Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

desktop.ini


  • This topic is locked This topic is locked
2 replies to this topic

#1 christopher.shaw2309

christopher.shaw2309

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 26 August 2014 - 02:31 AM

Hi i was told you were the guys to speak to regards this possible infection. I clicked on a link for a program I had used many times before on a torrent site and hey presto my computer started putting ghost icons in every folder with the name desktop.ini which is apparently a nasty beast. Not coming across this before I set about shredding every item which looked even remotely to do with this infection with Mcafee shred. Although the desktop.ini icons appear to have gone, my machine could still be infected. After reading the posts on here about it I downloaded the Farbar tool and ran it as you told others to do. Attached are the results.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Christopher A. Shaw (administrator) on CHRIS_DESKTOP on 26-08-2014 07:53:19
Running from C:\Users\Christopher A. Shaw\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\VIA\RAID\vialogsv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\VIA\RAID\raid_tool.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K50 Keyboard\K50Hid.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee Inc) C:\Users\Christopher A. Shaw\Downloads\stinger64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2010\StreetsOlkShim.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [639456 2014-07-07] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [VIARaidUtl] => C:\Program Files (x86)\VIA\RAID\raid_tool.exe [4918936 2000-01-01] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair K50] => C:\Program Files (x86)\Corsair\K50 Keyboard\K50Hid.exe [1787904 2013-08-06] (Corsair Components  Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-18] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-3261572081-3040411570-2514334660-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3261572081-3040411570-2514334660-1001\...\Run: [GoogleChromeAutoLaunch_C1C1CDB5E26D4010E957A49FB4252E37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-3261572081-3040411570-2514334660-1001\...\MountPoints2: {3a5e6706-a572-11e2-bae5-806e6f6e6963} - F:\Ctrun\Start.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk ->  (No File)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF1539E0E8239CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {EAF38B31-A036-4F44-B9DF-8CE6C4D96BB1} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB0&p={SearchTerms}
SearchScopes: HKCU - {91530360-9D5F-439C-99B9-15ADE7CC03DB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {EAF38B31-A036-4F44-B9DF-8CE6C4D96BB1} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB0&p={SearchTerms}
BHO: No Name -> {738B3ACB-4912-24FD-3166-7D36AA79C9C2} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: No Name -> {C72820A2-17DA-C46A-9BE6-5D62ECD8DC33} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/ig", "hxxp://www.google.com/"
CHR Profile: C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2013-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-05]
CHR Extension: (SiteAdvisor) - C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-19]
CHR Extension: (Porsche) - C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2014-02-07]
CHR Extension: (Google Wallet) - C:\Users\Christopher A. Shaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2013-08-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-06] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-11] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [560128 2014-07-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-07-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-05-02] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2000-01-01] () [File not signed]
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-05-02] (McAfee, Inc.)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [157496 2007-03-05] (Creative Technology Ltd)
R3 CORK50; C:\Windows\System32\drivers\CORK50.sys [25600 2012-08-10] ( )
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700216 2007-03-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219448 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321848 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190264 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363320 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142136 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681272 2007-03-05] (Creative Technology Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-07-04] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-05-02] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-10] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
R3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [178304 2008-02-15] (Saitek)
R3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-02] (Saitek)
R3 SaiH0C2D; C:\Windows\System32\DRIVERS\SaiH0C2D.sys [176128 2007-07-02] (Saitek)
R3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [129024 2007-12-07] (Saitek)
S3 SaiK8018; C:\Windows\System32\DRIVERS\SaiK8018.sys [131584 2008-07-29] (Saitek)
R3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [34432 2007-12-07] (Saitek)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-03] ()
R0 viamrx64; C:\Windows\System32\DRIVERS\viamrx64.sys [157336 2000-01-01] (VIA Technologies Inc.,Ltd)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S0 mferkdet; \SystemRoot\system32\drivers\mferkdet.sys [X]
S3 MFE_RR; \??\C:\Users\CHRIST~1.SHA\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 68726474C69B738EAC3A62E06B33ADDC
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys EC8B8A323948C14D0C9A08AB8DA373C7
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\COMMONFX.DLL 2B350F5BB24603405AD41DDF1457DD23
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\CORK50.sys 46E3C6ADF07A6EF725B12C4EA17B2B4F
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\CT20XUT.SYS 18CC77713154B81A5DFB4BA80F2733CB
C:\Windows\System32\drivers\CT20XUT.SYS 18CC77713154B81A5DFB4BA80F2733CB
C:\Windows\System32\drivers\ctac32k.sys D2B88CB94AEDFC34637CF12722A08C28
C:\Windows\System32\drivers\ctaud2k.sys 4CF2C3E2128594691DF31597C9EB80BB
C:\Windows\System32\CTAUDFX.DLL 0D112AB66CE4F13E9EF5E2D84313476B
C:\Windows\System32\CTEAPSFX.DLL 8204C53FB1E9DAD273B7F2EA870F037D
C:\Windows\System32\CTEDSPFX.DLL 3B8343B297014262B8F84B564155284B
C:\Windows\System32\CTEDSPIO.DLL 928FD42893D31193D7B870E247B05FFD
C:\Windows\System32\CTEDSPSY.DLL 83008CD39487769370B3C70D5AA9FD1B
C:\Windows\System32\CTERFXFX.DLL B1463C36598A272966F654F585C06748
C:\Windows\System32\drivers\CTEXFIFX.SYS A9007C6A5E20B66B8EE61C07EAC7B49D
C:\Windows\System32\drivers\CTEXFIFX.SYS A9007C6A5E20B66B8EE61C07EAC7B49D
C:\Windows\System32\drivers\CTHWIUT.SYS D75A69D9761735DBEDDD6E8D306370D3
C:\Windows\System32\drivers\CTHWIUT.SYS D75A69D9761735DBEDDD6E8D306370D3
C:\Windows\System32\drivers\ctprxy2k.sys 2ABC26447CF31D3D8B4AD7F92FA16AF7
C:\Windows\System32\CTSBLFX.DLL 5C173E93331CC151E4C57832A79902C8
C:\Windows\System32\drivers\ctsfm2k.sys 4681F3E73E3B83CF93A3A601687B3630
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\emupia2k.sys AF7217AE9E9A2493719462C890EB73B3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys EECCA21D35EF3D0C5DB21EE68A74DF9A
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\ha20x2k.sys 69A60F8DDF90F462E289525E3BBC7ADC
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HipShieldK.sys 29F981739E50305128022CBE10B3659C
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\drivers\McPvDrv.sys 93A8201B62BF358C5C88735C65903E04
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys 90AFC1E015CE31DB4D9E0A48499E4861
