2015-04-10 16:40 - 2015-04-10 16:40 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Fabolous - Street Dreams (Bonus Track Version) [iTunes Plus] 2015-04-10 16:39 - 2015-04-10 19:30 - 00000000 ____D () C:\Users\Cat's comp\Downloads\L7 - Bricks Are Heavy - 320kbps 2015-04-09 22:05 - 2015-04-09 22:17 - 00000000 ____D () C:\Users\Cat's comp\Downloads\GTA IV Complete Radio 2015-04-09 22:01 - 2015-04-09 22:03 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Kendrick Lamar Discography (2010-2012) VBR 2015-04-09 21:17 - 2015-04-09 21:18 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Nirvana - Nevermind - Classic Albums - Full Album Plus 3 Clips 2015-04-09 20:02 - 2015-04-09 20:30 - 00000000 ____D () C:\Users\Cat's comp\Downloads\sadiespanties.com 2015-04-09 19:56 - 2015-04-10 01:03 - 00000000 ____D () C:\Users\Cat's comp\Downloads\Various Artists – WWE 2K15 The Soundtrack (2014) ~{B@tman} 2015-04-09 19:39 - 2015-04-10 04:40 - 00000000 ____D () C:\Users\Cat's comp\Downloads\WWE Entrance Theme Songs 2014 Pack 2015-04-09 19:24 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Cat's comp\Downloads\The GAME Discography and a lot more (32 Albums)(RAP)(by dragan09) 2015-04-09 19:03 - 2015-04-09 19:06 - 00000000 ____D () C:\Users\Cat's comp\Downloads\LANA DEL REY - DISCOGRAPHY (2005-14) [CHANNEL NEO] 2015-03-12 15:09 - 2015-05-15 18:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 22:16 - 2012-04-02 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-28 21:25 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-28 21:25 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-28 20:39 - 2011-06-09 01:38 - 01887931 _____ () C:\Windows\WindowsUpdate.log 2015-05-28 20:39 - 2006-11-02 08:52 - 00071360 _____ () C:\Windows\setupact.log 2015-05-28 17:25 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-28 17:24 - 2006-11-02 09:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-28 14:51 - 2014-12-10 18:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-27 22:23 - 2007-06-07 11:58 - 00159768 _____ () C:\Windows\PFRO.log 2015-05-27 19:04 - 2011-07-08 16:44 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\HpUpdate 2015-05-26 00:20 - 2012-10-10 21:01 - 00000000 ____D () C:\Windows\Minidump 2015-05-26 00:19 - 2012-10-10 21:01 - 938029337 _____ () C:\Windows\MEMORY.DMP 2015-05-24 11:37 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache 2015-05-24 10:09 - 2012-07-06 23:12 - 00000000 ____D () C:\Users\Cat's comp\AppData\Local\Google 2015-05-24 10:08 - 2014-07-28 15:59 - 00000000 ____D () C:\Program Files\Google 2015-05-24 09:40 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2015-05-24 09:30 - 2014-08-02 02:45 - 00001920 _____ () C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-24 09:30 - 2014-08-01 15:45 - 00001920 _____ () C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-24 09:30 - 2007-06-07 11:46 - 00001920 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk 2015-05-24 08:46 - 2013-07-01 22:59 - 00198656 _____ () C:\Users\Cat's comp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-22 22:32 - 2011-06-09 01:49 - 00000000 ____D () C:\Users\Cat's comp 2015-05-18 21:12 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-05-15 23:40 - 2006-11-02 06:33 - 00780920 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-14 15:42 - 2014-12-10 18:12 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-14 15:42 - 2014-12-10 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-14 15:42 - 2014-12-10 18:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-05-13 23:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\System 2015-05-13 22:38 - 2014-08-02 20:06 - 00000000 ____D () C:\Program Files\Aeria Games 2015-05-13 22:15 - 2006-11-02 06:23 - 00000351 _____ () C:\Windows\win.ini 2015-05-13 20:53 - 2014-06-25 17:15 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-29 23:58 - 2013-08-30 19:48 - 00000000 ____D () C:\Users\Cat's comp\AppData\Roaming\uTorrent ==================== Files in the root of some directories ======= 2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Cat's comp\AppData\Roaming\BWWSKOVQ 2011-07-06 18:36 - 2011-07-06 18:36 - 0000000 _____ () C:\Users\Cat's comp\AppData\Roaming\wklnhst.dat 2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Cat's comp\AppData\Roaming\XSPGB 2015-05-26 15:32 - 2015-05-26 15:32 - 0000680 _____ () C:\Users\Cat's comp\AppData\Local\d3d9caps.dat 2013-07-01 22:59 - 2015-05-24 08:46 - 0198656 _____ () C:\Users\Cat's comp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-13 20:44 - 2015-05-13 20:47 - 0000112 _____ () C:\ProgramData\5646Bn.dat 2011-06-12 23:43 - 2011-06-12 23:43 - 0000252 _____ () C:\ProgramData\FastPics.log 2011-06-12 23:11 - 2011-06-12 23:11 - 0000087 _____ () C:\ProgramData\lxdu.log 2011-06-12 23:38 - 2011-06-12 23:38 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Files to move or delete: ==================== C:\ProgramData\5646Bn.dat C:\Users\Cat's comp\MetricCollection.dll C:\Users\Public\LeagueofLegends_NA_Installer_9_15_2014.exe Some files in TEMP: ==================== C:\Users\Cat's comp\AppData\Local\Temp\130578809329817723.exe C:\Users\Cat's comp\AppData\Local\Temp\13057880946042772387.exe C:\Users\Cat's comp\AppData\Local\Temp\6_Offer_16.exe C:\Users\Cat's comp\AppData\Local\Temp\6_Offer_17.exe C:\Users\Cat's