Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

occasional new tabs, windows and extra ads, along with system slow dow

Started by Alysher , May 11 2014 05:23 PM

  • This topic is locked This topic is locked

#1
Alysher
Posted 11 May 2014 - 05:23 PM

Alysher

    Member

  • Member
  • PipPipPip
  • 122 posts
as the topic title states im having some issues with my browser. normally im really good about not installing extra bloat ware when it comes to things, and i stay away from bad websites. ive run Malwarebytes Anti-Malware and Avast and neither have found the infection. here is my OTL log...

OTL logfile created on: 5/11/2014 7:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alysher\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 39.02% Memory free
6.50 Gb Paging File | 4.24 Gb Available in Paging File | 65.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 77.45 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 100.90 Gb Free Space | 33.85% Space Free | Partition Type: NTFS
Drive E: | 573.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NEO-LAPTOP | User Name: alysher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/11 19:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alysher\Desktop\OTL.exe
PRC - [2014/05/11 18:45:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/11 17:31:09 | 000,370,176 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\MSR\Privoxy\privoxy.exe
PRC - [2014/05/02 03:50:16 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/02 03:50:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/01 22:47:57 | 009,351,728 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Battle.net\Battle.net.4511\Battle.net.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/04/25 05:56:12 | 012,971,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/04/25 05:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/25 05:42:00 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/04/16 15:26:17 | 008,896,048 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/02/08 13:11:48 | 000,941,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014/02/08 13:11:47 | 001,819,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 22:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 22:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/09 22:14:51 | 014,658,848 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/10/08 14:22:04 | 000,794,272 | ---- | M] () -- C:\Users\alysher\Google Drive\Core Temp.exe
PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/21 03:05:33 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/07/03 17:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 18:27:12 | 008,151,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2013/04/22 10:46:42 | 001,054,320 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2013/03/29 17:07:22 | 002,081,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
PRC - [2012/10/24 12:39:00 | 000,454,656 | ---- | M] (Wowhead) -- C:\Users\alysher\Downloads\Wowhead_Client.exe
PRC - [2012/10/14 17:19:22 | 002,713,672 | ---- | M] (PortableApps.com) -- C:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
PRC - [2012/09/07 11:42:32 | 004,958,720 | ---- | M] (Sentelic Corporation) -- C:\Program Files\FSP\FspUip.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/10/08 14:06:04 | 002,482,176 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2010/09/28 17:00:06 | 000,056,952 | ---- | M] (Ipswitch) -- C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
PRC - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/13 21:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe
PRC - [2009/07/09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/11 18:45:22 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/05/09 21:56:58 | 001,159,680 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_ssl.pyd
MOD - [2014/05/09 21:56:58 | 000,805,888 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._gdi_.pyd
MOD - [2014/05/09 21:56:58 | 000,110,080 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\PyWinTypes27.dll
MOD - [2014/05/09 21:56:58 | 000,027,136 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_multiprocessing.pyd
MOD - [2014/05/09 21:56:57 | 001,175,040 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._core_.pyd
MOD - [2014/05/09 21:56:57 | 001,062,400 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._controls_.pyd
MOD - [2014/05/09 21:56:57 | 000,811,008 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._windows_.pyd
MOD - [2014/05/09 21:56:57 | 000,713,216 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_hashlib.pyd
MOD - [2014/05/09 21:56:57 | 000,686,080 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\unicodedata.pyd
MOD - [2014/05/09 21:56:57 | 000,557,056 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\pysqlite2._sqlite.pyd
MOD - [2014/05/09 21:56:57 | 000,525,640 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/09 21:56:57 | 000,364,544 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\pythoncom27.dll
MOD - [2014/05/09 21:56:57 | 000,320,512 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32com.shell.shell.pyd
MOD - [2014/05/09 21:56:57 | 000,167,936 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32gui.pyd
MOD - [2014/05/09 21:56:57 | 000,128,512 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_elementtree.pyd
MOD - [2014/05/09 21:56:57 | 000,127,488 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\pyexpat.pyd
MOD - [2014/05/09 21:56:57 | 000,119,808 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32file.pyd
MOD - [2014/05/09 21:56:57 | 000,108,544 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32security.pyd
MOD - [2014/05/09 21:56:57 | 000,098,816 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32api.pyd
MOD - [2014/05/09 21:56:57 | 000,087,552 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_ctypes.pyd
MOD - [2014/05/09 21:56:57 | 000,070,656 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._html2.pyd
MOD - [2014/05/09 21:56:57 | 000,045,568 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\_socket.pyd
MOD - [2014/05/09 21:56:57 | 000,038,912 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32inet.pyd
MOD - [2014/05/09 21:56:57 | 000,035,840 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32process.pyd
MOD - [2014/05/09 21:56:57 | 000,025,600 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32pdh.pyd
MOD - [2014/05/09 21:56:57 | 000,024,064 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32pipe.pyd
MOD - [2014/05/09 21:56:57 | 000,022,528 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32ts.pyd
MOD - [2014/05/09 21:56:57 | 000,018,432 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32event.pyd
MOD - [2014/05/09 21:56:57 | 000,017,408 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32profile.pyd
MOD - [2014/05/09 21:56:57 | 000,010,240 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\select.pyd
MOD - [2014/05/09 21:56:56 | 000,735,232 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._misc_.pyd
MOD - [2014/05/09 21:56:56 | 000,122,368 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._wizard.pyd
MOD - [2014/05/09 21:56:56 | 000,078,336 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\wx._animate.pyd
MOD - [2014/05/09 21:56:56 | 000,011,264 | ---- | M] () -- C:\Users\alysher\AppData\Local\Temp\_MEI46482\win32crypt.pyd
MOD - [2014/05/01 22:47:54 | 000,739,840 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4511\libGLESv2.dll
MOD - [2014/05/01 22:47:53 | 026,118,656 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4511\libcef.dll
MOD - [2014/05/01 22:47:53 | 000,130,048 | ---- | M] () -- C:\Program Files\Battle.net\Battle.net.4511\libEGL.dll
MOD - [2014/02/14 04:07:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/24 01:55:52 | 000,007,680 | ---- | M] () -- C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\SystemInfo.dll
MOD - [2014/01/24 01:55:52 | 000,006,144 | ---- | M] () -- C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\CoreTempReader.dll
MOD - [2014/01/24 01:55:51 | 000,008,704 | ---- | M] () -- C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\GetCoreTempInfoNET.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/10/21 19:19:37 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/08 14:22:04 | 000,794,272 | ---- | M] () -- C:\Users\alysher\Google Drive\Core Temp.exe
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/06/27 01:42:44 | 000,257,536 | ---- | M] () -- C:\Program Files\GitExtensions\GitExtensionsShellEx32.dll
MOD - [2013/04/22 10:46:42 | 001,054,320 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2012/09/07 11:42:20 | 000,034,816 | ---- | M] () -- C:\Program Files\FSP\KbdHook.dll
MOD - [2012/09/07 11:21:20 | 000,055,808 | ---- | M] () -- C:\Program Files\FSP\FspLib.dll
MOD - [2012/08/04 22:14:12 | 000,166,400 | ---- | M] () -- C:\Program Files\KDiff3\diff_ext_for_kdiff3.dll
MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/28 16:56:32 | 006,551,672 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll
MOD - [2010/09/28 16:53:26 | 000,948,496 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\libeay32.dll
MOD - [2010/09/28 16:53:26 | 000,153,360 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\ssleay32.dll


========== Services (SafeList) ==========

SRV - [2014/05/11 18:45:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/02 03:50:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/29 21:24:40 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 05:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/06 03:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/24 20:05:54 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/09 22:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/09 22:14:51 | 014,658,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/21 03:16:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/16 18:27:12 | 008,151,040 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcusbnet.sys -- (qcusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\C771VSP.sys -- (C771VSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\C771BUS.sys -- (C771BUS)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\alysher\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2014/05/11 18:43:41 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/02 03:50:20 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/02 03:50:20 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/05/02 03:50:19 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/05/02 03:50:19 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/02 03:50:19 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/05/02 03:50:19 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/02 03:50:19 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/02 03:50:19 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/02/08 14:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014/01/24 20:50:42 | 000,064,808 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver.sys -- (BRDriver)
DRV - [2014/01/22 09:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2014/01/22 09:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/01/22 09:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/12/05 04:42:30 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/11/28 09:38:19 | 000,162,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/07/04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/07/04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/07/04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/07/04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013/07/04 16:37:08 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013/06/28 11:44:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2013/04/18 16:11:52 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2013/04/18 16:09:22 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2013/03/26 16:16:08 | 000,026,240 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2013/03/20 10:51:12 | 000,006,272 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2013/03/20 10:49:32 | 000,011,264 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2013/03/19 18:25:44 | 000,023,936 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2013/03/19 18:25:34 | 000,024,960 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2013/03/19 18:25:28 | 000,021,376 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2013/03/19 16:38:36 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2013/03/07 09:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2013/02/11 23:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV - [2012/09/07 11:11:36 | 000,055,808 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_win732.sys -- (fspad_win732)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/27 04:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012/06/27 04:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2012/06/27 04:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012/06/27 04:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2012/06/27 04:37:56 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2012/06/27 04:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2012/06/27 04:37:56 | 000,074,752 | ---- | M] (Schunid) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbtusbser.sys -- (sshpmdm)
DRV - [2012/06/27 04:37:56 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV - [2012/06/27 04:37:56 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV - [2012/06/27 04:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2012/06/27 04:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2012/06/08 17:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/03/02 09:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 09:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 09:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 09:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/10/27 03:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:29 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2007/09/13 00:09:48 | 000,021,024 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xpad.sys -- (XPAD)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 07 2F 7B BA 85 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0FB87B84-9C0C-4C78-A26B-CB35DD6E6B7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE11SR<br /> IE - HKCU\..\SearchScopes\{0FB87B84-9C0C-4C78-A26B-CB35DD6E6B7D}: "URL" = https://www.google.c...Terms}<br /> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BD249FD00-4DF9-11D9-9FDC-0080481ADA61%7D:1.6.3
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7BFBF6D7FB-F305-4445-BB3D-FEF66579A033%7D:5.0.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.22
FF - prefs.js..extensions.enabledAddons: s3download%40statusbar:2.11
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\alysher\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/02 03:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/18 22:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Extensions
[2014/05/11 18:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions
[2014/05/11 18:48:00 | 000,341,954 | ---- | M] () (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions\[email protected]
[2014/05/11 18:48:00 | 000,452,396 | ---- | M] () (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/05/11 18:49:27 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2013/09/03 22:43:04 | 000,065,236 | ---- | M] () (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi
[2014/05/11 18:48:00 | 000,060,249 | ---- | M] () (No name found) -- C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi
[2014/05/11 18:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/11 18:45:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/02 03:50:21 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2014/04/16 16:09:41 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Battle.net] "C:\Program Files\Battle.net\Battle.net Launcher.exe" --autostarted File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Wowhead_Client] C:\Users\alysher\Downloads\Wowhead_Client.exe (Wowhead)
O4 - Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\add_url.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI458A~1\Office15\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} http://192.168.1.66/speco_control.cab (UMS_AX_Ctrl Class)
O16 - DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} http://192.168.1.66/...o_webviewer.cab (SPECO_WebViewer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D5137A6-E3F5-4205-8B2F-9B30C0D1C782}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE59437-DB88-49D0-A528-4A6F3E12505E}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/11/17 15:09:33 | 000,000,059 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/11/16 21:17:14 | 000,000,059 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 19:00:31 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1eae0584-087a-11e3-a65d-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{1eae0584-087a-11e3-a65d-08002700004d}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{23fa8900-14e3-11e3-ad5c-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{23fa8900-14e3-11e3-ad5c-08002700004d}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{23fa8909-14e3-11e3-ad5c-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{23fa8909-14e3-11e3-ad5c-08002700004d}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{5c8d3f79-5c73-11e3-a6d0-0021857ce048}\Shell - "" = AutoRun
O33 - MountPoints2\{5c8d3f79-5c73-11e3-a6d0-0021857ce048}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{681d1035-1114-11e3-aa04-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{681d1035-1114-11e3-aa04-08002700004d}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{681d1052-1114-11e3-aa04-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{681d1052-1114-11e3-aa04-08002700004d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
O33 - MountPoints2\{9166d002-67ff-11e3-8021-0021857ce048}\Shell - "" = AutoRun
O33 - MountPoints2\{9166d002-67ff-11e3-8021-0021857ce048}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O33 - MountPoints2\{a0126b2f-f1e2-11e2-865f-8456d03ebaff}\Shell - "" = AutoRun
O33 - MountPoints2\{a0126b2f-f1e2-11e2-865f-8456d03ebaff}\Shell\AutoRun\command - "" = E:\JMSETUP.EXE -- [1994/10/01 04:31:28 | 000,054,176 | R--- | M] (Presto Studios & Sanctuary Woods)
O33 - MountPoints2\{c77123cd-25e7-11e3-a13f-08002700004d}\Shell - "" = AutoRun
O33 - MountPoints2\{c77123cd-25e7-11e3-a13f-08002700004d}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{d836e790-14c0-11e3-8933-40618619494b}\Shell - "" = AutoRun
O33 - MountPoints2\{d836e790-14c0-11e3-8933-40618619494b}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/11 19:08:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alysher\Desktop\OTL.exe
[2014/05/11 18:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/09 03:18:32 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/09 03:18:07 | 001,053,184 | ---- | C] (Farbar) -- C:\Users\alysher\Desktop\FRST.exe
[2014/05/03 01:56:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/03 01:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSR
[2014/05/03 01:55:42 | 000,000,000 | ---D | C] -- C:\Users\alysher\AppData\Local\41
[2014/05/02 03:50:19 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/01 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\alysher\AppData\Local\D01_MicroApps
[2014/05/01 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\alysher\AppData\Roaming\Boot Animation Factory
[2014/05/01 20:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D01 MicroApps
[2014/05/01 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\D01 MicroApps
[2014/04/30 00:48:54 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/04/24 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\alysher\Desktop\jokes
[2014/04/18 06:19:30 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/18 06:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/18 06:18:09 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/18 06:18:09 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/18 06:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/13 15:18:26 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/04/11 20:27:46 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/11 19:11:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/11 19:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alysher\Desktop\OTL.exe
[2014/05/11 18:43:41 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/11 18:41:16 | 000,027,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 18:41:16 | 000,027,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 18:32:23 | 000,027,351 | ---- | M] () -- C:\Users\alysher\Desktop\bookmarks-2014-05-11.json
[2014/05/11 18:24:20 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/11 18:06:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001UA.job
[2014/05/11 17:38:42 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001Core.job
[2014/05/11 17:37:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/11 17:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 22:00:37 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/09 22:00:37 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/09 21:56:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/05/09 21:54:49 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/09 21:54:48 | 441,438,617 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/09 03:18:08 | 001,053,184 | ---- | M] (Farbar) -- C:\Users\alysher\Desktop\FRST.exe
[2014/05/05 21:54:03 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/03 19:54:11 | 000,000,600 | ---- | M] () -- C:\Users\alysher\AppData\Local\PUTTY.RND
[2014/05/02 03:50:53 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/02 03:50:20 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/05/02 03:50:20 | 000,067,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/05/02 03:50:19 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/05/02 03:50:19 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/05/02 03:50:19 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/05/02 03:50:19 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/05/02 03:50:19 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/05/02 03:50:19 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/05/02 03:50:19 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/02 03:50:19 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/05/02 00:00:12 | 003,753,285 | ---- | M] () -- C:\Users\alysher\Desktop\ext2explore-2.2.71.zip
[2014/05/01 23:58:59 | 002,355,807 | ---- | M] () -- C:\Users\alysher\Desktop\ext4_unpacker_exe.zip
[2014/05/01 20:35:14 | 000,002,791 | ---- | M] () -- C:\Users\Public\Desktop\Boot Animation Factory.lnk
[2014/04/23 23:49:29 | 004,767,052 | ---- | M] () -- C:\Users\alysher\Desktop\QuickStartGuide_Gateway_1.0_A_A.zip
[2014/04/18 06:18:16 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/18 06:08:21 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2014/04/16 16:09:41 | 000,000,833 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2023/10/21 17:45:55 | 000,000,260 | ---- | C] () -- C:\Users\alysher\Desktop\10.key
[2014/05/11 18:32:23 | 000,027,351 | ---- | C] () -- C:\Users\alysher\Desktop\bookmarks-2014-05-11.json
[2014/05/03 19:54:11 | 000,000,600 | ---- | C] () -- C:\Users\alysher\AppData\Local\PUTTY.RND
[2014/05/02 03:50:24 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/05/02 00:00:09 | 003,753,285 | ---- | C] () -- C:\Users\alysher\Desktop\ext2explore-2.2.71.zip
[2014/05/01 23:59:04 | 002,355,807 | ---- | C] () -- C:\Users\alysher\Desktop\ext4_unpacker_exe.zip
[2014/05/01 20:35:14 | 000,002,791 | ---- | C] () -- C:\Users\Public\Desktop\Boot Animation Factory.lnk
[2014/04/23 23:49:25 | 004,767,052 | ---- | C] () -- C:\Users\alysher\Desktop\QuickStartGuide_Gateway_1.0_A_A.zip
[2014/04/18 06:08:21 | 000,002,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
[2014/04/18 06:08:21 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2014/04/09 21:44:13 | 002,499,656 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2014/04/09 21:44:13 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2014/04/09 21:44:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2014/04/09 21:44:13 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2014/04/09 21:44:13 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2014/03/13 04:44:46 | 000,000,469 | ---- | C] () -- C:\Users\alysher\AppData\Roaming\Weather Monitor_Settings.ini
[2014/03/05 16:10:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/17 05:25:06 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2014/02/06 00:04:43 | 000,000,889 | ---- | C] () -- C:\Users\alysher\AppData\Local\recently-used.xbel
[2014/01/24 03:06:01 | 000,000,121 | ---- | C] () -- C:\Users\alysher\AppData\Roaming\System Monitor II_UptimeRecord.ini
[2014/01/24 01:52:50 | 000,002,006 | ---- | C] () -- C:\Users\alysher\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2014/01/22 19:23:32 | 000,000,506 | ---- | C] () -- C:\Windows\SIERRA.INI
[2014/01/22 18:00:12 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2014/01/22 17:13:15 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2013/12/09 16:25:17 | 000,000,791 | ---- | C] () -- C:\Windows\EFXP.ini
[2013/12/03 23:42:29 | 000,000,685 | ---- | C] () -- C:\Windows\EF2.INI
[2013/12/03 22:25:30 | 000,000,782 | ---- | C] () -- C:\Windows\EF.ini
[2013/11/13 18:40:34 | 000,000,021 | ---- | C] () -- C:\Windows\SPECO_~1.INI
[2013/09/11 02:31:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/09/11 02:31:46 | 000,000,210 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/09/11 01:02:22 | 000,004,138 | ---- | C] () -- C:\ProgramData\ngqoeocq.huh
[2013/09/11 00:51:13 | 000,005,086 | ---- | C] () -- C:\ProgramData\zscupymp.kxv
[2013/08/05 14:19:58 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/07/22 14:40:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\VIA_USB_MODEM.sys
[2013/07/20 23:43:32 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/20 23:43:31 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/20 21:23:57 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/07/09 23:01:30 | 000,000,447 | ---- | C] () -- C:\Users\alysher\.gitconfig