C:\Windows\System32\drivers\mfeavfk.sys 66D64658D3C64A10F370116BADCB8966
C:\Windows\System32\drivers\mfefirek.sys 15926439560610AEF27C09CCCF8C8F22
C:\Windows\System32\drivers\mfehidk.sys 2D5B332EB98ECC4B1D41335D7150D375
C:\Windows\System32\DRIVERS\mfencbdc.sys 57EC9D22D989DD67E91A51BE082B1083
C:\Windows\System32\DRIVERS\mfencrk.sys FCEEE953517CA72E4238954467CD63E8
C:\Windows\System32\drivers\mfewfpk.sys 1E6024E3CC3B799C5803FE5EBEBED5DC
C:\Windows\System32\DRIVERS\MOBK.sys 3800C23D0D90C59AAFCDEFDC82B5C4AF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 2219A3D695405E7BA2186BA6B9EDE14A
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 4EE399576F76D38C04745DB739BBC8C7
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\ctoss2k.sys 47ED757ABB7885FA671D20C162EF4E77
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys 4C5875E50F49F20C094579F74B4D8A4D
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys DC8FBFF4AF53A33CA05527F994B7A50A
C:\Windows\System32\Drivers\RapportKE64.sys 12EC1B81BCF8CD603E899369D1614579
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 8AAAC654642807D62BB721567C47A784
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SaiH0763.sys 45C0B193065219189772A038E6C29D49
C:\Windows\System32\DRIVERS\SaiH0BAC.sys 231A3700154B1A49C2F05CB0DA4B2747
C:\Windows\System32\DRIVERS\SaiH0C2D.sys 231A3700154B1A49C2F05CB0DA4B2747
C:\Windows\System32\DRIVERS\SaiK0CEA.sys BD0EDDCC9D5860DDDBD04B4011FD8F48
C:\Windows\System32\DRIVERS\SaiK8018.sys 4D7444C769AF99EFF134320542D812FA
C:\Windows\System32\DRIVERS\SaiU0CEA.sys 1B083D5E6EBC06EAD3E2C695493E9C2D
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys 9CFEFD62D86DABFAC12D1C5ED72BA6A4
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viamrx64.sys A9DC487794C1A40D0B888CA558B02650
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 07:53 - 2014-08-26 07:58 - 00042400 _____ () C:\Users\Christopher A. Shaw\Downloads\FRST.txt
2014-08-26 07:52 - 2014-08-26 07:53 - 00000000 ____D () C:\FRST
2014-08-26 07:51 - 2014-08-26 07:51 - 02103296 _____ (Farbar) C:\Users\Christopher A. Shaw\Downloads\FRST64.exe
2014-08-26 07:08 - 2014-08-26 07:08 - 00000000 _____ () C:\Users\Christopher A. Shaw\Downloads\Stinger_26082014_070836.html
2014-08-26 07:07 - 2014-08-26 07:07 - 00000000 ____D () C:\Quarantine
2014-08-26 00:11 - 2014-08-26 00:17 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-08-26 00:11 - 2014-08-26 00:11 - 00002298 _____ () C:\Users\Christopher A. Shaw\Desktop\SpyHunter.lnk
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\sh4ldr
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-26 00:11 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-26 00:09 - 2014-08-26 00:11 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-26 00:08 - 2014-08-26 00:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christopher A. Shaw\Downloads\SpyHunter-Installer.exe
2014-08-26 00:02 - 2014-08-26 00:02 - 00000310 _____ () C:\Users\Christopher A. Shaw\Downloads\RootkitRemover_20140826_000211.log
2014-08-26 00:01 - 2014-08-26 00:01 - 00783120 _____ (McAfee, Inc.) C:\Users\Christopher A. Shaw\Downloads\rootkitremover.exe
2014-08-25 23:48 - 2014-08-26 00:34 - 00000853 _____ () C:\Users\Christopher A. Shaw\Downloads\Stinger_25082014_234821.html
2014-08-25 23:48 - 2014-08-25 23:48 - 01285428 _____ () C:\Users\Christopher A. Shaw\Downloads\runtime.dat
2014-08-25 23:47 - 2014-08-25 23:47 - 12373352 _____ (McAfee Inc) C:\Users\Christopher A. Shaw\Downloads\stinger64.exe
2014-08-24 22:32 - 2014-08-25 01:15 - 00000000 __SHD () C:\Users\Christopher A. Shaw\AppData\Local\EmieUserList
2014-08-24 22:32 - 2014-08-25 01:15 - 00000000 __SHD () C:\Users\Christopher A. Shaw\AppData\Local\EmieSiteList
2014-08-24 12:00 - 2014-08-26 03:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 11:59 - 2014-08-24 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 11:59 - 2014-08-24 11:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 11:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 11:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 05:37 - 2014-08-24 05:37 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-19 02:11 - 2014-07-04 11:44 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-08-19 02:11 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-15 03:10 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:10 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:10 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:10 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:10 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:10 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:08 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:08 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 17:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 17:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 17:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 17:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 17:47 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 17:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:47 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 17:47 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:46 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 17:46 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:45 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 17:45 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 17:45 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 17:45 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 17:45 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:45 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:45 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:44 - 2014-07-16 04:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 17:44 - 2014-07-16 03:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 17:44 - 2014-07-16 03:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 17:44 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 17:44 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 17:44 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 17:43 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 17:43 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 17:43 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 17:43 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 17:43 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 17:43 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 17:43 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 17:43 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 17:43 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 17:43 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 17:43 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 17:43 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 17:43 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 17:43 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 17:43 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 17:43 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 17:43 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 17:43 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 17:43 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 17:43 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 17:43 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 17:43 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 17:43 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 17:43 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 17:43 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 17:43 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 17:43 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 