comp\AppData\Local\Temp\aacenc3.exe C:\Users\Cat's comp\AppData\Local\Temp\AcsInstall.dll C:\Users\Cat's comp\AppData\Local\Temp\avguidx.dll C:\Users\Cat's comp\AppData\Local\Temp\C4810D25-29C9-B176-8369-77630CBF9544.dll C:\Users\Cat's comp\AppData\Local\Temp\CommonInstaller.exe C:\Users\Cat's comp\AppData\Local\Temp\dllnt_dump.dll C:\Users\Cat's comp\AppData\Local\Temp\ffmpeg12.exe C:\Users\Cat's comp\AppData\Local\Temp\GenericUninstall.exe C:\Users\Cat's comp\AppData\Local\Temp\GLF1588.tmp.ConduitEngineSetup.exe C:\Users\Cat's comp\AppData\Local\Temp\hsbing_717_active.exe C:\Users\Cat's comp\AppData\Local\Temp\htmlayout.dll C:\Users\Cat's comp\AppData\Local\Temp\ICReinstall_winzip19-home.exe C:\Users\Cat's comp\AppData\Local\Temp\installhelper.dll C:\Users\Cat's comp\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Cat's comp\AppData\Local\Temp\mediaget-uninstaller.exe C:\Users\Cat's comp\AppData\Local\Temp\mp3el2.exe C:\Users\Cat's comp\AppData\Local\Temp\ms.exe C:\Users\Cat's comp\AppData\Local\Temp\mssinstaller.exe C:\Users\Cat's comp\AppData\Local\Temp\mytmpinstaller.exe C:\Users\Cat's comp\AppData\Local\Temp\oi_{0022CC3F-AE00-4B6C-B80D-7EBA8499D718}.exe C:\Users\Cat's comp\AppData\Local\Temp\oi_{DD18A7BD-24E1-4E1B-8295-85ED51C58CC2}.exe C:\Users\Cat's comp\AppData\Local\Temp\plushd_moca.exe C:\Users\Cat's comp\AppData\Local\Temp\qms_new.exe C:\Users\Cat's comp\AppData\Local\Temp\Quarantine.exe C:\Users\Cat's comp\AppData\Local\Temp\Runner.exe C:\Users\Cat's comp\AppData\Local\Temp\Setup_21312.exe C:\Users\Cat's comp\AppData\Local\Temp\SHFOLDER.DLL C:\Users\Cat's comp\AppData\Local\Temp\SpOrder.dll C:\Users\Cat's comp\AppData\Local\Temp\sqlite3.dll C:\Users\Cat's comp\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Cat's comp\AppData\Local\Temp\symlcsv1.exe C:\Users\Cat's comp\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Cat's comp\AppData\Local\Temp\System.Data.SQLitef0d21cee-bd25-407e-a47e-0bbedae2720c.dll C:\Users\Cat's comp\AppData\Local\Temp\t.dll C:\Users\Cat's comp\AppData\Local\Temp\TFR7061.exe C:\Users\Cat's comp\AppData\Local\Temp\toolbar53600898.exe C:\Users\Cat's comp\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Cat's comp\AppData\Local\Temp\uninst.dll C:\Users\Cat's comp\AppData\Local\Temp\uninst.exe C:\Users\Cat's comp\AppData\Local\Temp\uninstall53966829.exe C:\Users\Cat's comp\AppData\Local\Temp\uninstall53967095.exe C:\Users\Cat's comp\AppData\Local\Temp\UninstallModule.exe C:\Users\Cat's comp\AppData\Local\Temp\uttD23.tmp.exe C:\Users\Cat's comp\AppData\Local\Temp\vcredist_x86.exe C:\Users\Cat's comp\AppData\Local\Temp\vmpremov.exe C:\Users\Cat's comp\AppData\Local\Temp\winzip1632_2_wrapped.exe C:\Users\Cat's comp\AppData\Local\Temp\WSSetup.exe C:\Users\ML\AppData\Local\Temp\symlcsv1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {a558c925-1511-11dc-b939-d61014fa7847} displayorder {current} toolsdisplayorder {memdiag} timeout 30 resume No Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae2-0007e994107d} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {bootloadersettings} recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a558c925-1511-11dc-b939-d61014fa7847} nx OptOut increaseuserva 3072 Resume from Hibernate --------------------- identifier {a558c925-1511-11dc-b939-d61014fa7847} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {ntldr} device partition=C: path \ntldr description Earlier Version of Windows EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description RAM Disk Settings ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi LastRegBack: 2015-05-28 17:33 ==================== End of log ============================
- May 29, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

Users shortcut scan result (x86) Version: 27-05-2015 01 Ran by Cat's comp at 2015-05-28 22:41:37 Running from C:\Users\Cat's comp\Downloads Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Total Care Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\WINDOWS\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk -> C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\Uninstall.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManager_Uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Getting Started Guide.lnk -> C:\hp\documentation\getting_started\index.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety & Comfort Guide.lnk -> C:\hp\documentation\297660.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\hp\documentation\upgrading_and_servicing\index.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Creator Basic v9.lnk -> C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\Express Labeler.lnk -> C:\Program Files\Roxio\Express Labeler 3\stax.exe (MicroVision Development, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\MyDVD Basic v9.lnk -> C:\Program Files\Roxio\VideoUI 9\MyDVD9.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery Help.lnk -> C:\Program Files\Intelore\RAR-PR\urpwdr.chm (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery.lnk -> C:\Program Files\Intelore\RAR-PR\urpwdr11rc16.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\Uninstall RAR Password Recovery.lnk -> C:\Program Files\Intelore\RAR-PR\uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\RichText.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\PictureViewer.