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/11 05:24:48 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\AnvSoft
[2014/02/22 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Audacity
[2013/10/21 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\AVAST Software
[2014/02/19 12:28:18 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Battle.net
[2014/05/02 22:00:32 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Boot Animation Factory
[2013/10/08 08:03:39 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\calibre
[2013/07/30 23:46:44 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Curse Advertising
[2013/09/17 13:19:56 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Downloaded Installations
[2013/07/25 02:35:12 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\GitExtensions
[2014/04/08 03:28:09 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Greenshot
[2014/03/11 05:36:36 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\HandBrake
[2013/07/25 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\HeidiSQL
[2014/02/21 02:20:28 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\ImgBurn
[2014/02/06 02:50:01 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Mael
[2013/07/24 12:49:22 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\MetaProducts
[2013/07/26 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Motorola
[2013/07/26 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\Motorola Mobility
[2013/07/31 20:46:27 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\redsn0w
[2013/11/14 18:06:21 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\TeamViewer
[2014/05/09 03:13:24 | 000,000,000 | ---D | M] -- C:\Users\alysher\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C76EDAC3

< End of report >

  • 0

Advertisements

#2
JSntgRvr
Posted 11 May 2014 - 05:57 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#3
Alysher
Posted 11 May 2014 - 07:28 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
here we go....jrt log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x86 Ran by alysher on Sun 05/11/2014 at 20:22:55.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\alysher\AppData\Roaming\mozilla\firefox\profiles\nxft0yq4.default\minidumps [62 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/11/2014 at 20:27:48.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ adwcleaner log # AdwCleaner v3.208 - Report created 11/05/2014 at 20:40:08 # Updated 11/05/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : alysher - NEO-LAPTOP # Running from : C:\Users\alysher\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\alysher\AppData\Local\41 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKLM\Software\Free_soft_today Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1078 octets] - [11/05/2014 20:35:50] AdwCleaner[R1].txt - [1140 octets] - [11/05/2014 20:39:04] AdwCleaner[S0].txt - [1071 octets] - [11/05/2014 20:40:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1131 octets] ########## and the mbam log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/11/2014 Scan Time: 8:53:19 PM Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.11.10 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: alysher Scan Type: Hyper Scan Result: Completed Objects Scanned: 212537 Time Elapsed: 2 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) BTW, being as Malwarebytes anti malware has gone to 2.0 things have changed. i knew what you wanted, so i didnt have to ask, but you might want to update your canned messages to reflect the 2.0 changes.
  • 0

#4
Alysher
Posted 11 May 2014 - 07:33 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
lets try again......jrt log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x86 Ran by alysher on Sun 05/11/2014 at 20:22:55.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\alysher\AppData\Roaming\mozilla\firefox\profiles\nxft0yq4.default\minidumps [62 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/11/2014 at 20:27:48.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ adwcleaner log: # AdwCleaner v3.208 - Report created 11/05/2014 at 20:40:08 # Updated 11/05/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : alysher - NEO-LAPTOP # Running from : C:\Users\alysher\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\alysher\AppData\Local\41 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKLM\Software\Free_soft_today Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1078 octets] - [11/05/2014 20:35:50] AdwCleaner[R1].txt - [1140 octets] - [11/05/2014 20:39:04] AdwCleaner[S0].txt - [1071 octets] - [11/05/2014 20:40:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1131 octets] ########## malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/11/2014 Scan Time: 8:53:19 PM Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.11.10 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: alysher Scan Type: Hyper Scan Result: Completed Objects Scanned: 212537 Time Elapsed: 2 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) and since mbam went to 2.0 things have changed....i knew what kind of scan you wanted so i didnt have to ask, but you might want to update your canned messages to reflect the 2.0 changes
  • 0

#5
JSntgRvr
Posted 11 May 2014 - 08:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Open Notepad, select Format from the menu and deselect Wordwrap. That would help us better read your reports. Thanks for the head's up on MBAM 2.0. It is the new version.
 
Any improvement on the computer's performance?
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