17:43 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 17:43 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 17:43 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 17:43 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 17:43 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 17:43 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 17:43 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 17:43 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 17:43 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 17:43 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 17:43 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 17:43 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:43 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 17:43 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 17:43 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 17:43 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 17:43 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 17:43 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 17:43 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 17:43 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 17:43 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 17:43 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 17:43 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 17:43 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 17:43 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 17:43 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 17:43 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 17:43 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 17:43 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 17:42 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 17:42 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 17:42 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:41 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:12 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:12 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:12 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:12 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:11 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:11 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:11 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:11 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:11 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:11 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 23:25 - 2014-07-30 23:26 - 00124397 _____ () C:\Users\Christopher A. Shaw\Downloads\new truck1.jpeg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 07:58 - 2014-08-26 07:53 - 00042400 _____ () C:\Users\Christopher A. Shaw\Downloads\FRST.txt
2014-08-26 07:53 - 2014-08-26 07:52 - 00000000 ____D () C:\FRST
2014-08-26 07:51 - 2014-08-26 07:51 - 02103296 _____ (Farbar) C:\Users\Christopher A. Shaw\Downloads\FRST64.exe
2014-08-26 07:50 - 2009-07-14 05:45 - 00031840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 07:50 - 2009-07-14 05:45 - 00031840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 07:30 - 2013-04-15 03:50 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 07:22 - 2013-08-15 16:45 - 00000000 ____D () C:\Program Files\stinger
2014-08-26 07:22 - 2013-05-10 09:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 07:11 - 2014-07-05 02:19 - 00002285 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-26 07:08 - 2014-08-26 07:08 - 00000000 _____ () C:\Users\Christopher A. Shaw\Downloads\Stinger_26082014_070836.html
2014-08-26 07:07 - 2014-08-26 07:07 - 00000000 ____D () C:\Quarantine
2014-08-26 05:14 - 2013-04-15 03:17 - 01822319 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 03:24 - 2014-08-24 12:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 00:34 - 2014-08-25 23:48 - 00000853 _____ () C:\Users\Christopher A. Shaw\Downloads\Stinger_25082014_234821.html
2014-08-26 00:17 - 2014-08-26 00:11 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-08-26 00:11 - 2014-08-26 00:11 - 00002298 _____ () C:\Users\Christopher A. Shaw\Desktop\SpyHunter.lnk
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\sh4ldr
2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-26 00:11 - 2014-08-26 00:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-26 00:08 - 2014-08-26 00:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christopher A. Shaw\Downloads\SpyHunter-Installer.exe
2014-08-26 00:02 - 2014-08-26 00:02 - 00000310 _____ () C:\Users\Christopher A. Shaw\Downloads\RootkitRemover_20140826_000211.log
2014-08-26 00:01 - 2014-08-26 00:01 - 00783120 _____ (McAfee, Inc.) C:\Users\Christopher A. Shaw\Downloads\rootkitremover.exe
2014-08-25 23:48 - 2014-08-25 23:48 - 01285428 _____ () C:\Users\Christopher A. Shaw\Downloads\runtime.dat
2014-08-25 23:47 - 2014-08-25 23:47 - 12373352 _____ (McAfee Inc) C:\Users\Christopher A. Shaw\Downloads\stinger64.exe
2014-08-25 20:02 - 2013-04-15 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-25 14:30 - 2013-04-15 03:50 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 01:28 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 01:24 - 2013-04-15 03:46 - 00000000 __RSD () C:\Users\Christopher A. Shaw\Documents\McAfee Vaults
2014-08-25 01:20 - 2013-04-15 03:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-25 01:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 01:20 - 2009-07-14 05:51 - 00055156 _____ () C:\Windows\setupact.log
2014-08-25 01:20 - 2009-07-14 05:45 - 00414792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 01:19 - 2013-04-16 02:51 - 00615424 _____ () C:\Windows\PFRO.log
2014-08-25 01:15 - 2014-08-24 22:32 - 00000000 __SHD () C:\Users\Christopher A. Shaw\AppData\Local\EmieUserList
2014-08-25 01:15 - 2014-08-24 22:32 - 00000000 __SHD () C:\Users\Christopher A. Shaw\AppData\Local\EmieSiteList
2014-08-25 00:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-08-24 20:30 - 2013-04-15 03:33 - 00000000 ____D () C:\Users\Christopher A. Shaw
2014-08-24 12:22 - 2002-01-02 09:00 - 00000000 ____D () C:\Users\Christopher A. Shaw\AppData\Local\16
2014-08-24 11:59 - 2014-08-24 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 11:59 - 2014-08-24 11:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 11:59 - 2014-01-23 02:08 - 00000000 ____D () C:\Users\Christopher A. Shaw\AppData\Roaming\Malwarebytes
2014-08-24 11:59 - 2014-01-23 02:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 05:37 - 2014-08-24 05:37 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-24 04:54 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-24 04:54 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-24 04:41 - 2013-05-26 01:23 - 00000000 ___RD () C:\Users\Christopher A. Shaw\Downloads\Icon Files
2014-08-15 05:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 04:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 04:20 - 2013-04-19 01:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:32 - 2013-07-19 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:29 - 2009-10-14 13:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:01 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 19:00 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-07 03:06 - 2014-08-14 17:42 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-14 17:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 00:41 - 2014-08-14 17:43 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-14 17:43 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 23:26 - 2014-07-30 23:25 - 00124397 _____ () C:\Users\Christopher A. Shaw\Downloads\new truck1.jpeg
2014-07-28 08:20 - 2013-09-11 21:09 - 00000000 ____D () C:\Users\Christopher A. Shaw\AppData\Roaming\Apple Computer
 