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\QTPlayer.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\HPOOVClient.exe ( ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Compaq support information.lnk -> C:\hp\support\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk -> C:\Program Files\PC-Doctor 5 for Windows\pcdr5cuiw32.exe (PC-Doctor, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Disc Creation.lnk -> C:\WINDOWS\SMINST\CD Creator.exe (SoftThinks) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Recovery Manager.lnk -> C:\WINDOWS\SMINST\Restore7.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\AOL Sign-up.lnk -> C:\Program Files\Online Services\Aolus\InstallAol.exe (Hewlett Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\EarthLink.lnk -> C:\Program Files\Online Services\EarthLink\InstallEarthLink.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Get Vonage.lnk -> C:\Program Files\Online Services\Vonage\core\core_start.exe (Vonage) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\MSN.lnk -> C:\Program Files\Online Services\MSN90\LaunchMsn.exe (Hewlett Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero Dial-up.lnk -> C:\Program Files\Online Services\Netzero_du\NetZeroHSSetup.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero High-speed.lnk -> C:\Program Files\Online Services\Netzero_Acc\NetZeroHSSetup.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage PC Talk.lnk -> C:\Program Files\Online Services\Vonage\pctalk\VonageTalk.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Vonage Small Business Plans.lnk -> C:\Program Files\Online Services\Vonage\smb\smb_start.exe (Vonage) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero Dial-up.lnk -> C:\Program Files\Online Services\Netzero_du_ca\NetZeroHSSetup.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Netzero High-speed.lnk -> C:\Program Files\Online Services\Netzero_Acc_ca\NetZeroHSSetup.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Vonage.lnk -> C:\Program Files\Online Services\Vonageca\core\core_start.exe (Vonage) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Program Files\Microsoft Works\wksgsg.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Program Files\Microsoft Works\wksdb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Program Files\Microsoft Works\wksss.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Program Files\Microsoft Works\WksWP.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Windows Address Book.lnk -> C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Problem Reports and Solutions.lnk -> C:\WINDOWS\System32\wercon.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\WINDOWS\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Express Labeler.lnk -> C:\Program Files\Roxio\Express Labeler 3\stax.exe (MicroVision Development, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Lexmark Service Center.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Diagnostics\lxdudiag.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\User's Guide.LNK -> C:\Program Files\Lexmark 5600-6600 Series\lxduuser.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\EU Waste Electronics Information.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\EU_Waste_Electronic_Information.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Uninstall Lexmark 5600-6600 Series.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Install\x86\Uninst.exe ( ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Photo Stream.lnk -> C:\Program Files\Common Files\Apple\Internet Services\PhotoStream.exe (Apple Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk -> C:\WINDOWS\System32\WindowsAnytimeUpgrade.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin\Belkin Router Monitor.lnk -> C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\WINDOWS\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\WINDOWS\System32\NetProj.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\WINDOWS\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Sticky Notes.lnk -> C:\WINDOWS\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\WINDOWS\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\WINDOWS\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\WINDOWS\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{DEEC1E88-94A4-412C-B64A-1D772535AD58}\PlayTasks\0\Play.lnk -> C:\Program Files\MTA San Andreas 1.3\Multi Theft Auto.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\Documents - Shortcut.lnk -> C:\Users\Cat's comp\Desktop\Documents\Documents () Shortcut: C:\Users\Cat's comp\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos () Shortcut: C:\Users\Cat's comp\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures () Shortcut: C:\Users\Cat's comp\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music () Shortcut: C:\Users\Cat's comp\Links\Documents.lnk -> C:\Users\Cat's comp\Desktop\Documents\Documents () Shortcut: C:\Users\Cat's comp\Links\Music.lnk -> C:\Users\Cat's comp\Music () Shortcut: C:\Users\Cat's comp\Links\Pictures.lnk -> C:\Users\Cat's comp\Pictures () Shortcut: C:\Users\Cat's comp\Links\Public.lnk -> C:\Users\Public () Shortcut: C:\Users\Cat's comp\Links\Recently Changed.lnk -> C:\Users\Cat's comp\Searches\Recently Changed.search-ms () Shortcut: C:\Users\Cat's comp\Links\Searches.lnk -> C:\Users\Cat's comp\Searches () Shortcut: C:\Users\Cat's comp\Desktop\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) Shortcut: C:\Users\Cat's comp\Desktop\µTorrent.lnk -> C:\Users\Cat's comp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe () Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files\Steam\Steam.