  • 0

#6
Alysher
Posted 11 May 2014 - 09:18 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
wordwrap was already deselected....for some reason after i pasted the logs into the forum here it changed the format after i hit add reply. i may just do seperate posts for each log if it happens again, or attach the logs instead of pasting them. no performance change, although i did a check of running processes after the last reboot. the process WindowsUpdater.exe is taking half my processing power, and i KNOW its not a microsoft program. and im still getting the odd new window/tab in firefox, along with the ads. heres the frst log. attaching the addition and shortcut txts. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01 Ran by alysher (administrator) on NEO-LAPTOP on 11-05-2014 23:08:44 Running from C:\Users\alysher\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Users\alysher\Google Drive\Core Temp.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Wowhead) C:\Users\alysher\Downloads\Wowhead_Client.exe (Akamai Technologies, Inc.) C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe () C:\Program Files\PdaNet for Android\PdaNetPC.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Akamai Technologies, Inc.) C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe (Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.4511\Battle.net.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-07] (Realtek Semiconductor) HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4958720 2012-09-07] (Sentelic Corporation) HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation) HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2482176 2010-10-08] (Micro-Star International Co., Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] () HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-02] (AVAST Software) HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-09] (NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Wowhead_Client] => C:\Users\alysher\Downloads\Wowhead_Client.exe [454656 2012-10-24] (Wowhead) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Battle.net] => C:\Program Files\Battle.net\Battle.net Launcher.exe [2886704 2014-04-10] (Blizzard Entertainment) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Akamai NetSession Interface] => C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Facebook Update] => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-22] (Facebook Inc.) HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {1eae0584-087a-11e3-a65d-08002700004d} - G:\VZW_Software_upgrade_assistant_installer.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {23fa8900-14e3-11e3-ad5c-08002700004d} - F:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {23fa8909-14e3-11e3-ad5c-08002700004d} - G:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {5c8d3f79-5c73-11e3-a6d0-0021857ce048} - G:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {681d1035-1114-11e3-aa04-08002700004d} - G:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {681d1052-1114-11e3-aa04-08002700004d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {9166d002-67ff-11e3-8021-0021857ce048} - G:\LGAutoRun.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {a0126b2f-f1e2-11e2-865f-8456d03ebaff} - E:\jmsetup.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {c77123cd-25e7-11e3-a13f-08002700004d} - G:\TL-Bootstrap.exe HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {d836e790-14c0-11e3-8933-40618619494b} - F:\TL-Bootstrap.exe Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70072F7BBA85CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0FB87B84-9C0C-4C78-A26B-CB35DD6E6B7D} URL = https://www.google.c...archTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} http://192.168.1.66/...ontrol.cab DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} http://192.168.1.66/...er.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default FF Homepage: https://www.google.com/ FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\alysher\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: S3.Download Statusbar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\[email protected] [2014-05-11] FF Extension: All-in-One Sidebar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-05-11] FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2014-05-11] FF Extension: MetaProducts Integration - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2013-09-03] FF Extension: Multirow Bookmarks Toolbar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2014-05-11] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-20] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-24] (BitRaider, LLC) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] () R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8917 2013-07-21] () R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-09] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-02] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-05-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-05-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-05-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-02] () S3 BRDriver; C:\ProgramData\BitRaider\BRDriver.sys [64808 2014-01-24] (BitRaider) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] () R3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [55808 2012-09-07] (Sentelic Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola) S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2013-03-19] (Motorola Inc) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) S3 sshpmdm; C:\Windows\System32\DRIVERS\mbtusbser.sys [74752 2012-06-27] (Schunid) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation) S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [21504 2012-06-27] () S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [16128 2012-06-27] (Via Telecom, Inc.) S3 XPAD; C:\Windows\System32\DRIVERS\xpad.sys [21024 2007-09-13] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) R3 ALSysIO; \??\C:\Users\alysher\AppData\Local\Temp\ALSysIO.sys [X] S3 C771BUS; system32\DRIVERS\C771BUS.sys [X] S3 C771VSP; system32\DRIVERS\C771VSP.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motport; system32\DRIVERS\motport.sys [X] S3 qcusbnet; system32\DRIVERS\qcusbnet.sys [X] S3 qcusbser; system32\DRIVERS\qcusbser.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2023-10-21 17:45 - 2014-04-11 16:11 - 00000260 _____ () C:\Users\alysher\Desktop\10.key 2014-05-11 23:08 - 2014-05-11 23:09 - 00019786 _____ () C:\Users\alysher\Desktop\FRST.txt 2014-05-11 20:53 - 2014-05-11 20:53 - 00001051 _____ () C:\Users\alysher\Desktop\mbam.txt 2014-05-11 20:35 - 2014-05-11 20:40 - 00000000 ____D () C:\AdwCleaner 2014-05-11 20:27 - 2014-05-11 20:27 - 00001194 _____ () C:\Users\alysher\Desktop\JRT.txt 2014-05-11 20:22 - 2014-05-11 20:22 - 00000000 ____D () C:\Windows\ERUNT 2014-05-11 20:03 - 2014-05-11 20:03 - 01325827 _____ () C:\Users\alysher\Desktop\AdwCleaner.exe 2014-05-11 20:02 - 2014-05-11 20:02 - 01016261 _____ (Thisisu) C:\Users\alysher\Desktop\JRT.exe 2014-05-11 20:02 - 2014-05-11 20:02 - 00448512 _____ (OldTimer Tools) C:\Users\alysher\Desktop\TFC.exe 2014-05-11 19:18 - 2014-05-11 19:18 - 00119292 _____ () C:\Users\alysher\Desktop\OTL.Txt 2014-05-11 19:08 - 2014-05-11 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\alysher\Desktop\OTL.exe 2014-05-11 18:45 - 2014-05-11 18:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 00:07 - 2014-05-10 00:07 - 00006998 _____ () C:\Users\alysher\Downloads\65002.prl 2014-05-09 21:54 - 2014-05-09 21:55 - 00160480 _____ () C:\Windows\Minidump\050914-25116-01.dmp 2014-05-09 03:18 - 2014-05-11 23:08 - 00000000 ____D () C:\FRST 2014-05-09 03:18 - 2014-05-11 22:53 - 01056256 _____ (Farbar) C:\Users\alysher\Desktop\FRST.exe 2014-05-06 14:13 - 2014-05-06 14:13 - 01586165 _____ () C:\Users\alysher\Downloads\ComIntRepair.exe 2014-05-05 10:45 - 2014-05-05 10:45 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-04 00:08 - 2014-05-11 23:04 - 20819968 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll 2014-05-03 19:54 - 2014-05-03 19:54 - 00000600 _____ () C:\Users\alysher\AppData\Local\PUTTY.RND 2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files\MSR 2014-05-02 22:45 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 22:45 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-02 03:57 - 2013-12-20 16:05 - 00000745 _____ () C:\Users\alysher\Desktop\desc.txt 2014-05-02 03:50 - 2014-05-02 03:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-02 03:50 - 2014-05-02 03:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-02 00:00 - 2014-05-02 00:00 - 03753285 _____ () C:\Users\alysher\Desktop\ext2explore-2.2.71.zip 2014-05-02 00:00 - 2014-05-02 00:00 - 00000063 _____ () C:\Users\alysher\Desktop\ext2explorelog.log 2014-05-01 23:59 - 2014-05-01 23:58 - 02355807 _____ () C:\Users\alysher\Desktop\ext4_unpacker_exe.zip 2014-05-01 20:35 - 2014-05-02 22:00 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Boot Animation Factory 2014-05-01 20:35 - 2014-05-01 20:35 - 00002791 _____ () C:\Users\Public\Desktop\Boot Animation Factory.lnk 2014-04-30 00:48 - 2014-04-30 00:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 21:27 - 2014-04-13 22:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-29 21:27 - 2014-04-13 22:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-24 01:18 - 2014-05-11 20:21 - 00000000 ____D () C:\Users\alysher\Desktop\jokes 2014-04-18 06:19 - 2014-05-11 23:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-18 06:18 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-18 06:18 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-18 06:15 - 2014-04-18 06:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\alysher\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-18 06:08 - 2014-04-18 06:08 - 00002597 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk 2014-04-18 06:08 - 2014-04-18 06:08 - 00002585 _____ () C:\Users\Public\Desktop\RSD Lite.lnk 2014-04-13 15:18 - 2014-04-13 15:18 - 00000000 __SHD () C:\found.001 2014-04-11 20:27 - 2014-04-11 20:27 - 00000000 __SHD () C:\found.000 2014-04-11 20:18 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-11 20:18 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-11 20:18 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-11 20:18 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-11 20:18 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-11 20:18 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-11 20:18 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-11 20:18 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-11 20:18 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-11 20:18 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-11 20:18 - 2014-03-06 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-11 20:18 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-11 20:18 - 2014-03-06 03:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-11 20:18 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-11 20:18 - 2014-03-06 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-11 20:18 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-11 20:18 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-11 20:18 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-11 20:18 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-11 20:18 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-11 20:18 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-11 20:18 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-11 20:18 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-11 20:18 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Qualcomm 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\Program Files\Qualcomm 2014-04-11 02:28 - 2014-04-11 02:28 - 00003640 _____ () C:\Users\alysher\Downloads\Page Plus guide.zip 2014-04-11 01:50 - 2014-04-11 01:50 - 00005930 _____ () C:\Users\alysher\Downloads\53423.prl 2014-04-11 01:13 - 2014-04-11 01:13 - 00006055 _____ () C:\Users\alysher\Downloads\60008.prl ==================== One Month Modified Files and Folders ======= 2014-05-11 23:09 - 2014-05-11 23:08 - 00019786 _____ () C:\Users\alysher\Desktop\FRST.txt 2014-05-11 23:08 - 2014-05-09 03:18 - 00000000 ____D () C:\FRST 2014-05-11 23:08 - 2013-07-20 21:07 - 01588110 _____ () C:\Windows\WindowsUpdate.log 2014-05-11 23:08 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-11 23:07 - 2014-04-18 06:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-11 23:06 - 2014-02-21 05:02 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-11 23:06 - 2013-08-23 23:38 - 00000000 ____D () C:\Users\alysher\AppData\Local\Battle.net 2014-05-11 23:04 - 2014-05-04 00:08 - 20819968 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll 2014-05-11 23:04 - 2013-07-20 22:18 - 00000000 ___RD () C:\Users\alysher\Google Drive 2014-05-11 23:04 - 2009-07-14 00:39 - 00242719 _____ () C:\Windows\setupact.log 2014-05-11 23:03 - 2013-07-20 22:16 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 23:03 - 2010-11-20 17:48 - 00413678 _____ () C:\Windows\PFRO.log 2014-05-11 23:03 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-11 22:59 - 2009-07-14 00:34 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-11 22:59 - 2009-07-14 00:34 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-11 22:53 - 2014-05-09 03:18 - 01056256 _____ (Farbar) C:\Users\alysher\Desktop\FRST.exe 2014-05-11 22:24 - 2013-07-20 22:16 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 22:11 - 2014-03-18 02:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-11 21:06 - 2014-01-24 00:56 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001UA.job 2014-05-11 21:06 - 2014-01-24 00:56 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001Core.job 2014-05-11 20:53 - 2014-05-11 20:53 - 00001051 _____ () C:\Users\alysher\Desktop\mbam.txt 2014-05-11 20:40 - 2014-05-11 20:35 - 00000000 ____D () C:\AdwCleaner 2014-05-11 20:27 - 2014-05-11 20:27 - 00001194 _____ () C:\Users\alysher\Desktop\JRT.txt 2014-05-11 20:22 - 2014-05-11 20:22 - 00000000 ____D () C:\Windows\ERUNT 2014-05-11 20:21 - 2014-04-24 01:18 - 00000000 ____D () C:\Users\alysher\Desktop\jokes 2014-05-11 20:16 - 2013-07-21 12:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-11 20:03 - 2014-05-11 20:03 - 01325827 _____ () C:\Users\alysher\Desktop\AdwCleaner.exe 2014-05-11 20:02 - 2014-05-11 20:02 - 01016261 _____ (Thisisu) C:\Users\alysher\Desktop\JRT.exe 2014-05-11 20:02 - 2014-05-11 20:02 - 00448512 _____ (OldTimer Tools) C:\Users\alysher\Desktop\TFC.exe 2014-05-11 19:18 - 2014-05-11 19:18 - 00119292 _____ () C:\Users\alysher\Desktop\OTL.Txt 2014-05-11 19:08 - 2014-05-11 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\alysher\Desktop\OTL.exe 2014-05-11 18:45 - 2014-05-11 18:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-11 18:44 - 2013-07-21 11:47 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Mozilla 2014-05-10 00:07 - 2014-05-10 00:07 - 00006998 _____ () C:\Users\alysher\Downloads\65002.prl 2014-05-09 21:55 - 2014-05-09 21:54 - 00160480 _____ () C:\Windows\Minidump\050914-25116-01.dmp 2014-05-09 21:54 - 2013-09-03 19:22 - 441438617 _____ () C:\Windows\MEMORY.DMP 2014-05-09 21:54 - 2013-09-03 19:22 - 00000000 ____D () C:\Windows\Minidump 2014-05-09 03:13 - 2013-07-25 03:59 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\uTorrent 2014-05-08 03:25 - 2013-07-20 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-05-06 14:13 - 2014-05-06 14:13 - 01586165 _____ () C:\Users\alysher\Downloads\ComIntRepair.exe 2014-05-05 21:54 - 2013-12-19 17:32 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-05-05 21:54 - 2013-12-19 17:32 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-05-05 10:50 - 2013-09-23 14:03 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-05 10:45 - 2014-05-05 10:45 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-05 10:45 - 2013-07-26 23:04 - 00000000 ____D () C:\Program Files\Java 2014-05-05 10:39 - 2013-07-30 23:44 - 00000000 ____D () C:\Users\alysher\AppData\Local\Deployment 2014-05-04 00:03 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\PLA 2014-05-03 19:54 - 2014-05-03 19:54 - 00000600 _____ () C:\Users\alysher\AppData\Local\PUTTY.RND 2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files\MSR 2014-05-02 23:04 - 2013-08-23 23:38 - 00000000 ____D () C:\Program Files\Battle.net 2014-05-02 22:00 - 2014-05-01 20:35 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Boot Animation Factory 2014-05-02 03:50 - 2014-05-02 03:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-02 03:50 - 2014-05-02 03:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-02 03:50 - 2014-01-03 22:47 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-02 03:50 - 2013-07-20 23:43 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-02 03:50 - 2013-07-20 23:43 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-05-02 00:00 - 2014-05-02 00:00 - 03753285 _____ () C:\Users\alysher\Desktop\ext2explore-2.2.71.zip 2014-05-02 00:00 - 2014-05-02 00:00 - 00000063 _____ () C:\Users\alysher\Desktop\ext2explorelog.log 2014-05-01 23:58 - 2014-05-01 23:59 - 02355807 _____ () C:\Users\alysher\Desktop\ext4_unpacker_exe.zip 2014-05-01 20:35 - 2014-05-01 20:35 - 00002791 _____ () C:\Users\Public\Desktop\Boot Animation Factory.lnk 2014-04-30 00:48 - 2014-04-30 00:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 21:24 - 2014-03-18 02:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-29 21:24 - 2014-03-18 02:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-29 08:48 - 2014-05-02 22:45 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 08:34 - 2014-05-02 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-24 15:17 - 2013-12-14 23:25 - 00000000 ____D () C:\Users\alysher\AppData\Local\Akamai 2014-04-19 03:37 - 2013-06-29 22:19 - 00000000 ____D () C:\Games 2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-18 06:18 - 2013-07-20 23:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Malwarebytes 2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-18 06:16 - 2014-04-18 06:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\alysher\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-18 06:08 - 2014-04-18 06:08 - 00002597 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk 2014-04-18 06:08 - 2014-04-18 06:08 - 00002585 _____ () C:\Users\Public\Desktop\RSD Lite.lnk 2014-04-13 22:11 - 2014-04-29 21:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-13 22:07 - 2014-04-29 21:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-13 15:18 - 2014-04-13 15:18 - 00000000 __SHD () C:\found.001 2014-04-11 21:21 - 2013-07-21 12:19 - 00000000 ____D () C:\Users\alysher\AppData\Local\Adobe 2014-04-11 21:10 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-04-11 20:27 - 2014-04-11 20:27 - 00000000 __SHD () C:\found.000 2014-04-11 16:11 - 2023-10-21 17:45 - 00000260 _____ () C:\Users\alysher\Desktop\10.key 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Qualcomm 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST 2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\Program Files\Qualcomm 2014-04-11 03:00 - 2013-07-22 14:44 - 00000000 ____D () C:\Program Files\QPST 2014-04-11 03:00 - 2013-07-20 21:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-11 02:28 - 2014-04-11 02:28 - 00003640 _____ () C:\Users\alysher\Downloads\Page Plus guide.zip 2014-04-11 01:50 - 2014-04-11 01:50 - 00005930 _____ () C:\Users\alysher\Downloads\53423.prl 2014-04-11 01:13 - 2014-04-11 01:13 - 00006055 _____ () C:\Users\alysher\Downloads\60008.prl Some content of TEMP: ==================== C:\Users\alysher\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 16:48 ==================== End Of Log ============================
  • 0