Files to move or delete:
====================
C:\Users\Christopher A. Shaw\hpothb07.dat
 
 
Some content of TEMP:
====================
C:\Users\Christopher A. Shaw\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {844e65da-a5bd-11e2-8550-c0d9f84ad9a3}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {0d1873f3-da46-11de-a95e-dc83a65f5814}
device                  ramdisk=[C:]\Recovery\0d1873f3-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873f4-da46-11de-a95e-dc83a65f5814}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0d1873f3-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873f4-da46-11de-a95e-dc83a65f5814}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {0d1873f9-da46-11de-a95e-dc83a65f5814}
device                  ramdisk=[C:]\Recovery\0d1873f9-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873fa-da46-11de-a95e-dc83a65f5814}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0d1873f9-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873fa-da46-11de-a95e-dc83a65f5814}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {0d1873fd-da46-11de-a95e-dc83a65f5814}
device                  ramdisk=[C:]\Recovery\0d1873fd-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873fe-da46-11de-a95e-dc83a65f5814}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0d1873fd-da46-11de-a95e-dc83a65f5814\Winre.wim,{0d1873fe-da46-11de-a95e-dc83a65f5814}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {844e65dc-a5bd-11e2-8550-c0d9f84ad9a3}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {844e65da-a5bd-11e2-8550-c0d9f84ad9a3}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {844e65dc-a5bd-11e2-8550-c0d9f84ad9a3}
device                  ramdisk=[C:]\Recovery\844e65dc-a5bd-11e2-8550-c0d9f84ad9a3\Winre.wim,{844e65dd-a5bd-11e2-8550-c0d9f84ad9a3}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\844e65dc-a5bd-11e2-8550-c0d9f84ad9a3\Winre.wim,{844e65dd-a5bd-11e2-8550-c0d9f84ad9a3}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {844e65da-a5bd-11e2-8550-c0d9f84ad9a3}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {0d1873f4-da46-11de-a95e-dc83a65f5814}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0d1873f3-da46-11de-a95e-dc83a65f5814\boot.sdi
 