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url () Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe () Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Cat's comp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{91C3A118-12AA-44C6-91F4-AB06829B267C}\PlayTasks\0\Play.lnk -> C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{8238AD32-562E-4E97-82F0-3815955E3391}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Temp1_GTA 3.zip\GTA3\gta3.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{5C7070B5-DCC4-4D34-8536-B5828037A445}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Rar$EX47.785\GTA3\gta3.exe (No File) Shortcut: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows\GameExplorer\{52073ADD-618F-46B4-AECB-DFD7050EBCF8}\PlayTasks\0\Play.lnk -> C:\Users\Cat's comp\AppData\Local\Temp\Rar$EX91.784\GTA3\gta3.exe (No File) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\ML\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos () Shortcut: C:\Users\ML\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures () Shortcut: C:\Users\ML\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music () Shortcut: C:\Users\ML\Links\Documents.lnk -> C:\Users\ML\Desktop\Documents\Documents (No File) Shortcut: C:\Users\ML\Links\Music.lnk -> C:\Users\ML\Music () Shortcut: C:\Users\ML\Links\Pictures.lnk -> C:\Users\ML\Pictures () Shortcut: C:\Users\ML\Links\Public.lnk -> C:\Users\Public () Shortcut: C:\Users\ML\Links\Recently Changed.lnk -> C:\Users\ML\Searches\Recently Changed.search-ms () Shortcut: C:\Users\ML\Links\Searches.lnk -> C:\Users\ML\Searches () Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) Shortcut: C:\Users\Public\Desktop\HP Total Care Advisor.lnk -> C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) Shortcut: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files\speed browser\Application\browser.exe (No File) Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe () Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () Shortcut: C:\Users\Public\Desktop\Windows Media Center.lnk -> C:\WINDOWS\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Canada\Zip.ca - Online DVD Rentals.lnk -> C:\Program Files\Online Services\zipca\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=zipca&pf=desktop&locale=en_ca&bd=all&c=71 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) -> -startup ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\WINDOWS\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\VzDownloadManager.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe (Electrorent Corporation) -> VzDownloadManager ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> -Iskins ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) -> -startup ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) -> /i {AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} /qf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Easy Internet Services.lnk -> C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe (Hewlett-Packard) -> /LaunchPage /eis ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Help and Support.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (Symantec Corporation) -> -dll isDataCl.dll -func FetchURL -hint 1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\More Symantec Solutions.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (Symantec Corporation) -> -dll isDataCl.dll -func FetchURL -hint 2 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk -> C:\Program Files\Common Files\Symantec Shared\NPC\uiStub.exe (Symantec Corporation) -> {68175F05-68E7-47e7-A1F2-4CE1DEE316EE} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\- My HP Game Console -.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bistro Stars.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bistro Stars\BistroStars-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blackhawk Striker 2.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blasterball 2 Revolution.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 2 Revolution\bb2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Blasterball 3.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 3\BlasterBall3-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Boggle Supreme.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Boggle Supreme\BoggleSupreme-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Bookworm Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bookworm Deluxe\BookWorm-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Chuzzle Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Crystal Maze.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Crystal Maze\Maze-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Diner Dash.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Diner Dash\Diner Dash-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Family Feud.