#7
Alysher
Posted 11 May 2014 - 09:23 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01 Ran by alysher at 2014-05-11 23:09:29 Running from C:\Users\alysher\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Alice: Madness Returns (HKLM\...\Alice: Madness Returns_is1) (Version: - ) American McGee's Alice™ (HKLM\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - ) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Boot Animation Factory (HKLM\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) calibre (HKLM\...\{FEFD4E74-85EE-4BA6-AD02-E0F99BC3F51E}) (Version: 1.31.0 - Kovid Goyal) CMake 2.8, a cross-platform, open-source build system (HKLM\...\CMake 2.8.11.2) (Version: 2.8.11.2 - Kitware) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft) DFS 13.9.29.0 (HKLM\...\{61c5ab82-e320-42d6-88cf-8e67f03c5f7a}_is1) (Version: 13.9.29.0 - Telecom Logic) Diablo (HKLM\...\Diablo) (Version: - ) Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment) Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment) DVDStyler v2.6.1 (HKLM\...\DVDStyler_is1) (Version: - ) EaseUS Partition Master 9.3.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS) Fable - The Lost Chapters (HKLM\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios) Fable - The Lost Chapters (Version: 1.00.0000 - Microsoft Game Studios) Hidden Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.8.6 - Sentelic) FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - ) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Git Extensions 2.46 (HKLM\...\{71E6012F-4E5C-4EFC-91B3-6BC39C985B45}) (Version: 2.46 - Henk) Git version 1.8.3-preview20130601 (HKLM\...\Git_is1) (Version: 1.8.3-preview20130601 - The Git Development Community) Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Greenshot 1.1.8.35 (HKLM\...\Greenshot_is1) (Version: 1.1.8.35 - Greenshot) HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - ) HeidiSQL 8.0.0.4396 (HKLM\...\HeidiSQL_is1) (Version: 8.0 - Ansgar Becker) Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) Hellfire (HKLM\...\Hellfire) (Version: - ) Hero Editor V1.03 (HKLM\...\ST6UNST #1) (Version: - ) HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation) Hunter Hunted 1.0 (HKLM\...\{57A1B0D8-F437-4844-8AE7-24E50950F936}_is1) (Version: - Sierra On-Line, Inc.) HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) KDiff3 (remove only) (HKLM\...\KDiff3) (Version: - ) K-Lite Codec Pack 9.9.5 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - ) Kotor Tool (HKLM\...\Kotor Tool) (Version: - ) LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics) LG USB WML Modem Driver (HKLM\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics) LGNPST Components (HKLM\...\{5F1AC45F-41E4-4103-9DEB-F436D4AC44EB}) (Version: 4.0.22.0 - LG Electronics) Logon Screen Rotator version 4.1 (HKLM\...\{EF7A37B0-B866-441A-958F-4DDAEE995877}_is1) (Version: 4.1 - Luke Payne Software) Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) MetaProducts Download Express (HKLM\...\DownloadExpress) (Version: - ) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden Motorola Datacard Drivers 1.5.9 (HKLM\...\{F99D0BE3-D681-48A3-8CAB-6399E76E217A}) (Version: 1.5.9 - Motorola Inc.) Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC) Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MySQL Server 5.5 (HKLM\...\{D23652B2-1C05-4D4B-9C3D-45DE9AC3953D}) (Version: 5.5.32 - Oracle Corporation) Myst III: Exile (HKLM\...\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}) (Version: - ) Myst IV - Revelation (HKLM\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1.03 - ) Myst Masterpiece Edition (HKLM\...\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}) (Version: - ) Myst V End Of Ages (HKLM\...\1947ed9c549f680a9ed3f1fdbb9337a4) (Version: - ) NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) OpenSSL 1.0.1e (32-bit) (HKLM\...\OpenSSL (32-bit)_is1) (Version: - OpenSSL Win32 Installer Team) Oracle VM VirtualBox 4.2.16 (HKLM\...\{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}) (Version: 4.2.16 - Oracle Corporation) PdaNet+ for Android 4.12 (HKLM\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com) Photo Gallery (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Prism Video File Converter (HKLM\...\Prism) (Version: 2.07 - NCH Software) QPST 2.7 (HKLM\...\{E5369F4D-3683-4CA2-9619-84506B182F1C}) (Version: 2.7.374 - Qualcomm) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RAD Video Tools (HKLM\...\RADVideo) (Version: - ) RadioComm v11.11.11 (HKLM\...\{90690334-8BE8-4807-8461-B02E86FD4A37}) (Version: 11.11.11 - Motorola Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Riven (HKLM\...\{D9577427-2D9D-4580-BDB3-FFDDE06A9554}) (Version: - ) RSDLite (HKLM\...\{2540D9B6-1D17-4D7B-972F-067FE5DC8C5A}) (Version: 6.1.5 - Motorola) Runtime Files Pack 3 (HKLM\...\ST4UNST #2) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Sierra Utilities (HKLM\...\Sierra Utilities) (Version: - ) Skype 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Star Trek Elite Force II (HKLM\...\Star Trek Elite Force II) (Version: - ) Star Trek Voyager Elite Force (HKLM\...\Star Trek Voyager Elite Force) (Version: - ) Star Wars The Old Republic (HKLM\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA) Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian) Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Star Wars®: Knights of the Old Republic ™ (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - ) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.1008.007.01 - Micro-Star International Co., Ltd.) System Update kb70007 (Version: 1.0.0 - MSR) Hidden TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0 (HKLM\...\TigerGame XBOX+PS2+GC Game Controller Adapter_is1) (Version: - ) TSLRCM 1.8.1 (HKLM\...\The Sith Lords Restored Content Mod_is1) (Version: - ) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Visual Basic 4 Runtime Files (HKLM\...\ST4UNST #1) (Version: - ) Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live Communications Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden WinImage (HKLM\...\WinImage) (Version: - ) WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. ) WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC) ==================== Restore Points ========================= 18-04-2014 05:37:57 Scheduled Checkpoint 18-04-2014 10:05:58 Removed RSDLite 18-04-2014 10:07:59 Installed RSDLite 23-04-2014 00:37:18 Windows Update 30-04-2014 01:34:44 Windows Update 30-04-2014 04:48:29 Windows Update 02-05-2014 00:34:45 Installed Boot Animation Factory. 02-05-2014 07:49:25 avast! antivirus system restore point 03-05-2014 02:44:44 Windows Update 05-05-2014 14:44:49 Installed Java 7 Update 55 06-05-2014 19:46:39 Windows Update 09-05-2014 06:53:50 Removed Java 7 Update 51 10-05-2014 02:05:32 Windows Update ==================== Hosts content: ========================== 2014-04-16 16:09 - 2014-04-16 16:09 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {12AF3085-145B-42FD-92D3-458A3DFAE80F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {16949E41-DF94-41E3-B350-52674AE3B395} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {39D63993-F1E7-4277-95BD-B7EC2E1D3798} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {4681C451-2131-4D03-B160-6FE05C3ABECD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001Core => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-22] (Facebook Inc.) Task: {593318F4-DC70-4D66-95E1-92F8A0066948} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-11-21] () Task: {5D71C667-3B09-4060-A30F-7161CB7EE55E} - System32\Tasks\{350E508D-39B9-4E1B-BB0C-306D0001FBB4} => D:\AUTORUN.EXE Task: {629F51E8-7F35-4979-B800-87425067957C} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {7831057D-52A2-4EB0-9852-DE21CE6AAF67} - System32\Tasks\{7561DC13-F6FD-43EB-82CC-D3B3C5897A07} => C:\Games\MystME\Myst.exe [1999-07-28] () Task: {7A997998-714E-4E72-8DF7-D5D129E95379} - System32\Tasks\{9DA37661-5F2D-4831-A79B-BA91073BB5B3} => C:\Games\MystME\Myst.exe [1999-07-28] () Task: {85EE5F17-EC27-43A1-8450-2E3F4187012E} - System32\Tasks\{4B393771-41D7-4F7B-9ADA-5D39BC898248} => C:\Games\MystME\Myst.exe [1999-07-28] () Task: {8EE5567B-37FD-4926-96A2-D0B460B40FEE} - System32\Tasks\Core Temp Autostart alysher => C:\Users\alysher\Google Drive\Core Temp.exe [2013-10-08] () Task: {928552B6-8689-4DC9-A070-2186D0AF1441} - System32\Tasks\{8A6839B1-E213-402F-99A8-9D758CA7AC12} => C:\Games\MystME\Myst.exe [1999-07-28] () Task: {B2EC8B49-56E1-41DE-A229-8A0040543405} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02] (AVAST Software) Task: {C22A6D39-113F-4F9E-87ED-4D7FCA400413} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {C60D1579-A28E-4061-894D-7746F2397326} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.) Task: {D3698663-B36F-40A9-A467-7D9EC5580A8A} - System32\Tasks\LogonScreenRotator => C:\Program Files\Logon Screen Rotator\Logon Screen Rotator.exe [2012-04-17] (Luke Payne) Task: {E0156847-8C3A-4F26-B390-5F6593032632} - System32\Tasks\{CCDEAA72-7B60-4631-BCD9-916B713003E3} => C:\Games\MystME\Myst.exe [1999-07-28] () Task: {ED912EDA-E14F-4BC4-8947-4FA054E55188} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001UA => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-22] (Facebook Inc.) Task: {F371DB4B-26F6-4350-A7CD-16C924960AEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001Core.job => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001UA.job => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-11 18:41 - 2014-05-11 18:41 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051103\algo.dll 2013-07-20 21:19 - 2014-02-08 13:11 - 00107808 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-11-06 20:49 - 2010-09-28 16:56 - 06551672 _____ () C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll 2013-06-27 01:42 - 2013-06-27 01:42 - 00257536 _____ () C:\Program Files\GitExtensions\GitExtensionsShellEx32.dll 2012-08-04 22:14 - 2012-08-04 22:14 - 00166400 _____ () C:\Program Files\KDiff3\diff_ext_for_kdiff3.dll 2013-10-08 14:22 - 2013-10-08 14:22 - 00794272 _____ () C:\Users\alysher\Google Drive\Core Temp.exe 2009-08-10 15:59 - 2009-08-10 15:59 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2009-08-10 15:59 - 2009-08-10 15:59 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2009-08-10 15:59 - 2009-08-10 15:59 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll 2013-05-16 18:27 - 2013-05-16 18:27 - 08151040 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe 2012-09-07 11:21 - 2012-09-07 11:21 - 00055808 _____ () C:\Program Files\FSP\FspLib.dll 2012-09-07 11:42 - 2012-09-07 11:42 - 00034816 _____ () C:\Program Files\FSP\KbdHook.dll 2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2013-09-03 19:13 - 2011-02-14 09:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe 2014-05-03 01:56 - 2014-04-23 18:52 - 00016384 _____ () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe 2014-05-03 01:56 - 2014-04-23 18:52 - 00033792 _____ () C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll 2014-05-03 01:56 - 2014-04-23 18:52 - 00015360 _____ () C:\Windows\Microsoft\System Update kb70007\Installer.dll 2013-10-21 19:19 - 2013-10-21 19:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-24 01:55 - 2014-01-24 01:55 - 00006144 _____ () C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\CoreTempReader.dll 2014-01-24 01:55 - 2014-01-24 01:55 - 00008704 _____ () C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\GetCoreTempInfoNET.dll 2014-01-24 01:55 - 2014-01-24 01:55 - 00007680 _____ () C:\Users\alysher\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SystemMonitorII.gadget\SystemInfo.dll 2013-09-03 22:15 - 2013-04-22 10:46 - 01054320 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe 2014-05-03 01:56 - 2014-05-11 23:04 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll 2014-05-11 23:04 - 2014-05-11 23:04 - 00098816 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32api.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00110080 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\pywintypes27.dll 2014-05-11 23:04 - 2014-05-11 23:04 - 00364544 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\pythoncom27.dll 2014-05-11 23:04 - 2014-05-11 23:04 - 00045568 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_socket.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 01159680 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_ssl.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00320512 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32com.shell.shell.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00713216 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_hashlib.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 01175040 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._core_.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00805888 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._gdi_.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00811008 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._windows_.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 01062400 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._controls_.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00735232 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._misc_.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00128512 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_elementtree.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00127488 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\pyexpat.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00557056 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\pysqlite2._sqlite.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00087552 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_ctypes.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00119808 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32file.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00108544 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32security.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00018432 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32event.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00038912 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32inet.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00070656 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._html2.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00167936 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32gui.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00011264 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32crypt.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00027136 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\_multiprocessing.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00122368 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._wizard.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00010240 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\select.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00024064 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32pipe.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00686080 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\unicodedata.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00025600 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32pdh.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00525640 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\windows._lib_cacheinvalidation.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00035840 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32process.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00017408 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32profile.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00022528 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\win32ts.pyd 2014-05-11 23:04 - 2014-05-11 23:04 - 00078336 _____ () C:\Users\alysher\AppData\Local\Temp\_MEI35042\wx._animate.pyd 2013-11-06 20:49 - 2010-09-28 16:53 - 00948496 _____ () C:\Program Files\Ipswitch\WS_FTP 12\LIBEAY32.dll 2013-11-06 20:49 - 2010-09-28 16:53 - 00153360 _____ () C:\Program Files\Ipswitch\WS_FTP 12\SSLEAY32.dll 2009-08-10 15:59 - 2009-08-10 15:59 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2014-05-01 22:47 - 2014-05-01 22:47 - 26118656 _____ () C:\Program Files\Battle.net\Battle.net.4511\libcef.dll 2014-05-01 22:47 - 2014-05-01 22:47 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.4511\libglesv2.dll 2014-05-01 22:47 - 2014-05-01 22:47 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.4511\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2014 11:04:43 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 11:03:09 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) (EventID: 1) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/11/2014 10:59:21 PM) (Source: Reinstaller) (User: ) (EventID: 0) Description: Service cannot be started. The service process could not connect to the service controller Error: (05/11/2014 10:59:11 PM) (Source: Reinstaller) (User: ) (EventID: 0) Description: Service cannot be started. The service process could not connect to the service controller Error: (05/11/2014 10:51:39 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 10982 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 10982 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/11/2014 10:38:06 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 9968 Error: (05/11/2014 10:38:06 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 9968 System errors: ============= Error: (05/11/2014 10:57:03 PM) (Source: Service Control Manager) (User: ) (EventID: 7034) Description: The System Update kb70007 service terminated unexpectedly. It has done this 1 time(s). Error: (05/11/2014 10:53:47 PM) (Source: ipnathlp) (User: ) (EventID: 31004) Description: 0 Error: (05/11/2014 10:48:46 PM) (Source: ipnathlp) (User: ) (EventID: 31004) Description: 0 Error: (05/11/2014 10:48:46 PM) (Source: ipnathlp) (User: ) (EventID: 31004) Description: 0 Error: (05/11/2014 10:48:44 PM) (Source: ipnathlp) (User: ) (EventID: 31004) Description: 0 Error: (05/11/2014 10:48:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7011) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (05/11/2014 09:46:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7034) Description: The System Update kb70007 service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (05/11/2014 11:04:43 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 11:03:09 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) (EventID: 1) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/11/2014 10:59:21 PM) (Source: Reinstaller) (User: ) (EventID: 0) Description: Service cannot be started. The service process could not connect to the service controller Error: (05/11/2014 10:59:11 PM) (Source: Reinstaller) (User: ) (EventID: 0) Description: Service cannot be started. The service process could not connect to the service controller Error: (05/11/2014 10:51:39 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 10982 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 10982 Error: (05/11/2014 10:38:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/11/2014 10:38:06 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 9968 Error: (05/11/2014 10:38:06 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 9968 CodeIntegrity Errors: =================================== Date: 2014-05-05 06:29:01.754 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:29:01.570 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:29:01.415 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:29:01.075 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:29:00.891 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:29:00.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:28:59.896 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_579c1b142ca53820\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:28:59.661 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_579c1b142ca53820\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:28:59.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_579c1b142ca53820\appidapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-05-05 06:28:59.054 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_579c1b142ca53820\appid.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3327.24 MB Available physical RAM: 1487.61 MB Total Pagefile: 6652.77 MB Available Pagefile: 4689.86 MB Total Virtual: 2047.88 MB Available Virtual: 1889.92 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:84.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA HD) (Fixed) (Total:298.09 GB) (Free:100.9 GB) NTFS Drive e: (JMAN) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4EE1FB05) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  • 0