Device options
--------------
identifier              {0d1873fa-da46-11de-a95e-dc83a65f5814}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0d1873f9-da46-11de-a95e-dc83a65f5814\boot.sdi
 
Device options
--------------
identifier              {0d1873fe-da46-11de-a95e-dc83a65f5814}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0d1873fd-da46-11de-a95e-dc83a65f5814\boot.sdi
 
Device options
--------------
identifier              {844e65dd-a5bd-11e2-8550-c0d9f84ad9a3}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\844e65dc-a5bd-11e2-8550-c0d9f84ad9a3\boot.sdi
 
 
 
LastRegBack: 2014-08-24 20:12
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Christopher A. Shaw at 2014-08-26 08:03:28
Running from C:\Users\Christopher A. Shaw\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corsair K50 Firmware Update Application (HKLM-x32\...\{59E469EB-AC7E-451A-8DAB-A7485B070CB4}}_is1) (Version:  - )
Corsair K50 Gaming Keyboard Driver V1.0 (HKLM-x32\...\{5F80696B-8F74-4A67-9830-EC2DBA79AD7A}_is1) (Version: 1.00.00.15 - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DigiCoupon (HKLM-x32\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version:  - DigiCouPon) <==== ATTENTION
Fokker 70-100 (HKCU\...\Fokker 70-100) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Level-D Simulations 767-300 (HKLM-x32\...\Level-D Simulations 767-300) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1138 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version:  - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft AutoRoute 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}) (Version: 17.0.22.0600 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.11352 - RocketLife Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1307.93 - Trusteer) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Text-o-Matic (HKLM-x32\...\Text-o-Matic) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-08-2014 02:00:44 Windows Update
17-08-2014 18:00:49 Windows Backup
24-08-2014 18:00:47 Windows Backup
25-08-2014 23:09:54 Installed SpyHunter
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-01-26 03:04 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07404450-4541-45BF-BCB8-6774332F93C2} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe
Task: {0CC54DCF-DA20-4660-96C0-51E3C6E66EEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {0F4E1C1D-ED01-4C60-BF1B-3D4D12D942FA} - System32\Tasks\{12B469DE-62BE-4425-B0A5-C025C8A0E29B} => Chrome.exe 
Task: {0F6C3173-1186-40B7-9CFB-6D60E8EC003B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {14855C57-F69A-44A3-833E-784C0B7764D3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {14910891-CEE8-4FAF-858F-C66B562A549C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27C5BA80-CD49-4D45-AE08-98C95EB74C27} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {61586B7D-C99A-43CA-AC26-4D0462E7614F} - System32\Tasks\{90AA2E3F-0AB3-43AB-98B7-A415BB68A28E} => Chrome.exe 
Task: {64D89801-8D6D-4A6E-86B8-01A070A6AB6B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6DFBBF36-CA57-46C2-9DD6-891F9032C99F} - System32\Tasks\{0862679A-C552-4DDD-ABA5-D815E62730CA} => C:\Program Files (x86)\Microsoft AutoRoute 2013\AutoRout.exe
Task: {8DA23D99-FCF7-4D27-A847-A4E08AF7E65C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {99CF0A65-E763-4ED3-A985-C5D73670AB09} - System32\Tasks\{6DDA22FD-D37E-4B47-903F-C44DD48E8DFD} => Chrome.exe 
Task: {A30E4A4E-3508-42B7-8D78-750AB1095079} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A455419F-B320-4F6D-B497-6FC56CFF5F85} - System32\Tasks\{E19ACB7E-122F-4FCF-886A-09357DA63E17} => Chrome.exe 
Task: {A7D9CDAB-3C9D-454D-8A72-3576CB279AD1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {C546A131-85E0-4A91-865B-1BBADB875A36} - System32\Tasks\{1C2F0273-B63A-4D5A-A11D-54BBA929F7F1} => Chrome.exe 
Task: {CC084D04-F128-45AA-BFB6-6BC206656669} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {DBBBF998-CF04-4154-9C31-81395DD0FCA8} - System32\Tasks\{3DC6B8A0-F9AC-46A0-8E2F-034B9028FC7A} => C:\Program Files (x86)\Microsoft AutoRoute 2013\AutoRout.exe
Task: {E1286394-77E7-4697-909B-5B2D2FB6E867} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {F51CF535-DD77-407C-8D8A-DB58E39E8595} - System32\Tasks\{47EF3C1C-27CE-4E89-9EB6-A39A32E95CF5} => C:\Program Files (x86)\Microsoft AutoRoute 2013\AutoRout.exe
Task: {FEA2D8B4-90C7-41AC-A9F6-CD05EBC832E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-15 22:47 - 2000-01-01 01:00 - 00052888 _____ () C:\Program Files (x86)\VIA\RAID\vialogsv.exe
2013-12-15 22:47 - 2000-01-01 01:00 - 04918936 _____ () C:\Program Files (x86)\VIA\RAID\raid_tool.exe
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2013-04-19 18:57 - 2014-07-10 03:34 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-15 22:47 - 2000-01-01 01:00 - 00196608 _____ () C:\Program Files (x86)\VIA\RAID\drvInterface.dll
2013-12-15 22:47 - 2000-01-01 01:00 - 00581632 _____ () C:\Program Files (x86)\VIA\RAID\language.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-01-17 15:31 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-17 15:31 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-22 23:11 - 2012-05-14 12:39 - 00043008 _____ () C:\Program Files (x86)\Corsair\K50 Keyboard\hidGetKey.dll
2014-01-17 15:31 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-17 15:31 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-17 15:31 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-14 06:33 - 2014-08-07 04:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: VIA RAID Controller - 3249
Description: VIA RAID Controller - 3249
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: VIA Technologies, Inc.
Service: viamrx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2014 11:38:17 PM) (Source: Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=a0cde89c-3304-4157-b61c-c8ad785d1fad
 