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Family Feud\FamilyFeud-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\FATE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\FATE\Fate-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Final Drive Nitro.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Final Drive Nitro\Racing-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Insaniquarium Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Insaniquarium Deluxe\InsaniquariumDeluxe-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\JEOPARDY.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\JEOPARDY\JEOPARDY!-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Jewel Quest.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Jewel Quest\JewelQuest-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\LEGO Builder Bots.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\LEGO Builder Bots\LEGO Builder Bots-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Mahjong Journey of Enlightenment.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\MahJong-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Ocean Express.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Ocean Express\OceanExpress-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Penguins!.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Penguins!\penguins-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Bowler.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Bowler\Polar-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Golfer Pineapple Cup.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\golf-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Polar Golfer.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer\golf-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\SCRABBLE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\SCRABBLE\Scrabble-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Slingo Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Super Granny.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Super Granny\granny-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\The Apprentice.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\The Apprentice\Apprentice-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Tornado Jockey.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tornado Jockey\Tornado-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Tradewinds.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tradewinds\tradewinds-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Wheel of Fortune.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games\Zuma Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Zuma Deluxe\Zuma-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Network Configuration.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=317 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Release Notes.LNK -> C:\WINDOWS\System32\write.exe (Microsoft Corporation) -> C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdurme.doc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Tools\Wireless Setup Utility.LNK -> C:\Program Files\Lexmark 5600-6600 Series\Wireless\lxduwpss.exe (Lexmark International, Inc.) -> /ini=lxduina.ini /title="Wireless Setup Utility" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Special Offers\Lexmark Connect.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=653 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Printivity\Lexmark Fast Pics.LNK -> C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.) -> -h204 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Align Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=304 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Clean Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=305 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Install Cartridges.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=318 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series\Maintenance\Print A Test Page.LNK -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdupswx.exe () -> /M=Lexmark 5600-6600 Series /T=311 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- My HP Game Console -.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni XviD.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\AOL Search.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SAOLSearch ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\My AOL.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SMyAOL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Radio @ AOL.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SAOLRadio ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Read Mail.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SMailbox ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Send Instant Message.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SIM ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL\Sign on to AOL Now.lnk -> C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) -> /SWelcome ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\WINDOWS\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fb8cec27-10f6-465d-b812-297d5ea7fc8f}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Final Drive Nitro\Racing-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f26fa1cd-5643-4d9c-8174-bf8b9afcf8ae}\PlayTasks\0\JEOPARDY.