#8
Alysher
Posted 11 May 2014 - 09:24 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
shortcut.txt Users shortcut scan result (x86) Version:11-05-2014 01 Ran by alysher at 2014-05-11 23:11:00 Running from C:\Users\alysher\Desktop Boot Mode: Normal ==================== Shortcuts ============================= Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk -> C:\Program Files\Sierra On-Line\sutil32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git Extensions.lnk -> C:\Program Files\GitExtensions\GitExtensions.exe (GitExtensions) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk -> C:\Program Files\ImgBurn\ImgBurn.exe (LIGHTNING UK!) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk -> C:\Windows\Installer\{2540D9B6-1D17-4D7B-972F-067FE5DC8C5A}\_9B10ED5F415A7C112067E5.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 17.5.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage\WinImage (administrator).lnk -> C:\Program Files\WinImage\winimage.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage\WinImage Ordering Web Page.lnk -> C:\Program Files\WinImage\order.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage\WinImage Web Site.lnk -> C:\Program Files\WinImage\winimage.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage\WinImage.lnk -> C:\Program Files\WinImage\winimage.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video File Format Converter.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Launch the configurator.lnk -> C:\Games\Myst IV - Revelation\bin\configurator\myst_detection.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Launch the updatelauncher.lnk -> C:\Games\Myst IV - Revelation\bin\updatelauncher\mystupdate.exe (UBISOFT) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Myst IV - Revelation.lnk -> C:\Games\Myst IV - Revelation\bin\Myst4.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Register Online.lnk -> C:\Games\Myst IV - Revelation\support\register\na\Regeng.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\View Lastest information (README.TXT).lnk -> C:\Games\Myst IV - Revelation\support\readme\english\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\View Manual (Adobe Acrobat Reader required).lnk -> C:\Games\Myst IV - Revelation\support\manual\english\manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Game Shadow®.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\gameshadowsetup.exe (Aardwork Software Ltd ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Myst V Detection Tool.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\DetectionTool\detectionui_r.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Myst V End of Ages.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\MystV.exe (Macromedia, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Myst V Game Manual.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Myst V Readme.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Uninstall Myst V.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\_uninst\uninstaller.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Manual.lnk -> C:\Games\Riven\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Riven Readme.lnk -> C:\Games\Riven\Readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Riven.lnk -> C:\Games\Riven\Riven.exe (Ubi Soft Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Uninstall.lnk -> C:\Program Files\InstallShield Installation Information\{D9577427-2D9D-4580-BDB3-FFDDE06A9554}\Setup.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Manual.lnk -> C:\Games\MystME\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Myst Masterpiece Edition Readme.lnk -> C:\Games\MystME\Readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Myst Masterpiece Edition.lnk -> C:\Games\MystME\Myst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Register Myst Masterpiece Edition.lnk -> C:\Games\MystME\UBI1.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Uninstall.lnk -> C:\Program Files\InstallShield Installation Information\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}\Setup.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Manual.lnk -> C:\Games\Myst III Exile\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Myst III Exile Readme.lnk -> C:\Games\Myst III Exile\Readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Myst III Exile.lnk -> C:\Games\Myst III Exile\bin\M3.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Uninstall.lnk -> C:\Program Files\InstallShield Installation Information\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}\Setup.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Control Manager\System Control Manager.lnk -> C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk -> C:\Games\Star Wars-The Old Republic\launcher.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic\SWTOR Customer Support.lnk -> C:\Games\Star Wars-The Old Republic\SWTOR Customer Support.url (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic\Uninstall Star Wars - The Old Republic.lnk -> C:\Program Files\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe (BioWare, LucasArts) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic\View License.lnk -> C:\Games\Star Wars-The Old Republic\EUALAs\EUALA_en.rtf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic\View Readme.lnk -> C:\Games\Star Wars-The Old Republic\readmes\readme_en.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Hellfire Information.lnk -> C:\Games\HELLFIRE\SIERRA\HELLFIRE\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Hellfire.lnk -> C:\Games\HELLFIRE\SIERRA\HELLFIRE\hellfire.exe (Synergistic Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Sierra Utilities.lnk -> C:\Program Files\Sierra On-Line\sutil32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Elite Force QuickStart Guide.lnk -> C:\Games\STVEF\Extras\Help\Quickst.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Readme.lnk -> C:\Games\STVEF\Extras\Help\Readme.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Register (Available in North America only).lnk -> C:\Games\STVEF\register.exe (Activision) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Star Trek Voyager Elite Force Holomatch.lnk -> C:\Games\STVEF\stvoyHM.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Star Trek Voyager Elite Force Single Player.lnk -> C:\Games\STVEF\stvoy.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\Activision Support.lnk -> C:\Games\STVEF\Extras\Activision Support.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\Activision Website.lnk -> C:\Games\STVEF\Extras\Activision.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\EarthLink.lnk -> C:\Games\STVEF\Extras\EarthLink.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\PlanetEliteForce.lnk -> C:\Games\STVEF\Extras\Planeteliteforce.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\Raven Software.lnk -> C:\Games\STVEF\Extras\Raven.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\ScreenThemes.lnk -> C:\Games\STVEF\Extras\ScreenThemes.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\StarTrek.com.lnk -> C:\Games\STVEF\Extras\StarTrek.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Web Links\Wildstorm Comics.lnk -> C:\Games\STVEF\Extras\Wildstorm.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Elite Force Help\Elite Force Help Documents.lnk -> C:\Games\STVEF\Extras\Help\Help\Default.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Elite Force Help\Elite Force Manual.lnk -> C:\Games\STVEF\Extras\Help\Help\Manual\Default.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Elite Force Expansion Pack Manual.lnk -> C:\Games\STVEF\EForceXP\Extras\Help\Manual.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Readme (HTML).lnk -> C:\Games\STVEF\EForceXP\Extras\Help\Help\readme.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Readme (TEXT).lnk -> C:\Games\STVEF\EForceXP\Extras\Help\readme.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Register (Available in North America only).lnk -> C:\Games\STVEF\EForceXP\register.exe (Activision) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Star Trek Voyager Elite Force Holomatch.lnk -> C:\Games\STVEF\stvoyHM.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Star Trek Voyager Elite Force Single Player.lnk -> C:\Games\STVEF\stvoy.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\Activision Support.lnk -> C:\Games\STVEF\EForceXP\Extras\Activision Support.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\Activision Website.lnk -> C:\Games\STVEF\EForceXP\Extras\Activision.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\EarthLink.lnk -> C:\Games\STVEF\EForceXP\Extras\EarthLink.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\Gaming.StarTrek.com.lnk -> C:\Games\STVEF\EForceXP\Extras\gaming.startrek.com.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\PlanetEliteForce.lnk -> C:\Games\STVEF\EForceXP\Extras\Planeteliteforce.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\Raven Software.lnk -> C:\Games\STVEF\EForceXP\Extras\Raven.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\ScreenThemes.lnk -> C:\Games\STVEF\EForceXP\Extras\ScreenThemes.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\StarTrek.com.lnk -> C:\Games\STVEF\EForceXP\Extras\StarTrek.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Web Links\Wildstorm Comics.lnk -> C:\Games\STVEF\EForceXP\Extras\Wildstorm.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadioComm\RadioComm v11.11.11.lnk -> C:\Program Files\RadioComm\RadioComm v11.11.11\RadioComm.exe (Motorola) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\Display Capture.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_7250EB0E612024401B6224.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\DM Proxy Win.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_52FEA6B33544B42B5724A1.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\EFS Explorer.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_5FAD5BC38A18DBF0503680.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\eMMC Software Download.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_7E9C90ABBC2417D15D2437.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\Factory Test Mode Application.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_58879A50531CBB8E2AC5C2.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\Memory Debug App.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_223AD2D4F93329446E34F8.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\QCNView.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_A3F8F0829C3B40CFE359EB.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\QPST Configuration.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_02D23141D4F115019DBA16.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\QPST User Guide.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_631F9FFEA7FE1FB6DBE891.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\RF NV Item Manager.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_06070E151264217F1DE6E1.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\RL Editor.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_FD06D479081E2D6E0C3381.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\Service Programming.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_68BB18A7663D64995A26F6.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\Software Download.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_BBF6B262C716B89D8AA95B.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST\WLAN Editor.lnk -> C:\Windows\Installer\{E5369F4D-3683-4CA2-9619-84506B182F1C}\_D8C358578EF34741BE2B85.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android\PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android\Uninstall PdaNet.lnk -> C:\Program Files\PdaNet for Android\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk -> C:\Program Files\Oracle\VirtualBox\License_en_US.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk -> C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Uninstall OpenSSL.lnk -> C:\OpenSSL-Win32\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Win32 OpenSSL Documentation.lnk -> C:\OpenSSL-Win32\OpenSSLhelp.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe (NVIDIA) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Control Panel\Control Panel.lnk -> C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe (NVIDIA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager\Motorola Device Manager.lnk -> C:\Windows\Installer\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}\_EED70B3E82A514A7A6E8F1.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express\Microsoft Visual C++ 2010 Express.lnk -> C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Fable - The Lost Chapters\Fable - The Lost Chapters on the Web.lnk -> C:\Program Files\Microsoft Games\Fable - The Lost Chapters\Fable Web.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Fable - The Lost Chapters\Fable - The Lost Chapters.lnk -> C:\Program Files\Microsoft Games\Fable - The Lost Chapters\Fable.exe (Lionhead) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Fable - The Lost Chapters\Read Me.lnk -> C:\Program Files\Microsoft Games\Fable - The Lost Chapters\Readme.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO\MagicISO Help.lnk -> C:\Program Files\MagicISO\MagicISO.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO\MagicISO.lnk -> C:\Program Files\MagicISO\MagicISO.exe (MagicISO, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO\Uninstall.lnk -> C:\Program Files\MagicISO\UNWISE.EXE () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\Uninstall MagicDisc.lnk -> C:\Program Files\MagicDisc\UNWISE.EXE () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\ Star Wars Knights of the Old Republic II - The Sith Lords.lnk -> C:\Games\SWKotOR2\launcher.exe (Obsidian Entertainment, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\ Update Star Wars Knights of the Old Republic II - The Sith Lords.lnk -> C:\Games\SWKotOR2\swupdate.exe (Obsidian Entertainment, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Uninstall Star Wars Knights of the Old Republic II - The Sith Lords.lnk -> C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Web Links\Visit the LucasArts Support Home Page.lnk -> C:\Games\SWKotOR2\Links\LucasArts Support.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Web Links\Visit the LucasArts Web Page.lnk -> C:\Games\SWKotOR2\Links\LucasArts.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Web Links\Visit the Obsidian Forums.lnk -> C:\Games\SWKotOR2\Links\Obsidian Forums.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Web Links\Visit the Obsidian Web Page.lnk -> C:\Games\SWKotOR2\Links\Obsidian.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Documents\End-user License Agreement.lnk -> C:\Games\SWKotOR2\Docs\EULA.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Documents\Manual.lnk -> C:\Games\SWKotOR2\Docs\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Documents\Readme.txt.lnk -> C:\Games\SWKotOR2\Docs\Readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\Documents\Trouble Shooting Guide.lnk -> C:\Games\SWKotOR2\Docs\Troubleshooting Guide.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\ Update Star Wars Knights of the Old Republic.lnk -> C:\Games\SWKotOR\swupdate.exe (BioWare Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\EULA.txt.lnk -> C:\Games\SWKotOR\docs\EULA.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\ReadMe-KotOR.txt.lnk -> C:\Games\SWKotOR\docs\ReadMe-KotOR.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\Star Wars Knights of the Old Republic Troubleshooting Guide.lnk -> C:\Games\SWKotOR\docs\KotOR Troubleshooting.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\Uninstall Star Wars Knights of the Old Republic.lnk -> C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe (InstallShield Software Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logon Screen Rotator\Logon Screen Rotator.lnk -> C:\Program Files\Logon Screen Rotator\Logon Screen Rotator.exe (Luke Payne) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\KotOR I Global Templates.lnk -> C:\Program Files\Kotor Tool\Global Templates\K1 () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\KotOR II Global Templates.lnk -> C:\Program Files\Kotor Tool\Global Templates\K2 () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\Kotor Tool Help.lnk -> C:\Program Files\Kotor Tool\KT_help.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\Kotor Tool.lnk -> C:\Program Files\Kotor Tool\kotor_tool.exe (SCM) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\Maps.lnk -> C:\Program Files\Kotor Tool\Maps () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotor Tool\Uninstall.lnk -> C:\Program Files\Kotor Tool\uninstall.exe (SCM) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\Diff-Ext License.lnk -> C:\Program Files\KDiff3\DIFF-EXT-LICENSE.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\Documentation.lnk -> C:\Program Files\KDiff3\doc\index.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\GPL.lnk -> C:\Program Files\KDiff3\COPYING.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\KDiff3.lnk -> C:\Program Files\KDiff3\kdiff3.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\Readme.lnk -> C:\Program Files\KDiff3\README_WIN.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3\Uninstall.lnk -> C:\Program Files\KDiff3\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files\K-Lite Codec Pack\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files\K-Lite Codec Pack\Info\faq.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP 12\Ipswitch WS_FTP 12 Release Notes.lnk -> C:\Program Files\Ipswitch\WS_FTP 12\English\index.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP 12\Ipswitch WS_FTP 12.lnk -> C:\Program Files\Ipswitch\WS_FTP 12\wsftpgui.exe (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP 12\WS_FTP Upload Wizard.lnk -> C:\Program Files\Ipswitch\WS_FTP 12\UpWiz.exe (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn Read Me.lnk -> C:\Program Files\ImgBurn\ReadMe.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn.lnk -> C:\Program Files\ImgBurn\ImgBurn.exe (LIGHTNING UK!) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\Uninstall.lnk -> C:\Program Files\ImgBurn\uninstall.exe (LIGHTNING UK!) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Uninstall Win32DiskImager.lnk -> C:\Program Files\ImageWriter\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager.lnk -> C:\Program Files\ImageWriter\Win32DiskImager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor\Changelog.lnk -> C:\Program Files\HxD\changelog.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor\HxD.lnk -> C:\Program Files\HxD\HxD.exe (Maël Hörz) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor\License.lnk -> C:\Program Files\HxD\license.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor\Readme.lnk -> C:\Program Files\HxD\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunter Hunted\Hunter Hunted.lnk -> C:\Games\Hunter Hunted\Hunter.exe (Sierra Online, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunter Hunted\Uninstall Hunter Hunted.lnk -> C:\Games\Hunter Hunted\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor\Hero Editor V1.03.LNK -> C:\Program Files\Hero Editor\Hero Editor.exe (home) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeidiSQL\HeidiSQL.lnk -> C:\Program Files\HeidiSQL\heidisql.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeidiSQL\Readme file.lnk -> C:\Program Files\HeidiSQL\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (HandBrake) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Uninstall.lnk -> C:\Program Files\Handbrake\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot\Greenshot.lnk -> C:\Program Files\Greenshot\Greenshot.exe (Greenshot) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot\License.txt.lnk -> C:\Program Files\Greenshot\license.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot\Readme.txt.lnk -> C:\Program Files\Greenshot\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot\Uninstall Greenshot.lnk -> C:\Program Files\Greenshot\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe (Google) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR\FreeOCR.lnk -> C:\FreeOCR\FreeOCR.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR\Uninstall FreeOCR.lnk -> C:\FreeOCR\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0\EaseUS Partition Master 9.3.0.lnk -> C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EPMStartLoader.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0\Uninstall EaseUS Partition Master 9.3.0.lnk -> C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Alice Madness Returns\Alice Madness Returns.lnk -> C:\Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe (Electronic Arts, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Alice Madness Returns\Uninstall Alice Madness Returns.lnk -> C:\Games\Alice Madness Returns\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler\DVDStyler.lnk -> C:\Program Files\DVDStyler\bin\DVDStyler.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler\Uninstall DVDStyler.lnk -> C:\Program Files\DVDStyler\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74 Manual.lnk -> C:\Program Files\DOSBox-0.74\Documentation\README.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Uninstall.lnk -> C:\Program Files\DOSBox-0.74\uninstall.exe (DOSBox Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Video instructions.lnk -> C:\Program Files\DOSBox-0.74\Video Codec\Video Instructions.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> C:\Games\Diablo III\BattlenetAccount.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> C:\Games\Diablo III\TechSupport.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> C:\Games\Diablo III\Manual.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Games\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk -> C:\Games\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II Uninstall.lnk -> C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Register Diablo II - Lord of Destruction.lnk -> C:\Games\Diablo II\Register Diablo II.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Video Test.lnk -> C:\Games\Diablo II\D2VidTst.exe (Blizzard North) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo\Diablo.lnk -> C:\Games\Diablo\Diablo.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo\Readme.lnk -> C:\Games\Diablo\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo\Uninstall.lnk -> C:\Windows\diabunin.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFS\DFS.lnk -> C:\Program Files\Telecom Logic\DFS\DFS.exe (Telecom Logic) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFS\Uninstall DFS.lnk -> C:\Program Files\Telecom Logic\DFS\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D01 MicroApps\Boot Animation Factory\Boot Animation Factory.lnk -> C:\Windows\Installer\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}\Boot_Animation_Fac_F56F4B1B31BF4E1AA292C802B8ED47CD.exe (Acresso Software Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake (cmake-gui).lnk -> C:\Program Files\CMake 2.8\bin\cmake-gui.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake Commands Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cmake-commands.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cmake.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake Modules Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cmake-modules.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake Properties and Variables Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cmake-properties.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\cmake-gui Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cmake-gui.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CPack Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\cpack.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CTest Help.lnk -> C:\Program Files\CMake 2.8\doc\cmake-2.8\ctest.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\Uninstall.lnk -> C:\Program Files\CMake 2.8\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk -> C:\Program Files\Calibre2\ebook-viewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Edit E-book.lnk -> C:\Program Files\Calibre2\ebook-edit.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk -> C:\Program Files\Calibre2\lrfviewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility\Bulk Rename Utility.lnk -> C:\Program Files\Bulk Rename Utility\Bulk Rename Utility.exe (TGRMN Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility\Help File.lnk -> C:\Program Files\Bulk Rename Utility\Bulk Rename Utility.