Error: (08/25/2014 11:38:17 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (08/25/2014 01:23:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59916432-d15f-4134-a292-0c2b8d6490b7}
 
Error: (08/25/2014 01:23:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Chris_Desktop)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/25/2014 01:16:18 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b064e03a-05ef-4a7e-b7a6-fd018e7c60b7}
 
Error: (08/25/2014 01:15:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Chris_Desktop)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/25/2014 00:24:11 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (08/25/2014 00:24:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (01/02/2002 09:06:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4005c24d-2b33-4954-9946-9b68b6519e33}
 
Error: (01/02/2002 08:43:11 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0771ada-5801-4640-bf19-848b03c81801}
 
 
System errors:
=============
Error: (08/25/2014 11:48:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Creative Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 11:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 01:23:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (08/25/2014 01:23:44 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/25/2014 01:19:39 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
 
 
Microsoft Office Sessions:
=========================
Error: (07/11/2013 03:05:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 560 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-01 05:27:52.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:52.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:51.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:48.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:48.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:48.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:46.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:46.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:27:46.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-01 05:23:56.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.001\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_5722666f137ae177\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6700 @ 2.66GHz
Percentage of memory in use: 49%
Total physical RAM: 8191.12 MB
Available physical RAM: 4151.08 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 12398.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (System Drive) (Fixed) (Total:372.61 GB) (Free:175.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Storage Drive) (Fixed) (Total:1863.01 GB) (Free:976.39 GB) NTFS
Drive e: (Diskim) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
 