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\JEOPARDY\JEOPARDY!-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e8314eef-6558-4f65-8230-5c23eb8f74a8}\PlayTasks\0\Tornado Jockey.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tornado Jockey\Tornado-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c7070d83-d8a5-4f36-b082-310a54769fbc}\PlayTasks\0\Diner Dash.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Diner Dash\Diner Dash-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c5f14846-9946-47d8-b15d-33f15e7199fe}\PlayTasks\0\SCRABBLE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\SCRABBLE\Scrabble-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c24273e8-da4f-4fff-bac9-d8b5b16fb74c}\PlayTasks\0\The Apprentice.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\The Apprentice\Apprentice-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c1447196-778c-4b18-a954-2db42bd8df8b}\PlayTasks\0\Family Feud.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Family Feud\FamilyFeud-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ad191d2c-bbd5-46a9-bd1f-670de55c2bd3}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer\golf-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a38aeee7-8e46-44cf-8e86-b9599d5d1948}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{92c38374-d56f-4ebd-a30a-12e06fdb0b41}\PlayTasks\0\Wheel of Fortune.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8fce831d-7b4d-4f75-bb60-f7764ba08472}\PlayTasks\0\Tradewinds.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Tradewinds\tradewinds-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{857deeb7-0612-45c4-96c2-0fca2270585e}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{84a24ec6-3215-40f0-80e8-877759bc177a}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Bowler\Polar-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{77e00b13-7923-4014-b43b-185b2ad772a8}\PlayTasks\0\Slingo Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{752b5f1a-6a8f-40e8-9e27-2b2dbdaf3a20}\PlayTasks\0\Crystal Maze.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Crystal Maze\Maze-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{70bb3f26-7f92-46e2-853c-97f3ebeb9b3c}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 2 Revolution\bb2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{586bedf5-568e-4914-98e8-38d40cd97c2e}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Zuma Deluxe\Zuma-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{53d10759-b54e-4e7d-a21e-f506b0ad1530}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3f24aef6-2c8c-469b-a4bd-daec83bf9407}\PlayTasks\0\Super Granny.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Super Granny\granny-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3cb37e73-972c-4d88-8550-9f9a5eab5711}\PlayTasks\0\Insaniquarium Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Insaniquarium Deluxe\InsaniquariumDeluxe-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3a158259-5778-4bfb-94ba-a60fa67073cf}\PlayTasks\0\Penguins!.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Penguins!\penguins-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{35eb4999-46c9-43a4-845b-30a8188e153e}\PlayTasks\0\Bookworm Deluxe.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Bookworm Deluxe\BookWorm-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{27eaedc1-90e0-4c6f-a533-2138d7233ee7}\PlayTasks\0\FATE.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\FATE\Fate-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{21ee1f28-2e1e-4e07-824a-499ecce4c3ce}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Blasterball 3\BlasterBall3-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0d27d293-9782-4bd6-b1e0-2b48db674965}\PlayTasks\0\Jewel Quest.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Jewel Quest\JewelQuest-WT.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0178d2fd-a379-4bd0-9d82-9e147d300d7a}\PlayTasks\0\Polar Golfer Pineapple Cup.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\golf-WT.exe" ShortcutWithArgument: C:\Users\Cat's comp\Desktop\Chrome App Launcher.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Cat's comp\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Plus.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nejpkcilphefkpemgoiicdmohoijefif ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Avast Antivirus 2014.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=leacnaaaapmnlhhjpoboiepbefecbdkb ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Public\Desktop\My HP Games.lnk -> C:\Program Files\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files\HP Games\My HP Game Console\GameConsole.exe" ShortcutWithArgument: C:\Users\Public\Desktop\VzDownloadManager.lnk -> C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe (Electrorent Corporation) -> VzDownloadManager InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.url -> hxxp://www.lightscribe.