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\American McGee's Alice™.lnk -> C:\Games\American McGee's Alice\alice.exe (Rogue Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\EA Help.lnk -> C:\Games\American McGee's Alice\eReg\en-us_eahelp.hlp () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\EAsy Info.lnk -> C:\Games\American McGee's Alice\eReg\American McGee's Alice_EZ.exe (Electronic Arts) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Read Me.lnk -> C:\Games\American McGee's Alice\eReg\Readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Register Alice.lnk -> C:\Games\American McGee's Alice\eReg\American McGee's Alice_eReg.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\microsoft shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm () Shortcut: C:\Users\alysher\Links\Desktop.lnk -> C:\Users\alysher\Desktop () Shortcut: C:\Users\alysher\Links\Downloads.lnk -> C:\Users\alysher\Downloads () Shortcut: C:\Users\alysher\Links\Google Drive.lnk -> C:\Users\alysher\Google Drive () Shortcut: C:\Users\alysher\Desktop\Download Express Projects list.lnk -> C:\Program Files\Download Express\projectslist.exe (MetaProducts corp.) Shortcut: C:\Users\alysher\Desktop\DVDStyler.lnk -> C:\Program Files\DVDStyler\bin\DVDStyler.exe () Shortcut: C:\Users\alysher\Desktop\ePSXe.exe - Shortcut.lnk -> C:\Users\alysher\Downloads\epsxe\ePSXe.exe () Shortcut: C:\Users\alysher\Desktop\FreeOCR.lnk -> C:\FreeOCR\FreeOCR.exe () Shortcut: C:\Users\alysher\Desktop\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (HandBrake) Shortcut: C:\Users\alysher\Desktop\Launch Phone Flashing.lnk -> C:\Program Files\Magical Phones\Updater.exe (Flashing Tools) Shortcut: C:\Users\alysher\Desktop\PFPortChecker.lnk -> C:\Program Files\PFPortChecker\PFPortChecker.exe (portforward.com) Shortcut: C:\Users\alysher\Desktop\Star Trek Elite Force II.lnk -> C:\Program Files\Activision\EF2\EF2.exe (Ritual Entertainment) Shortcut: C:\Users\alysher\Desktop\Windows 7 USB DVD Download Tool.lnk -> C:\Users\alysher\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\Desktop\World Of Warcraft - MoP.lnk -> C:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Windows 7 USB DVD Download Tool.lnk -> C:\Users\alysher\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Play Star Trek Elite Force II.lnk -> C:\Program Files\Activision\EF2\EF2.exe (Ritual Entertainment) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Update Star Trek Elite Force II.lnk -> C:\Program Files\Activision\EF2\WiseUpdt.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Star Trek Elite Force II Help\Help Documents.lnk -> C:\Program Files\Activision\EF2\Docs\Help\index.htm () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Star Trek Elite Force II Help\Readme.lnk -> C:\Program Files\Activision\EF2\Docs\readme.rtf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (Deutsch).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_gm.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (Español).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_sp.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (Français).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_fr.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (Italiano).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_it.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (UK).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_uk.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Elite Force II Manuals\Manual.pdf (US).lnk -> C:\Program Files\Activision\EF2\Docs\Help\Manual\manual_us.pdf () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com\PFPortChecker\PFPortChecker.lnk -> C:\Program Files\PFPortChecker\PFPortChecker.exe (portforward.com) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com\PFPortChecker\Uninstall.lnk -> C:\Program Files\PFPortChecker\uninst.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Download Express Projects list.lnk -> C:\Program Files\Download Express\projectslist.exe (MetaProducts corp.) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Help online.lnk -> C:\Program Files\Download Express\manual.url () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\MetaProducts Web site.lnk -> C:\Program Files\Download Express\homepage.url () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Technical Support.lnk -> C:\Program Files\Download Express\support.url () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\6mws21ww.exe from download.lenovo.com.lnk -> G:\thinkpad drivers\wifi\6mws21ww.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\8awj15ww.exe from download.lenovo.com.lnk -> G:\thinkpad drivers\wifi\8awj15ww.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\96601bec350a62b3083a86270fcdfc7a359fbe72.USER_L710_SPR_MK3_to_ND8_Update_FWD.zip from android.clients.google.com.lnk -> F:\96601bec350a62b3083a86270fcdfc7a359fbe72.USER_L710_SPR_MK3_to_ND8_Update_FWD.zip.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\avast_free_antivirus_setup.exe from software-files-a.cnet.com.lnk -> G:\avast_free_antivirus_setup.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\grw208ww_32.exe from download.lenovo.com.lnk -> G:\thinkpad drivers\wifi\grw208ww_32.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\sp57090.exe from ftp.hp.com.lnk -> C:\Users\alysher\Desktop\sp57090.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\sp58693.exe from ftp.hp.com.lnk -> C:\Users\alysher\Desktop\sp58693.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Incomplete Downloads\Win32DiskImager-0.9.5-install.exe from softlayer-dal.dl.sourceforge.net.lnk -> C:\Users\alysher\Desktop\Win32DiskImager-0.9.5-install.exe.DE (No File) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magical Phones\Launch Phone Flashing.lnk -> C:\Program Files\Magical Phones\Updater.exe (Flashing Tools) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod\Helium.lnk -> C:\Users\alysher\AppData\Roaming\Microsoft\Installer\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}\_D751D9D775A8FD8178CCB6.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker\RAD Video Tools.lnk -> C:\Program Files\RADVideo\radvideo.exe (RAD Game Tools, Inc.) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker\Uninstall.lnk -> C:\Program Files\RADVideo\uninstall.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\SendTo\KDiff3.lnk -> C:\Program Files\KDiff3\kdiff3.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Partition Master 9.3.0.lnk -> C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EPMStartLoader.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HxD.lnk -> C:\Program Files\HxD\HxD.exe (Maël Hörz) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KDiff3.lnk -> C:\Program Files\KDiff3\kdiff3.exe () Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PortableApps.com Platform.lnk -> C:\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Star Wars - The Old Republic.lnk -> D:\Star Wars-The Old Republic\launcher.exe (BioWare) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DFS.lnk -> C:\Program Files\Telecom Logic\DFS\DFS.exe (Telecom Logic) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Drive.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe (Google) Shortcut: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{FD871641-89C4-46A5-8F15-8FCA572D74C0}\PlayTasks\0\Play.lnk -> C:\Games\Descent3\Descent 3.exe () Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{FA073E82-769A-40F4-8306-606F5A671ADD}\PlayTasks\0\Play.lnk -> C:\Games\STVEF\stvoy.exe () Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{EBAD457D-2A43-4E06-A5D1-E06B17B27930}\PlayTasks\0\Play.lnk -> C:\Program Files\Microsoft Games\Fable - The Lost Chapters\Fable.exe (Lionhead) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{E1F78919-4A4B-45B9-B8EB-0908252040E8}\PlayTasks\0\Play.lnk -> C:\Games\Hunter Hunted\Hunter.exe (Sierra Online, Inc.) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{BE2A345F-67A3-4CB3-BEAA-15FF666F0853}\PlayTasks\0\Play.lnk -> C:\Games\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{A5D7C662-485F-4708-83F4-31617D82CAE5}\PlayTasks\0\Play.lnk -> C:\Games\Myst IV - Revelation\bin\Myst4.exe () Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{8DF04000-2DF7-4EE4-981A-1C55C0E28C4B}\PlayTasks\0\Play.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\MystV.exe (Macromedia, Inc.) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{8DEECC11-59C9-40FD-BDCB-ABC77C18ADCC}\PlayTasks\0\Play.lnk -> C:\Games\Diablo\Diablo.exe (Blizzard Entertainment) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{7114406F-607F-43ED-A4CC-78DADC42E4E5}\PlayTasks\0\Play.lnk -> C:\Games\SWKotOR\launcher.exe (BioWare Corp.) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{3BEA8038-C2DC-4378-9E93-B1A2A05ACBE0}\PlayTasks\0\Play.lnk -> C:\Program Files\Activision\EF2\EF2.exe (Ritual Entertainment) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{30FBA509-01FA-4CDD-ADFE-29E70C95B9F5}\PlayTasks\0\Play.lnk -> C:\Games\SWKotOR2\launcher.exe (Obsidian Entertainment, Inc.) Shortcut: C:\Users\alysher\AppData\Local\Microsoft\Windows\GameExplorer\{226B8AF8-01C3-44F9-B51B-2C37DC0163B1}\PlayTasks\0\Play.lnk -> C:\Games\American McGee's Alice\alice.exe (Rogue Entertainment) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Alice Madness Returns.lnk -> C:\Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe (Electronic Arts, Inc.) Shortcut: C:\Users\Public\Desktop\American McGee's Alice™.lnk -> C:\Games\American McGee's Alice\alice.exe (Rogue Entertainment) Shortcut: C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\Boot Animation Factory.lnk -> C:\Windows\Installer\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}\Boot_Animation_Fac_BE221E93DD994D29B5BF133EDEEA5EA5.exe (Acresso Software Inc.) Shortcut: C:\Users\Public\Desktop\calibre - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe () Shortcut: C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk -> C:\Games\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Games\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk -> C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EPMStartLoader.exe () Shortcut: C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk -> C:\Program Files\Microsoft Games\Fable - The Lost Chapters\Fable.exe (Lionhead) Shortcut: C:\Users\Public\Desktop\ImgBurn.lnk -> C:\Program Files\ImgBurn\ImgBurn.exe (LIGHTNING UK!) Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Myst IV - Revelation.lnk -> C:\Games\Myst IV - Revelation\bin\Myst4.exe () Shortcut: C:\Users\Public\Desktop\Myst V End of Ages.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\MystV.exe (Macromedia, Inc.) Shortcut: C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Shortcut: C:\Users\Public\Desktop\Prism Video File Converter.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\RSD Lite.lnk -> C:\Windows\Installer\{2540D9B6-1D17-4D7B-972F-067FE5DC8C5A}\_079544008B11A76D12C5A2.exe () Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe () Shortcut: C:\Users\Public\Desktop\Star Trek Voyager Elite Force Single Player.lnk -> C:\Games\STVEF\stvoy.exe () Shortcut: C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk -> D:\Star Wars-The Old Republic\launcher.exe (BioWare) Shortcut: C:\Users\Public\Desktop\TeamViewer 9.lnk -> C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) Shortcut: C:\Users\Public\Desktop\Win32DiskImager.lnk -> C:\Program Files\ImageWriter\Win32DiskImager.exe () Shortcut: C:\Users\Public\Desktop\WinImage (administrator).lnk -> C:\Program Files\WinImage\winimage.exe () Shortcut: C:\Users\Public\Desktop\WinImage.lnk -> C:\Program Files\WinImage\winimage.exe () Shortcut: C:\Users\Public\Desktop\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Documentation.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.openssl.org/docs/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Website.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.openssl.org/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Win32 OpenSSL Website.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.slproweb.com/products/Win32OpenSSL.html ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage\WinImage Uninstall.lnk -> C:\Program Files\WinImage\winimage.exe () -> /uninstall ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Slideshow Creator Software.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) -> -extfind PhotoStage ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Capture Software.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) -> -extfind Debut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Streaming Server.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) -> -extfind BroadCam ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Tape to DVD Converter.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) -> -extfind GoldenVideos ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\VideoPad Video Editor.lnk -> C:\Program Files\NCH Software\Prism\prism.exe (NCH Software) -> -extfind VideoPad ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Uninstall Myst IV - Revelation.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\CyanWorlds\Myst V\Register Myst V.lnk -> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\register\RegistrationReminder.exe () -> -l english -g Myst V: End of Ages -c us -i 2271 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Register Riven.lnk -> C:\Games\Riven\UBI1.exe (Leader Technologies/Ubisoft) -> /PRNM="Riven" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Register Myst III Exile.lnk -> C:\Games\Myst III Exile\bin\UBI1.exe (Leader Technologies/Ubisoft) -> /PRNM="Myst III Exile" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Control Manager\Uninstall System Control Manager.lnk -> C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0009 -removeonly ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\Star Trek Voyager Elite Force\Uninstall Star Trek Voyager Elite Force.lnk -> C:\Windows\IsUninst.exe (InstallShield Software Corporation) -> -fc:\games\stvef\Ef.isu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raven Software\EForceXP\Uninstall Star Trek Voyager Elite Force Expansion.lnk -> C:\Windows\IsUninst.exe (InstallShield Software Corporation) -> -fc:\games\stvef\Ef.isu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android\Install Legacy Network Driver.lnk -> C:\Program Files\PdaNet for Android\drvins.exe (June Fabrics Technology Inc.) -> /modem ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android\Reinstall PdaNet to Phone.lnk -> C:\Program Files\PdaNet for Android\drvins.exe (June Fabrics Technology Inc.) -> /dd 1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Control Panel\Networking.lnk -> C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe (NVIDIA Corporation) -> /page:{687512A9-60CB-4748-8E3F-5B2D71E96F41} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL\MySQL Server 5.5\MySQL 5.5 Command Line Client.lnk -> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysql.exe () -> "--defaults-file=C:\Program Files\MySQL\MySQL Server 5.5\my.ini" "-uroot" "-p" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express\Visual Studio Command Prompt (2010).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"" x86 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Fable - The Lost Chapters\Uninstall Fable - The Lost Chapters.lnk -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe (Macrovision Corporation) -> /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO\Magic CD & DVD Burner.lnk -> C:\Program Files\MagicISO\MagicISO.exe (MagicISO, Inc.) -> /cdburner ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic\ Star Wars Knights of the Old Republic.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C start "SWKOTOR" /D "C:\Games\SWKotOR" /high /affinity 1 "C:\Games\SWKotoR\swkotor.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax",Configure ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /resetsettings ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP 12\Manage WS_FTP 12 License.lnk -> C:\Program Files\Ipswitch\WS_FTP 12\ipsactive.exe (Ipswitch Incorporated) -> /rrn 1328 /pd "WS_FTP LE" /lo "C:\ProgramData\Ipswitch\WS_FTP\license.txt" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP 12\View WS_FTP 12 License.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> "C:\Program Files\Ipswitch\WS_FTP 12\EULA.TXT" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Driver\Uninstall HTC Driver.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {6D6664A9-3342-4948-9B7E-034EFE366F0F} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe (Google) -> --new_document ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe (Google) -> --new_spreadsheet ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe (Google) -> --new_presentation ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git Bash.lnk -> C:\Program Files\Git\bin\sh.exe () -> --login -i ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git GUI.lnk -> C:\Program Files\Git\bin\wish.exe (ActiveState Corporation) -> "C:\Program Files\Git\libexec\git-core\git-gui" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -userconf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\DOSBox 0.74 Options.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -editconf notepad.exe -editconf "%SystemRoot%\system32\notepad.exe" -editconf "%WINDIR%\notepad.exe" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset KeyMapper.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -erasemapper ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset Options.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -eraseconf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\DOSBox 0.74 (noconsole).lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -noconsole -userconf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Screenshots & Recordings.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -opencaptures explorer.exe ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Install movie codec.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\DOSBox-0.74\Video Codec\zmbv.inf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin\Cygwin Terminal.lnk -> C:\cygwin\bin\mintty.exe (Andy Koppe) -> -i /Cygwin-Terminal.ico - ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Uninstall Alice.lnk -> C:\Program Files\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe (InstallShield Software Corporation) -> -uninst ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Uninstall Windows 7 USB DVD Download Tool.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {CCF298AF-9CE1-4B26-B251-486E98A34789} ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Play Star Trek Elite Force II (Safe Mode).lnk -> C:\Program Files\Activision\EF2\EF2.exe (Ritual Entertainment) -> +safe ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Trek Elite Force II\Uninstall Star Trek Elite Force II.lnk -> C:\Program Files\Activision\EF2\Uninstall\UNWISE.EXE () -> /u install.log ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\About Download Express.lnk -> C:\Program Files\Download Express\dep.exe (MetaProducts corp.) -> /About ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Download Express Options.lnk -> C:\Program Files\Download Express\dep.exe (MetaProducts corp.) -> /Options ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Register Download Express.lnk -> C:\Program Files\Download Express\dep.exe (MetaProducts corp.) -> /AboutReg ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express\Uninstall Download Express.lnk -> C:\Program Files\Download Express\dep.exe (MetaProducts corp.) -> /UnInstall ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto ShortcutWithArgument: C:\Users\alysher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto ShortcutWithArgument: C:\Users\Public\Desktop\DOSBox 0.74.lnk -> C:\Program Files\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -userconf InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Visit Myst IV - Revelation.url -> hxxp://www.mystrevelation.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT\Myst IV - Revelation\Visit UBISOFT.url -> hxxp://www.ubisoft.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Cyan web site.url -> hxxp://www.cyanworlds.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Riven\Ubi Soft web site.url -> hxxp://www.ubi.com/us/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Cyan web site.url -> hxxp://www.cyanworlds.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst Masterpiece Edition\Ubi Soft web site.url -> hxxp://www.ubi.com/us/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Cyan web site.url -> hxxp://www.cyanworlds.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft\Myst III Exile\Ubi Soft web site.url -> hxxp://www.ubi.com/us/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Sierra Web Site.URL -> hxxp://www.sierra.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express\Try Visual Studio 2010 Professional.url -> hxxp://go.microsoft.com/fwlink/?LinkId=166206&clcid=409 InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logon Screen Rotator\Logon Screen Rotator on the Web.url -> hxxp://www.lukepaynesoftware.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager on the Web.url -> hxxp://win32diskimager.sourceforge.net InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor\Website.url -> hxxp://mh-nexus.de/hxd/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0\EaseUS Partition Master 9.3.0 Help.url -> hxxp://www.partition-tool.com/easeus-partition-manager/manual.htm InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0\Visit EaseUS on the Web.url -> hxxp://www.partition-tool.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler\DVDStyler on the Web.url -> hxxp://www.dvdstyler.org/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFS\DFS on the Web.url -> hxxp://www.cdmatool.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 2.8\CMake Web Site.url -> hxxp://www.cmake.org InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Get Involved.url -> hxxp://calibre-ebook.com/get-involved InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\User Manual.url -> hxxp://manual.calibre-ebook.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Gameplay Help.url -> C:\Games\American McGee's Alice\tutorial\manual.html InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Web Resources\Alice's Home Page.url -> hxxp://www.alice.ea.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Web Resources\EA Games.url -> hxxp://www.eagames.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Web Resources\OpenGL Setup.url -> hxxp://www.glsetup.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American McGee's Alice\Web Resources\Rogue Entertainment.url -> hxxp://www.rogue-ent.com InternetURL: C:\Users\alysher\Google Drive\Roms\Project64K v0.13\Docs\FAQ.URL -> hxxp://www.smiff.clara.net/emulators/pj64/help.htm InternetURL: C:\Users\alysher\Google Drive\Roms\Project64K v0.13\Docs\Known Issues.url -> hxxp://www.smiff.clara.net/emulators/pj64/issues.htm InternetURL: C:\Users\alysher\Google Drive\Roms\Project64K v0.13\Docs\Project64 Message Board.url -> hxxp://www.emutalk.net/forumdisplay.php?s=&forumid=6 InternetURL: C:\Users\alysher\Google Drive\Roms\Project64K v0.13\Docs\N-Rage\N-Rage Plugin Website.url -> hxxp://go.to/nrage InternetURL: C:\Users\alysher\Google Drive\Roms\Project64\Docs\Project64 Message Board.url -> hxxp://www.emutalk.net/forumdisplay.php?s=&forumid=6 InternetURL: C:\Users\alysher\Google Drive\Roms\Project64\Docs\3rd Party Plugins\N-Rage\Homepage.url -> hxxp://go.to/nrage InternetURL: C:\Users\alysher\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172 InternetURL: C:\Users\alysher\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\alysher\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925 InternetURL: C:\Users\alysher\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\alysher\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\alysher\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\alysher\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661 InternetURL: C:\Users\alysher\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424 InternetURL: C:\Users\alysher\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920 InternetURL: C:\Users\alysher\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\alysher\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792 InternetURL: C:\Users\alysher\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791 InternetURL: C:\Users\alysher\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice InternetURL: C:\Users\alysher\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse\Curse Client online support.url -> hxxp://clientsupport.curse.com/ ==================== End of log =============================
  • 0