Users shortcut scan result (x64) Version: 25-08-2014
Ran by Christopher A. Shaw at 2014-08-26 08:08:16
Running from C:\Users\Christopher A. Shaw\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files (x86)\Hp\IrisOCR_12.3.4.0\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft AutoRoute 2010.lnk -> C:\Windows\Installer\{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}\ARX_EUR_17_Main_Application_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA\RAID\VIA V-Raid Tool Help.lnk -> C:\Program Files (x86)\VIA\RAID\raid_tool.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA\RAID\VIA V-Raid Utility.lnk -> C:\Program Files (x86)\VIA\RAID\raid_tool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\Uninstall PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\IMPORTANT INSTALLATION NOTES!.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Doc_Source\Pages\support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\LoadManager_FS2004.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\LoadManager_FS2004.exe (Precision Manuals Development Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\PMDG 737 Operator's Information Center (FAQ!).lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Doc_Source\Pages\PMDG 737 Operator's Information Center (FAQ!).url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\PMDG Website.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Doc_Source\Pages\Precision Manuals Development Group.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\00 PMDG 737Introduction.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\00_TITLE_AND_MENUS_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\01 PMDG 737 Takeoff.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\01_TAKEOFF_PERFORMANCE_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\02 PMDG 737 Cruise.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\02_CRUISE_PERFORMANCE_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\03 PMDG 737 Landing.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\03_LANDING_PERFORMANCE_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\04 PMDG 737 Limitations.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\04_LIMITATIONS_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\05 PMDG 737 Normal Procedures.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\05_NORMAL_PROCEDURES_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\06 PMDG 737 Abnormals.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\06_ABNORMAL_PROCEDURES_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\07 PMDG 737 Cockpit and Systems.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\07_SYSTEMS_OPERATION_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\08 PMDG 737 Flight Management Computer.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\08_FMC_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\09 PMDG 737 Automation and TCAS.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\09_AFDS_SYSTEM_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737-800-900 FLIGHT MANUAL\10 PMDG 737 Flight Techniques.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals 737-800-900\10_FLIGHT_TECHNIQUES_737_678900_V14.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\00 PMDG 737Introduction.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\00_TITLE_AND_MENUS_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\01 PMDG 737 Takeoff Performance.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\01_TAKEOFF_PERFORMANCE_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\02 PMDG 737 Cruise Planning.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\02_CRUISE_PERFORMANCE_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\03 PMDG 737 Landing Performance.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\03_LANDING_PERFORMANCE_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\04 PMDG 737 Limitations.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\04_LIMITATIONS_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\05 PMDG 737 Normal Procedures and Checklists.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\05_NORMAL_PROCEDURES_S73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\06 PMDG 737 Abnormal Procedures and Emergencies.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\06_ABNORMAL_PROCEDURES_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\07 PMDG 737 Aircraft Systems and Cockpit Overview.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\07_SYSTEMS_OPERATION_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\08 PMDG 737 Flight Management Computer.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\08_FMC_73702_06DEC03.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations\737 FLIGHT MANUAL\Appendix_1 How to write SID STARs.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\PMDG\737TNG\Aircraft Operating Manuals\Appendix_1 How to write SID STARs.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger Configuration Wizard.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Virtual Technician.lnk -> C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe (McAfee, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\Hp\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Help.lnk -> C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Scan.lnk -> C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Product Support Website.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Shop for Supplies.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Text-o-Matic\Text-o-Matic Manual.lnk -> D:\Flight One Software\Text-o-Matic\TextoMatic.PDF ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Text-o-Matic\Text-o-Matic.lnk -> D:\Flight One Software\Text-o-Matic\TextoMatic.exe (Flight One Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Text-o-Matic\Uninstall Text-o-Matic.lnk -> D:\UnTextomatic.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\767-300 Configuration Manager.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Aircraft\LVLD_B763\ConfigurationManager_767.exe (Flight One Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\767-300 Operating Manual.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Level-D Simulations\B767-300\LVLD767systems.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\767-300 Repaint Manager.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Aircraft\LVLD_B763\RepaintManager_767.exe (Flight One Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\767-300 SDK Example Program.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Level-D Simulations\Level-D SDK\LVLDSDKDemo.exe (Level D Simulations Panels for Flight One Publishing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\Credits.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Level-D Simulations\B767-300\credits.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\Important Release Notes.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Level-D Simulations\B767-300\ReadMe1st.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\Operating Manual Addendum.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Level-D Simulations\B767-300\addendum.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software\Level-D Simulations 767-300\Uninstall Level-D 767-300.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\UnLvld767.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Audio Control Panel.lnk -> C:\Program Files (x86)\Creative\AudioCS\CTAudCS.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk -> C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative WaveStudio 7.lnk -> C:\Program Files (x86)\Creative\WaveStudio 7\CTWave.