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.url -> hxxp://www.lightscribe.com/go/videos/QuickDemo InternetURL: C:\Users\Cat's comp\Music\www.torrentazos.com - The best web of music torrents!.url -> hxxp://torrentazos.com/index.php InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172 InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925 InternetURL: C:\Users\Cat's comp\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\Cat's comp\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920 InternetURL: C:\Users\Cat's comp\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919 InternetURL: C:\Users\Cat's comp\Favorites\Links\Customize Links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540 InternetURL: C:\Users\Cat's comp\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Cat's comp\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Cat's comp\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Cat's comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\APB Reloaded.url -> steam://rungameid/113400 InternetURL: C:\Users\Cat's comp\AppData\Local\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items\VzDownloadManager.url -> file:///C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\Mcx1\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172 InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925 InternetURL: C:\Users\ML\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\ML\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920 InternetURL: C:\Users\ML\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919 InternetURL: C:\Users\ML\Favorites\Links\Customize Links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540 InternetURL: C:\Users\ML\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=laptop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\HP Club.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpgames&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\HP Music.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpmusic&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=desktop&locale=en_us&bd=all&c=71 InternetURL: C:\Users\ML\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=desktop&locale=en_us&bd=all&c=71 ==================== End of log =============================
- May 29, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Cat's comp [Administrator] Started from : C:\Users\Cat's comp\Desktop\RogueKiller.exe Mode : Scan -- Date : 05/28/2015 19:15:50 ¤¤¤ Processes : 2 ¤¤¤ [suspicious.Path] (SVC) NAVENG -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS[7] -> Stopped [suspicious.Path] (SVC) NAVEX15 -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS[7] -> Stopped ¤¤¤ Registry : 7 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS) -> Found [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS) -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤ [sSDT:Addr(Hook.SSDT)] NtConnectPort[54] : Unknown @ 0xc3ffbaa8 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST3250820AS ATA Device +++++ --- User --- [MBR] 69032381ed6cb208c4735376e490df85 [bSP] 96840f5650cdce42cb1f8e79a6e5e23b : HP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 231325 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 473754960 | Size: 7146 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_05272015_201417.log - RKreport_DEL_05272015_201806.log - RKreport_DEL_05272015_201823.log - RKreport_DEL_05272015_201837.log RKreport_DEL_05272015_201903.log - RKreport_DEL_05272015_201920.log - RKreport_DEL_05272015_201941.log
- May 28, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

what you mean
- May 28, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01 Ran by Cat's comp (administrator) on CATSCOMP-PC on 28-05-2015 18:24:57 Running from C:\Users\Cat's comp\Downloads Loaded Profiles: Cat's comp (Available Profiles: Cat's comp & Mcx1 & ML) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Lexmark International, Inc.) C:\WINDOWS\System32\spool\drivers\w32x86\3\lxduserv.exe ( ) C:\WINDOWS\System32\lxducoms.exe () C:\WINDOWS\System32\PnkBstrA.exe (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe (America Online, Inc.) C:\Program Files\Common Files\aol\1307588935\ee\aolsoftware.exe () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Hewlett Packard) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company) HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] () HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1307588935\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.) HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [instaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks) HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [bitComet] => C:\Program Files\BitComet\BitComet.exe /tray HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cat's comp\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk [2014-08-02] ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe (Hewlett Packard) GroupPolicyUsers\S-1-5-21-4097726319-1414410365-2442618022-1002\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-4097726319-1414410365-2442618022-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM -> {623BFBC2-A820-4060-8FCC-9B1AE69A939B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=BASICSEEK111&keywords={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23] (Symantec Corporation) BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23] (Symantec Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 000000000005 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Cat's comp\AppData\Roaming\Mozilla\Firefox\Profiles\xxpyyynu.default-1418170259335 