#9
Alysher
Posted 11 May 2014 - 09:26 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
guess ive got a new symptom....cant click the post button on this website, and the wordwrap issue here on the forums...unless its something to do with the website.
  • 0

#10
JSntgRvr
Posted 11 May 2014 - 09:29 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Attach the reports instead.


  • 0

Advertisements

#11
Alysher
Posted 11 May 2014 - 10:00 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

ive switched to my destop to post...the attach files button would attach the files, but for some reason they wouldnt upload.

 

frst txt here: attaching addition and shortcut

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by alysher (administrator) on NEO-LAPTOP on 11-05-2014 23:08:44
Running from C:\Users\alysher\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\alysher\Google Drive\Core Temp.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
() C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wowhead) C:\Users\alysher\Downloads\Wowhead_Client.exe
(Akamai Technologies, Inc.) C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe
(Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.4511\Battle.net.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-07] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4958720 2012-09-07] (Sentelic Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2482176 2010-10-08] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-02] (AVAST Software)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Wowhead_Client] => C:\Users\alysher\Downloads\Wowhead_Client.exe [454656 2012-10-24] (Wowhead)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Battle.net] => C:\Program Files\Battle.net\Battle.net Launcher.exe [2886704 2014-04-10] (Blizzard Entertainment)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Akamai NetSession Interface] => C:\Users\alysher\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\Run: [Facebook Update] => C:\Users\alysher\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-22] (Facebook Inc.)
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {1eae0584-087a-11e3-a65d-08002700004d} - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {23fa8900-14e3-11e3-ad5c-08002700004d} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {23fa8909-14e3-11e3-ad5c-08002700004d} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {5c8d3f79-5c73-11e3-a6d0-0021857ce048} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {681d1035-1114-11e3-aa04-08002700004d} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {681d1052-1114-11e3-aa04-08002700004d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {9166d002-67ff-11e3-8021-0021857ce048} - G:\LGAutoRun.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {a0126b2f-f1e2-11e2-865f-8456d03ebaff} - E:\jmsetup.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {c77123cd-25e7-11e3-a13f-08002700004d} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-3586769609-3811868919-1413454730-1001\...\MountPoints2: {d836e790-14c0-11e3-8933-40618619494b} - F:\TL-Bootstrap.exe
Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\alysher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70072F7BBA85CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0FB87B84-9C0C-4C78-A26B-CB35DD6E6B7D} URL = https://www.google.c...q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} http://192.168.1.66/speco_control.cab
DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} http://192.168.1.66/...o_webviewer.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default
FF Homepage: https://www.google.com/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\alysher\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: S3.Download Statusbar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\[email protected] [2014-05-11]
FF Extension: All-in-One Sidebar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-05-11]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2014-05-11]
FF Extension: MetaProducts Integration - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2013-09-03]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\alysher\AppData\Roaming\Mozilla\Firefox\Profiles\nxft0yq4.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2014-05-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-20]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-24] (BitRaider, LLC)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8917 2013-07-21] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-09] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] ()