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\ALchemy\Creative ALchemy.lnk -> C:\Program Files (x86)\Creative\ALchemy\ALchemy.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\K50 Keyboard\Corsair K50 Gaming Keyboard Configuration.lnk -> C:\Program Files (x86)\Corsair\K50 Keyboard\mainframe.exe (Corsair Components  Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\K50 Keyboard\Uninstall  .lnk -> C:\Windows\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K50 Firmware Update Application\Start Corsair K50 Firmware Update Application.lnk -> C:\Program Files (x86)\Corsair\K50 firmware update\FWUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair K50 Firmware Update Application\Uninstall  .lnk -> C:\Windows\unins001.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\Cool & Quiet 2.18.01.lnk -> C:\Program Files (x86)\ASUS\Cool & Quiet\cnq.exe (ASUSTeK)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\UnInstall Cool & Quiet.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Cool & Quiet\User Guide.lnk -> C:\Program Files (x86)\ASUS\Cool & Quiet\Cool 'n' Quiet.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 2.0 Configuration.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Christopher A. Shaw\Links\Desktop.lnk -> C:\Users\Christopher A. Shaw\Desktop ()
Shortcut: C:\Users\Christopher A. Shaw\Links\Downloads.lnk -> C:\Users\Christopher A. Shaw\Downloads ()
Shortcut: C:\Users\Christopher A. Shaw\Desktop\767-300 Configuration Manager.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Aircraft\LVLD_B763\ConfigurationManager_767.exe (Flight One Software)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\Fokker Aircraft Operations Manual.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_AOM.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\Desktop\FS9..lnk -> D:\Microsoft Flight Simulator 9 (FS9)\FS9.EXE (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\FSX..lnk -> D:\Microsoft Flight Simulator X (FSX)\fsx.exe (Microsoft Corp.)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\Microsoft Outlook..lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\Microsoft Publisher..lnk -> C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\Microsoft Word..lnk -> C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\Desktop\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Aircraft Operations Manual.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_AOM.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Configuration Manager.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\LoadEditor\panelCfg.exe (AOG)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Landing Data Card.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\landing_datacard.png ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Migration Guide.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_MIGRATION.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Multicrew Manual.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_MCM.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Takeoff Data Card.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\TO_DATACARD.png ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Tutorial Nr. 3.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_TUTORIAL_3.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Tutorial Nr. 4.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Digital Aviation\Fokker\Documentation\DA_FOKKER_TUTORIAL_4.pdf ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Aviation\Fokker 70-100\Uninstall Fokker 70-100.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\UnFokker70-FS9.exe ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative\Product Registration\Product Registration Details.lnk -> C:\Users\Christopher A. Shaw\AppData\Roaming\Creative\Product Registration\RegHistory.txt ()
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook..lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher A. Shaw\AppData\Local\Microsoft\Windows\GameExplorer\{1FF9825E-0E80-4B73-935D-D2F5B18C82DE}\PlayTasks\0\Play.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\FS9.EXE (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Saitek Cyborg Mouse.lnk -> C:\Windows\System32\SaiM0CEA.exe ()
Shortcut: C:\Users\Public\Desktop\WinZip.lnk -> C:\Program Files\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\Users\UpdatusUser\Desktop\767-300 Configuration Manager.lnk -> D:\Microsoft Flight Simulator 9 (FS9)\Aircraft\LVLD_B763\ConfigurationManager_767.exe (Flight One Software)
Shortcut: C:\Users\UpdatusUser\Desktop\Text-o-Matic.lnk -> D:\Flight One Software\Text-o-Matic\TextoMatic.exe (Flight One Software)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Start Trusteer Endpoint Protection.lnk -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) -> -userstart
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Stop Trusteer Endpoint Protection.lnk -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) -> -shutdown
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection\Trusteer Endpoint Protection Console.lnk -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) -> -config
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) -> -p -name=safekey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee All Access – Total Protection.lnk -> C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee File Lock.lnk -> C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.) -> /showvaults
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x0805
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {13BE337F-9557-416D-A696-F91A6807B170}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Update IP Address.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E} FEEDBACK=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Product Registration.lnk -> C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd) -> /PreProcess=RegFlash.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "%PROGRAMFILES%\Enigma Software Group\SpyHunter\SH4.com"
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /X {ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Christopher A. Shaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Public\Desktop\HP Officejet Pro 8500 ..lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup\Online Help.url -> hxxp://service.mcafee.com/
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Christopher A. Shaw\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> 0
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links for United Kingdom\Directgov - the nation's official websi….url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links\abouttabs.url -> about:Tabs
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Christopher A. Shaw\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of log =============================
 
Could you please tell me if I am infected as I don't really want to loose everything stored on my machine, flight sims, cv's, pictures etc.  One thing I don't think will be stored are details of my bank logins etc as whenever I login to my online banking I did it so it would not store details as you would on a shared computer.  Really appreciate your help and I am not that good with computers so please be patient. 
 
Many thanks, Chris.

Edited by Queen-Evie, 26 August 2014 - 07:24 AM.
moved from Am I Infected to the appropriate forum. FRST logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 31 August 2014 - 02:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545748 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 05 September 2014 - 02:40 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users