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] () FF Plugin: @daum.net/DaumGameFx -> C:\ProgramData\Daum Games\FXStarter\npDaumGameFx.dll [2014-03-26] (Daum) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-18] (Apple Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-13] Chrome: ======= CHR Profile: C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adguard AdBlocker) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-27] CHR Extension: (Adblock Plus) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-27] CHR Extension: (uTorrent easy client) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfiejlelblhoaflnjajjjjkkgbeifpn [2015-05-27] CHR Extension: (AdBlock) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27] CHR Extension: (Hola Better Internet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-27] CHR Extension: (Bookmark Manager) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27] CHR Extension: (Online Virus Scan) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpacaaphmmpfloeiopekgajdclliokh [2015-05-27] CHR Extension: (Adblock Super) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-05-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27] CHR Extension: (Google Wallet) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27] CHR Extension: (Sửa lỗi \) - C:\Users\Cat's comp\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-05-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.) S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46680 2005-04-18] (America Online) R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation) R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed] R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed] R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation) S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation) S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] () R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-05-24] (SurfRight B.V.) S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation) R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed] S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation) R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.) R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( ) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-25] () S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-06-07] (Symantec Corporation) R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [23576 2014-07-28] (Windows ® Win 7 DDK provider) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102760 2006-11-05] (Symantec Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed] S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation) R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-06-07] (Symantec Corporation) S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-24] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-24] (Symantec Corporation) U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-05-28] () R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2014-11-26] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2014-11-26] (Wondershare) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ========
- May 28, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 replied to bree24's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/28/2015 Scan Time: 2:52:39 PM Logfile: mam.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.28.06 Rootkit Database: v2015.05.24.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Cat's comp Scan Type: Threat Scan Result: Completed Objects Scanned: 417307 Time Elapsed: 1 hr, 48 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 8 PUP.Optional.GlobalUpdate.A, C:\Users\Cat's comp\AppData\Local\Temp\comh.429006, , [17ef22770a80df572d0becd6ed16e020], PUP.Optional.uTorrentBar.A, C:\Users\Cat's comp\AppData\Local\Temp\uTorrentBar, , [739309904f3b2f072e004487e41fef11], PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com, , [33d3b5e4fa90ff3783a0d003d033837d], PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\chrome, , [33d3b5e4fa90ff3783a0d003d033837d], PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\chrome\content, , [33d3b5e4fa90ff3783a0d003d033837d], PUP.Optional.Zoomify.A, C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\e9mgvnf8.default\extensions\tb@zoomify.com\components, , [33d3b5e4fa90ff3783a0d003d033837d], PUP.Optional.ConduitTB.Gen, C:\Users\Cat's comp\AppData\Local\Temp\TestIfExeExist\CT3306061, , [0df96f2ab2d8e2542bf325b9877c07f9], PUP.Optional.ConduitTB.Gen, C:\Users\Cat's comp\AppData\Local\Temp\TestIfExeExist\CT3306061\nativeMessaging, , [0df96f2ab2d8e2542bf325b9877c07f9], Files: 1 Worm.Traces, C:\a.txt, , [f80ed1c8107a7bbb55a1ff6ff90bb947], Physical Sectors: 0 (No malicious items detected) (end)
- May 28, 2015
- 12 replies
Health Alert and other PUPs are still on my PC after removing them

bree24 posted a topic in Resolved Malware Removal Logs

I have deleted PUPs but its still on my PC but how to remove it
- May 28, 2015
- 12 replies

Sign In

bree24

Posts

Joined

Last visited

Reputation

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Health Alert and other PUPs are still on my PC after removing them

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information