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-05-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-02] ()
S3 BRDriver; C:\ProgramData\BitRaider\BRDriver.sys [64808 2014-01-24] (BitRaider)
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [55808 2012-09-07] (Sentelic Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2013-03-19] (Motorola Inc)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
S3 sshpmdm; C:\Windows\System32\DRIVERS\mbtusbser.sys [74752 2012-06-27] (Schunid)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [21504 2012-06-27] ()
S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [16128 2012-06-27] (Via Telecom, Inc.)
S3 XPAD; C:\Windows\System32\DRIVERS\xpad.sys [21024 2007-09-13] (Beijing WiseGrup.,Ltd (gamepad.yeah.net))
R3 ALSysIO; \??\C:\Users\alysher\AppData\Local\Temp\ALSysIO.sys [X]
S3 C771BUS; system32\DRIVERS\C771BUS.sys [X]
S3 C771VSP; system32\DRIVERS\C771VSP.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 qcusbnet; system32\DRIVERS\qcusbnet.sys [X]
S3 qcusbser; system32\DRIVERS\qcusbser.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2023-10-21 17:45 - 2014-04-11 16:11 - 00000260 _____ () C:\Users\alysher\Desktop\10.key
2014-05-11 23:08 - 2014-05-11 23:09 - 00019786 _____ () C:\Users\alysher\Desktop\FRST.txt
2014-05-11 20:53 - 2014-05-11 20:53 - 00001051 _____ () C:\Users\alysher\Desktop\mbam.txt
2014-05-11 20:35 - 2014-05-11 20:40 - 00000000 ____D () C:\AdwCleaner
2014-05-11 20:27 - 2014-05-11 20:27 - 00001194 _____ () C:\Users\alysher\Desktop\JRT.txt
2014-05-11 20:22 - 2014-05-11 20:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 20:03 - 2014-05-11 20:03 - 01325827 _____ () C:\Users\alysher\Desktop\AdwCleaner.exe
2014-05-11 20:02 - 2014-05-11 20:02 - 01016261 _____ (Thisisu) C:\Users\alysher\Desktop\JRT.exe
2014-05-11 20:02 - 2014-05-11 20:02 - 00448512 _____ (OldTimer Tools) C:\Users\alysher\Desktop\TFC.exe
2014-05-11 19:18 - 2014-05-11 19:18 - 00119292 _____ () C:\Users\alysher\Desktop\OTL.Txt
2014-05-11 19:08 - 2014-05-11 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\alysher\Desktop\OTL.exe
2014-05-11 18:45 - 2014-05-11 18:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 00:07 - 2014-05-10 00:07 - 00006998 _____ () C:\Users\alysher\Downloads\65002.prl
2014-05-09 21:54 - 2014-05-09 21:55 - 00160480 _____ () C:\Windows\Minidump\050914-25116-01.dmp
2014-05-09 03:18 - 2014-05-11 23:08 - 00000000 ____D () C:\FRST
2014-05-09 03:18 - 2014-05-11 22:53 - 01056256 _____ (Farbar) C:\Users\alysher\Desktop\FRST.exe
2014-05-06 14:13 - 2014-05-06 14:13 - 01586165 _____ () C:\Users\alysher\Downloads\ComIntRepair.exe
2014-05-05 10:45 - 2014-05-05 10:45 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-04 00:08 - 2014-05-11 23:04 - 20819968 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2014-05-03 19:54 - 2014-05-03 19:54 - 00000600 _____ () C:\Users\alysher\AppData\Local\PUTTY.RND
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files\MSR
2014-05-02 22:45 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 22:45 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 03:57 - 2013-12-20 16:05 - 00000745 _____ () C:\Users\alysher\Desktop\desc.txt
2014-05-02 03:50 - 2014-05-02 03:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-02 03:50 - 2014-05-02 03:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-02 00:00 - 2014-05-02 00:00 - 03753285 _____ () C:\Users\alysher\Desktop\ext2explore-2.2.71.zip
2014-05-02 00:00 - 2014-05-02 00:00 - 00000063 _____ () C:\Users\alysher\Desktop\ext2explorelog.log
2014-05-01 23:59 - 2014-05-01 23:58 - 02355807 _____ () C:\Users\alysher\Desktop\ext4_unpacker_exe.zip
2014-05-01 20:35 - 2014-05-02 22:00 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Boot Animation Factory
2014-05-01 20:35 - 2014-05-01 20:35 - 00002791 _____ () C:\Users\Public\Desktop\Boot Animation Factory.lnk
2014-04-30 00:48 - 2014-04-30 00:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 21:27 - 2014-04-13 22:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-29 21:27 - 2014-04-13 22:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-24 01:18 - 2014-05-11 20:21 - 00000000 ____D () C:\Users\alysher\Desktop\jokes
2014-04-18 06:19 - 2014-05-11 23:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-18 06:18 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 06:18 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 06:15 - 2014-04-18 06:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\alysher\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-18 06:08 - 2014-04-18 06:08 - 00002597 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
2014-04-18 06:08 - 2014-04-18 06:08 - 00002585 _____ () C:\Users\Public\Desktop\RSD Lite.lnk
2014-04-13 15:18 - 2014-04-13 15:18 - 00000000 __SHD () C:\found.001
2014-04-11 20:27 - 2014-04-11 20:27 - 00000000 __SHD () C:\found.000
2014-04-11 20:18 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-11 20:18 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 20:18 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 20:18 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-11 20:18 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 20:18 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 20:18 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 20:18 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 20:18 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 20:18 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 20:18 - 2014-03-06 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-11 20:18 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-11 20:18 - 2014-03-06 03:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-11 20:18 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-11 20:18 - 2014-03-06 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 20:18 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 20:18 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 20:18 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-11 20:18 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 20:18 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 20:18 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 20:18 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-11 20:18 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 20:18 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Qualcomm
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\Program Files\Qualcomm
2014-04-11 02:28 - 2014-04-11 02:28 - 00003640 _____ () C:\Users\alysher\Downloads\Page Plus guide.zip
2014-04-11 01:50 - 2014-04-11 01:50 - 00005930 _____ () C:\Users\alysher\Downloads\53423.prl
2014-04-11 01:13 - 2014-04-11 01:13 - 00006055 _____ () C:\Users\alysher\Downloads\60008.prl

==================== One Month Modified Files and Folders =======

2014-05-11 23:09 - 2014-05-11 23:08 - 00019786 _____ () C:\Users\alysher\Desktop\FRST.txt
2014-05-11 23:08 - 2014-05-09 03:18 - 00000000 ____D () C:\FRST
2014-05-11 23:08 - 2013-07-20 21:07 - 01588110 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 23:08 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 23:07 - 2014-04-18 06:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 23:06 - 2014-02-21 05:02 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-11 23:06 - 2013-08-23 23:38 - 00000000 ____D () C:\Users\alysher\AppData\Local\Battle.net
2014-05-11 23:04 - 2014-05-04 00:08 - 20819968 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2014-05-11 23:04 - 2013-07-20 22:18 - 00000000 ___RD () C:\Users\alysher\Google Drive
2014-05-11 23:04 - 2009-07-14 00:39 - 00242719 _____ () C:\Windows\setupact.log
2014-05-11 23:03 - 2013-07-20 22:16 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 23:03 - 2010-11-20 17:48 - 00413678 _____ () C:\Windows\PFRO.log
2014-05-11 23:03 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 22:59 - 2009-07-14 00:34 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 22:59 - 2009-07-14 00:34 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 22:53 - 2014-05-09 03:18 - 01056256 _____ (Farbar) C:\Users\alysher\Desktop\FRST.exe
2014-05-11 22:24 - 2013-07-20 22:16 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 22:11 - 2014-03-18 02:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 21:06 - 2014-01-24 00:56 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001UA.job
2014-05-11 21:06 - 2014-01-24 00:56 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586769609-3811868919-1413454730-1001Core.job
2014-05-11 20:53 - 2014-05-11 20:53 - 00001051 _____ () C:\Users\alysher\Desktop\mbam.txt
2014-05-11 20:40 - 2014-05-11 20:35 - 00000000 ____D () C:\AdwCleaner
2014-05-11 20:27 - 2014-05-11 20:27 - 00001194 _____ () C:\Users\alysher\Desktop\JRT.txt
2014-05-11 20:22 - 2014-05-11 20:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 20:21 - 2014-04-24 01:18 - 00000000 ____D () C:\Users\alysher\Desktop\jokes
2014-05-11 20:16 - 2013-07-21 12:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 20:03 - 2014-05-11 20:03 - 01325827 _____ () C:\Users\alysher\Desktop\AdwCleaner.exe
2014-05-11 20:02 - 2014-05-11 20:02 - 01016261 _____ (Thisisu) C:\Users\alysher\Desktop\JRT.exe
2014-05-11 20:02 - 2014-05-11 20:02 - 00448512 _____ (OldTimer Tools) C:\Users\alysher\Desktop\TFC.exe
2014-05-11 19:18 - 2014-05-11 19:18 - 00119292 _____ () C:\Users\alysher\Desktop\OTL.Txt
2014-05-11 19:08 - 2014-05-11 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\alysher\Desktop\OTL.exe
2014-05-11 18:45 - 2014-05-11 18:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 18:44 - 2013-07-21 11:47 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Mozilla
2014-05-10 00:07 - 2014-05-10 00:07 - 00006998 _____ () C:\Users\alysher\Downloads\65002.prl
2014-05-09 21:55 - 2014-05-09 21:54 - 00160480 _____ () C:\Windows\Minidump\050914-25116-01.dmp
2014-05-09 21:54 - 2013-09-03 19:22 - 441438617 _____ () C:\Windows\MEMORY.DMP
2014-05-09 21:54 - 2013-09-03 19:22 - 00000000 ____D () C:\Windows\Minidump
2014-05-09 03:13 - 2013-07-25 03:59 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\uTorrent
2014-05-08 03:25 - 2013-07-20 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 14:13 - 2014-05-06 14:13 - 01586165 _____ () C:\Users\alysher\Downloads\ComIntRepair.exe
2014-05-05 21:54 - 2013-12-19 17:32 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-05 21:54 - 2013-12-19 17:32 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-05 10:50 - 2013-09-23 14:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-05 10:45 - 2014-05-05 10:45 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-05 10:45 - 2013-07-26 23:04 - 00000000 ____D () C:\Program Files\Java
2014-05-05 10:39 - 2013-07-30 23:44 - 00000000 ____D () C:\Users\alysher\AppData\Local\Deployment
2014-05-04 00:03 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\PLA
2014-05-03 19:54 - 2014-05-03 19:54 - 00000600 _____ () C:\Users\alysher\AppData\Local\PUTTY.RND
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files\MSR
2014-05-02 23:04 - 2013-08-23 23:38 - 00000000 ____D () C:\Program Files\Battle.net
2014-05-02 22:00 - 2014-05-01 20:35 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Boot Animation Factory
2014-05-02 03:50 - 2014-05-02 03:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-02 03:50 - 2014-05-02 03:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-02 03:50 - 2014-01-03 22:47 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-02 03:50 - 2013-07-20 23:43 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-02 03:50 - 2013-07-20 23:43 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-02 00:00 - 2014-05-02 00:00 - 03753285 _____ () C:\Users\alysher\Desktop\ext2explore-2.2.71.zip
2014-05-02 00:00 - 2014-05-02 00:00 - 00000063 _____ () C:\Users\alysher\Desktop\ext2explorelog.log
2014-05-01 23:58 - 2014-05-01 23:59 - 02355807 _____ () C:\Users\alysher\Desktop\ext4_unpacker_exe.zip
2014-05-01 20:35 - 2014-05-01 20:35 - 00002791 _____ () C:\Users\Public\Desktop\Boot Animation Factory.lnk
2014-04-30 00:48 - 2014-04-30 00:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 21:24 - 2014-03-18 02:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 21:24 - 2014-03-18 02:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 08:48 - 2014-05-02 22:45 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 08:34 - 2014-05-02 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-24 15:17 - 2013-12-14 23:25 - 00000000 ____D () C:\Users\alysher\AppData\Local\Akamai
2014-04-19 03:37 - 2013-06-29 22:19 - 00000000 ____D () C:\Games
2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-18 06:18 - 2014-04-18 06:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-18 06:18 - 2013-07-20 23:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\Users\alysher\AppData\Roaming\Malwarebytes
2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 06:18 - 2013-07-20 23:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-18 06:16 - 2014-04-18 06:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\alysher\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-18 06:08 - 2014-04-18 06:08 - 00002597 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
2014-04-18 06:08 - 2014-04-18 06:08 - 00002585 _____ () C:\Users\Public\Desktop\RSD Lite.lnk
2014-04-13 22:11 - 2014-04-29 21:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:07 - 2014-04-29 21:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 15:18 - 2014-04-13 15:18 - 00000000 __SHD () C:\found.001
2014-04-11 21:21 - 2013-07-21 12:19 - 00000000 ____D () C:\Users\alysher\AppData\Local\Adobe
2014-04-11 21:10 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-04-11 20:27 - 2014-04-11 20:27 - 00000000 __SHD () C:\found.000
2014-04-11 16:11 - 2023-10-21 17:45 - 00000260 _____ () C:\Users\alysher\Desktop\10.key
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Qualcomm
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST
2014-04-11 03:03 - 2014-04-11 03:03 - 00000000 ____D () C:\Program Files\Qualcomm
2014-04-11 03:00 - 2013-07-22 14:44 - 00000000 ____D () C:\Program Files\QPST
2014-04-11 03:00 - 2013-07-20 21:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-11 02:28 - 2014-04-11 02:28 - 00003640 _____ () C:\Users\alysher\Downloads\Page Plus guide.zip
2014-04-11 01:50 - 2014-04-11 01:50 - 00005930 _____ () C:\Users\alysher\Downloads\53423.prl
2014-04-11 01:13 - 2014-04-11 01:13 - 00006055 _____ () C:\Users\alysher\Downloads\60008.prl

Some content of TEMP:
====================
C:\Users\alysher\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 16:48

==================== End Of Log ============================


  • 0

#12
JSntgRvr
Posted 11 May 2014 - 10:34 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Please download ComboFix from Here to your Desktop.
 
**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers. 
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
 
Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#13
Alysher
Posted 11 May 2014 - 11:13 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
here is the log
  • 0

#14
Alysher
Posted 11 May 2014 - 11:52 PM

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
and so far ive gotten no more new tabs/windows and my system is running quite nice. im still getting ads tho, and combofix removed my custom build autorun.inf files for my hard drives and my install of curse client. the autorun files change the drive icons and names for each drive, and curse client managed my addons for World of Warcraft.
  • 0

#15
JSntgRvr
Posted 12 May 2014 - 10:37 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I can restore those files at the end of the cleaning. Remind me.
 
Please run a free online scan with the ESET Online Scanner
 
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
 
Note: This scan works with Internet Explorer or Mozilla FireFox.
 
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
 
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
 then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP