Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove bingvc malware/hijacker


  • This topic is locked This topic is locked
10 replies to this topic

#1 PapPawS

PapPawS

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 25 August 2015 - 01:17 PM

Trying to rid my sons computer (Dell Precision 670 workstation w/2 dual core 2.8 proc's. running Vista Ultimate 64) of malware. His girlfriend uses it almost exclusively now and remarked that it had "become unusable with the constant pop-ups and the sound doesn't work"... seems the drivers have been completely removed either by her attempted "fixes" or some malicious software possibly. I found the necessary reload program for the sound and decided I would re-install it after clearing up all other issues. She had obviously been freely downloading all sorts of couponing, shopping helper, driver search/install, music player, toolbar, etc. software based on the installed programs list. I first removed all of these I could from the Add/Remove programs page and then ran a full scan with MS Security Essentials and then Malwarebytes...which located and removed 962 listings of PUP's. I then checked IE for its configuration settings and reset the homepage to google.com but shortly realized when IE was launched the page wasn't actually the "real" google page. It was then that I noticed that the address bar at the top and an additional tab said bing*vc. Googled this and found it was a malware/hijacker indication. Tried several removal schemes listed on sites other than BC with no luck. Restored IE to defaults...no luck...tried repeatedly from the Launch Internet Explorer Browser Properties page to delete from the Target line the appended statement: h**p://bing.vc/?r=15443&lnk=sct2 which is added to the end of the line...keeps returning! I then changed the IE home page to about:blank and shortly realized that when launched, IE was NOT opening to the home page but was redirected to a new tab of this bing hijacker location. If I clicked on the homepage icon after an IE launch it did in fact then go to a blank page. I tried to adjust different tab settings to no avail. About then I looked at the BC pages and didn't find any reference to this malware directly after viewing 60 pages of virus removal instruction going back to listings from 2009 and having some strange behavior from my computer when inputing bing*vc directly in the search bar, so I downloaded and ran adwcleaner, junkware removal tool and hitmanpro64 as per instrux with no benefit. A little more reading and I tried to run Rkill (the original, not a renamed version) and it apparently did not actually run, simply leaving a blank report on the desktop. Having reached my limit, I registered here and am hoping you can direct me further. The .txt files are attached. Thanks in advance for any help you can provide!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by PapPawS (administrator) on SCHMDFAMDSKTP1 (25-08-2015 10:37:39)
Running from D:\Users\PapPawS\Desktop
Loaded Profiles: PapPawS (Available Profiles: PapPawS & Ash & Tamara)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [pronto] => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-03-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-03-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IconOverlayEx] -> {E1773C0E-364D-4210-B831-72F5A359E88F} => D:\Users\Ash\AppData\Local\IconOverlayEx.dll [2015-06-20] ()
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {A4D9AF2D-AE28-4430-B200-76313C72786C} URL = 
SearchScopes: HKU\S-1-5-21-155455009-3369571507-3939979054-1006 -> DefaultScope {2C2F891E-E354-49D8-A670-8D57D0365C25} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-155455009-3369571507-3939979054-1006 -> {2C2F891E-E354-49D8-A670-8D57D0365C25} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01] (IBM Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{4ABBB4A3-817A-4048-8BCE-856E9A4B25F4}: [DhcpNameServer] 192.168.0.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [34104 2010-02-22] (APC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1368960 2006-09-29] (Philips Semiconductors GmbH)
S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [17920 2008-01-20] (Microsoft Corporation)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 smwdm; system32\drivers\smwdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 10:37 - 2015-08-25 10:37 - 00015693 _____ D:\Users\PapPawS\Desktop\FRST.txt
2015-08-25 10:37 - 2015-08-25 10:37 - 00000000 ____D C:\FRST
2015-08-25 10:26 - 2015-08-25 10:11 - 02186752 _____ (Farbar) D:\Users\PapPawS\Desktop\FRST64.exe
2015-08-21 15:52 - 2015-08-21 15:52 - 00000000 ____D D:\Users\Tamara\AppData\Local\NVIDIA
2015-08-21 13:55 - 2015-08-21 13:55 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-21 13:52 - 2015-08-21 13:52 - 00004602 _____ C:\Windows\system32\.crusader
2015-08-21 13:12 - 2015-08-21 13:12 - 00000000 ____D D:\Users\Tamara\AppData\Roaming\HP
2015-08-21 13:12 - 2015-08-21 13:12 - 00000000 ____D D:\Users\Tamara\AppData\Local\Skype
2015-08-21 13:02 - 2015-08-21 13:02 - 00001309 _____ D:\Users\PapPawS\Desktop\JRT.txt
2015-08-21 11:10 - 2015-08-21 11:10 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Intel
2015-08-20 19:11 - 2015-08-20 19:12 - 00001905 _____ C:\Windows\diagwrn.xml
2015-08-20 19:11 - 2015-08-20 19:12 - 00001905 _____ C:\Windows\diagerr.xml
2015-08-20 18:29 - 2015-08-20 18:29 - 00000000 ____D D:\Users\Ash\AppData\Roaming\PCDr
2015-08-20 18:21 - 2015-08-20 18:27 - 00000000 ____D D:\Users\Ash\AppData\Roaming\DELL Drivers Update Utility
2015-08-20 18:21 - 2015-06-20 17:14 - 01875456 ____R D:\Users\Ash\AppData\Local\IconOverlayEx.dll
2015-08-20 18:18 - 2015-08-20 18:19 - 03401994 _____ D:\Users\Ash\Downloads\dell-drivers-update-utility.zip
2015-08-20 14:35 - 2015-08-20 14:35 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\Dell
2015-08-20 14:34 - 2015-08-20 18:29 - 00000000 ____D C:\Program Files\Dell
2015-08-20 14:32 - 2015-08-20 14:32 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\PCDr
2015-08-20 12:41 - 2015-08-21 13:23 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Deployment
2015-08-20 12:41 - 2015-08-20 12:41 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Apps\2.0
2015-08-20 11:49 - 2015-08-20 11:49 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\HpUpdate
2015-08-19 18:16 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:16 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 18:16 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:16 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 18:16 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-19 18:16 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 18:04 - 2015-08-19 18:04 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Nvidia Corporation
2015-08-19 12:12 - 2015-08-19 18:02 - 00000000 ____D D:\Users\PapPawS\AppData\Local\NVIDIA
2015-08-19 12:12 - 2015-08-19 12:12 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Skype
2015-08-19 03:00 - 2015-08-19 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-08-18 11:21 - 2015-08-18 11:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-18 11:14 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 11:14 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 11:12 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-18 11:12 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-18 11:10 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-18 11:10 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-18 11:08 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-18 11:08 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-18 11:08 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-18 11:07 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-14 03:13 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-14 03:13 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-14 03:13 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-14 03:13 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-14 03:11 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-14 03:11 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-14 03:11 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-14 03:11 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-14 03:11 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-14 03:11 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-14 03:11 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-14 03:11 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-14 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-14 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-14 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-14 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-14 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-14 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-14 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-14 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-14 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-14 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-14 03:01 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-14 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-14 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-14 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-14 03:01 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-14 03:01 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-14 03:01 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 16:57 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 16:57 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 16:57 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 16:57 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 16:57 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 16:57 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 16:57 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 16:56 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 16:56 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 16:56 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 16:56 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 16:56 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 16:56 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-13 16:56 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-13 16:56 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 16:56 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 16:56 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 16:56 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 16:56 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 16:56 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-13 16:56 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 16:56 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 16:56 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 16:56 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-13 16:56 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-13 16:56 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-13 16:56 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00872528 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00681552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 10:34 - 2011-02-22 14:44 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{85E2E347-717D-4070-BBA7-DB72588B9070}.job
2015-08-25 10:30 - 2012-05-21 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-25 10:30 - 2008-01-20 20:53 - 01205247 _____ C:\Windows\WindowsUpdate.log
2015-08-25 10:21 - 2012-01-05 14:28 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\Skype
2015-08-25 10:16 - 2006-11-02 10:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-25 10:16 - 2006-11-02 10:21 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-25 10:16 - 2006-11-02 10:21 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 11:41 - 2006-11-02 10:40 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-24 11:19 - 2014-07-30 18:12 - 00000000 ____D D:\Users\Ash\AppData\Roaming\Skype
2015-08-21 13:12 - 2012-01-05 15:59 - 00000000 ____D D:\Users\Tamara\AppData\Roaming\Skype
2015-08-21 13:00 - 2011-03-14 16:00 - 00000000 ____D D:\Users\PapPawS
2015-08-21 12:06 - 2006-11-02 10:39 - 00329442 _____ C:\Windows\PFRO.log
2015-08-20 19:23 - 2011-03-14 16:01 - 00000895 _____ D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 19:12 - 2014-08-27 11:00 - 00001090 _____ C:\Windows\setupact.log
2015-08-20 19:11 - 2014-08-27 11:00 - 00000000 _____ C:\Windows\setuperr.log
2015-08-20 18:55 - 2011-03-15 11:06 - 00000895 _____ D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 17:14 - 2006-11-02 08:33 - 00000000 __RSD C:\Windows\Media
2015-08-20 15:30 - 2011-09-14 14:02 - 00000000 ____D C:\Temp
2015-08-20 12:16 - 2011-02-18 09:25 - 00752894 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-20 12:16 - 2006-11-02 07:46 - 00752894 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 11:37 - 2011-09-13 13:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-18 11:34 - 2011-02-18 10:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-18 11:34 - 2006-11-02 10:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-18 11:19 - 2014-08-28 12:09 - 00000000 ____D D:\Users\Ash\AppData\Local\NVIDIA
2015-08-18 10:51 - 2006-11-02 10:21 - 00299768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 03:11 - 2013-08-16 10:17 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 03:02 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 23:20 - 2012-05-21 16:38 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 23:20 - 2012-05-21 16:38 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 23:20 - 2011-08-22 15:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2012-01-03 12:25 - 2012-03-18 10:50 - 0001356 _____ () D:\Users\PapPawS\AppData\Local\d3d9caps.dat
2011-09-21 12:13 - 2011-09-21 12:13 - 0000732 _____ () D:\Users\PapPawS\AppData\Local\d3d9caps64.dat
2011-03-15 10:24 - 2011-09-21 15:37 - 0010240 _____ () D:\Users\PapPawS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-01 13:16 - 2014-02-01 13:30 - 0000799 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
D:\Users\Public\dcloner.exe
D:\Users\Public\vuex3290.exe
 
 
Some files in TEMP:
====================
D:\Users\Ash\AppData\Local\Temp\ICReinstall_AnyProtectSetup.exe
D:\Users\Ash\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe
D:\Users\Ash\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
D:\Users\Ash\AppData\Local\Temp\nvSCPAPI.dll
D:\Users\Ash\AppData\Local\Temp\nvSCPAPI64.dll
D:\Users\Ash\AppData\Local\Temp\nvStInst.exe
D:\Users\Ash\AppData\Local\Temp\SkypeSetup.exe
D:\Users\Ash\AppData\Local\Temp\_isF9A.exe
D:\Users\PapPawS\AppData\Local\Temp\0_Offer_1.exe
D:\Users\PapPawS\AppData\Local\Temp\Couponscom.exe
D:\Users\PapPawS\AppData\Local\Temp\DefaultPack.exe
D:\Users\PapPawS\AppData\Local\Temp\installChecker.exe
D:\Users\PapPawS\AppData\Local\Temp\java-runtime-environment-jre.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\MSNDF96.exe
D:\Users\PapPawS\AppData\Local\Temp\nvSCPAPI64.dll
D:\Users\PapPawS\AppData\Local\Temp\nvStereoApiI64.dll
D:\Users\PapPawS\AppData\Local\Temp\nvStInst.exe
D:\Users\PapPawS\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-25 10:26
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 25 August 2015 - 01:51 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    ShellIconOverlayIdentifiers: [IconOverlayEx] -> {E1773C0E-364D-4210-B831-72F5A359E88F} => D:\Users\Ash\AppData\Local\IconOverlayEx.dll [2015-06-20] ()
    D:\Users\Ash\AppData\Local\IconOverlayEx.dll 
    Hosts: 
    Task: {4BB36565-C2BD-4F03-B3C5-ECBBF76045E4} - System32\Tasks\{6BDD1CF3-CEFF-4539-AB7E-F66A11BC45E4} => 
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Coupon Alert EPM Support 
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeUpdater
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 PapPawS

PapPawS
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 26 August 2015 - 07:04 PM

Jurgen, thank you very much for your help!

 

Fixlog results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by PapPawS (2015-08-26 12:46:03) Run:1
Running from D:\Users\PapPawS\Desktop
Loaded Profiles: PapPawS (Available Profiles: PapPawS & Ash & Tamara)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [IconOverlayEx] -> {E1773C0E-364D-4210-B831-72F5A359E88F} => D:\Users\Ash\AppData\Local\IconOverlayEx.dll [2015-06-20] ()
D:\Users\Ash\AppData\Local\IconOverlayEx.dll 
Hosts: 
Task: {4BB36565-C2BD-4F03-B3C5-ECBBF76045E4} - System32\Tasks\{6BDD1CF3-CEFF-4539-AB7E-F66A11BC45E4} => 
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Coupon Alert EPM Support 
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeUpdater
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IconOverlayEx" => key removed successfully
"HKCR\CLSID\{E1773C0E-364D-4210-B831-72F5A359E88F}" => key removed successfully
Could not move "D:\Users\Ash\AppData\Local\IconOverlayEx.dll" => Scheduled to move on reboot.
Hosts restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BB36565-C2BD-4F03-B3C5-ECBBF76045E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB36565-C2BD-4F03-B3C5-ECBBF76045E4}" => key removed successfully
C:\Windows\System32\Tasks\{6BDD1CF3-CEFF-4539-AB7E-F66A11BC45E4} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6BDD1CF3-CEFF-4539-AB7E-F66A11BC45E4} => => key not found. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Coupon Alert EPM Support => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeUpdater => key removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-26 12:48:46)<=
 
D:\Users\Ash\AppData\Local\IconOverlayEx.dll => moved successfully
 
==== End of Fixlog 12:48:46 ====
 
ESET scan results:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# end=init
# utc_time=2015-08-26 06:08:09
# local_time=2015-08-26 01:08:09 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 25463
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# end=updated
# utc_time=2015-08-26 06:17:48
# local_time=2015-08-26 01:17:48 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# engine=25463
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-26 08:07:31
# local_time=2015-08-26 03:07:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7933094 134689261 0 0
# scanned=187553
# found=6
# cleaned=0
# scan_time=6583
sh=B473CC6357E45CDB6591F13E9CB5D4426A33FF2B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi"
sh=FE6ACE406341977C56B668966CECBB639F12BCF8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi"
sh=B473CC6357E45CDB6591F13E9CB5D4426A33FF2B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi"
sh=FE6ACE406341977C56B668966CECBB639F12BCF8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi"
sh=24993D0A286D0ED16C638A370A6B331E60280C8E ft=1 fh=c71c0011967b13cb vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI929E.tmp"
sh=24993D0A286D0ED16C638A370A6B331E60280C8E ft=1 fh=c71c0011967b13cb vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIC131.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# end=init
# utc_time=2015-08-26 08:15:37
# local_time=2015-08-26 03:15:37 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25463
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# end=updated
# utc_time=2015-08-26 08:16:02
# local_time=2015-08-26 03:16:02 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1e6ce7c7216da44883b321e654fa3e7d
# engine=25463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-26 11:13:35
# local_time=2015-08-26 06:13:35 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7944258 134700425 0 0
# scanned=245010
# found=17
# cleaned=0
# scan_time=10653
sh=B473CC6357E45CDB6591F13E9CB5D4426A33FF2B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi"
sh=FE6ACE406341977C56B668966CECBB639F12BCF8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi"
sh=B473CC6357E45CDB6591F13E9CB5D4426A33FF2B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi"
sh=FE6ACE406341977C56B668966CECBB639F12BCF8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi"
sh=24993D0A286D0ED16C638A370A6B331E60280C8E ft=1 fh=c71c0011967b13cb vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI929E.tmp"
sh=24993D0A286D0ED16C638A370A6B331E60280C8E ft=1 fh=c71c0011967b13cb vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIC131.tmp"
sh=B473CC6357E45CDB6591F13E9CB5D4426A33FF2B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-155455009-3369571507-3939979054-1000\$RAM647W\All Users\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi"
sh=FE6ACE406341977C56B668966CECBB639F12BCF8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-155455009-3369571507-3939979054-1000\$RAM647W\All Users\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi"
sh=6068F31C492576096366338C671D135F8CE00AEA ft=1 fh=30ad95fd8a6c4399 vn="a variant of Win32/InstallCore.CH potentially unwanted application" ac=I fn="D:\Users\Ash\AppData\Local\Temp\ICReinstall_AnyProtectSetup.exe"
sh=65F1F0D076FEC3A794F84FE5CB355E525054128E ft=1 fh=c3ad2ea4cdaf915e vn="a variant of Win32/InstallCore.YX potentially unwanted application" ac=I fn="D:\Users\Ash\AppData\Local\Temp\is366025459\48A56639_stp\icc.dll"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Users\PapPawS\AppData\Local\Temp\ASK38CD.tmp"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Users\PapPawS\AppData\Local\Temp\ASK97EB.tmp"
sh=1C20E9A54EDB48ED2141A0C6EFDE7D086DC96A0E ft=1 fh=ddce145f42cbc5c9 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Users\PapPawS\AppData\Local\Temp\ASKAE88.tmp"
sh=4E8A8E380D1A77BA431D61FF87CB4F3ABD9C02B4 ft=1 fh=d813df953ad1d4f7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Users\PapPawS\AppData\Local\Temp\ASKB867.tmp"
sh=F5CEC54C9AAC59167BA95EC8077438BE381FBA3D ft=1 fh=6b9d0ee107127394 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\PapPawS\AppData\Local\Temp\installChecker.exe"
sh=4EA86D7E556C665DF6557C8A2EBBA1DD33963A68 ft=1 fh=9ab1ab65444af91a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="D:\Users\Public\PapPawsPCfiles\MyDocuments7_12\New Apps\Codecs\media.player.codec.pack.v4.0.2.setup.exe"
sh=AABEA36F87F0AA5A292B6F4D03CA41C40321A601 ft=1 fh=1f89b180add0bae8 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\Public\PapPawsPCfiles\MyDocuments7_12\QuickFileCvtr\Install-Hd-4-5-0-0.EXE"
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 27 August 2015 - 05:56 AM

Hi there,
this looks very good. No more active malware has been found. :)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?

Edited by deeprybka, 27 August 2015 - 05:57 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 PapPawS

PapPawS
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 27 August 2015 - 04:43 PM

I am confused on what to actually do. Your reply above lists 1 step to complete but the email I received shows 2 steps to complete as shown below:

 

Step 1



Press the + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\ProgramData\VistaCodecs\{64640604-52DB-45BE-8E69-D5DB58375C9C}\Vista Codec Package.msi
    C:\ProgramData\VistaCodecs\{F663628D-E11A-49FC-8940-920CBA1B6F8A}\Vista Codec Package.msi
    C:\Windows\Installer\MSI929E.tmp
    C:\Windows\Installer\MSIC131.tmp
    D:\Users\Public\PapPawsPCfiles\MyDocuments7_12\New Apps\Codecs\media.player.codec.pack.v4.0.2.setup.exe
    D:\Users\Public\PapPawsPCfiles\MyDocuments7_12\QuickFileCvtr\Install-Hd-4-5-0-0.EXE
    RestorePoint:
    EmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 

After the Reboot:

Step 2



Start FRST with administator privileges.

  • Make sure the following option is checked:
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

Please let me know which is correct and I will continue. I checked and the bingvc hijacker is still in place, Internet Explorer is still being sent to this tab instead of the selected home page when I launch it...?  


Edited by PapPawS, 27 August 2015 - 05:45 PM.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 28 August 2015 - 09:57 AM

Please do what I have instructed above. Only the postings here are relevant.

 

In addition to the step 1 above, please perform this step as well:

 

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: sh.PNG
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Shortcut.txt) in the same directory the tool was run from.
    Please copy and paste the content of Shortcut.txt in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 PapPawS

PapPawS
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 28 August 2015 - 10:41 AM

Thank you for your reply, Jurgen. Please see the file copies below:

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015

Ran by PapPawS (administrator) on SCHMDFAMDSKTP1 (28-08-2015 10:25:28)
Running from D:\Users\PapPawS\Desktop
Loaded Profiles: PapPawS (Available Profiles: PapPawS & Ash & Tamara)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [pronto] => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-03-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-03-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {A4D9AF2D-AE28-4430-B200-76313C72786C} URL = 
SearchScopes: HKU\S-1-5-21-155455009-3369571507-3939979054-1006 -> DefaultScope {2C2F891E-E354-49D8-A670-8D57D0365C25} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-155455009-3369571507-3939979054-1006 -> {2C2F891E-E354-49D8-A670-8D57D0365C25} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01] (IBM Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{4ABBB4A3-817A-4048-8BCE-856E9A4B25F4}: [DhcpNameServer] 192.168.0.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [34104 2010-02-22] (APC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1368960 2006-09-29] (Philips Semiconductors GmbH)
S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [17920 2008-01-20] (Microsoft Corporation)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 smwdm; system32\drivers\smwdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-26 15:09 - 2015-08-26 15:09 - 00003080 _____ C:\Windows\System32\Tasks\{6AD1F476-5087-46F0-ABFC-75C2FA9CBCD7}
2015-08-26 13:04 - 2015-08-26 13:04 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-26 13:02 - 2015-08-26 12:57 - 02870984 _____ (ESET) D:\Users\PapPawS\Desktop\esetsmartinstaller_enu.exe
2015-08-25 10:38 - 2015-08-28 10:17 - 00033009 _____ D:\Users\PapPawS\Desktop\Addition.txt
2015-08-25 10:37 - 2015-08-28 10:25 - 00010029 _____ D:\Users\PapPawS\Desktop\FRST.txt
2015-08-25 10:37 - 2015-08-28 10:25 - 00000000 ____D C:\FRST
2015-08-25 10:26 - 2015-08-25 10:11 - 02186752 _____ (Farbar) D:\Users\PapPawS\Desktop\FRST64.exe
2015-08-21 15:52 - 2015-08-21 15:52 - 00000000 ____D D:\Users\Tamara\AppData\Local\NVIDIA
2015-08-21 13:55 - 2015-08-21 13:55 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-21 13:52 - 2015-08-21 13:52 - 00004602 _____ C:\Windows\system32\.crusader
2015-08-21 13:12 - 2015-08-21 13:12 - 00000000 ____D D:\Users\Tamara\AppData\Roaming\HP
2015-08-21 13:12 - 2015-08-21 13:12 - 00000000 ____D D:\Users\Tamara\AppData\Local\Skype
2015-08-21 13:02 - 2015-08-21 13:02 - 00001309 _____ D:\Users\PapPawS\Desktop\JRT.txt
2015-08-21 11:10 - 2015-08-21 11:10 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Intel
2015-08-20 19:11 - 2015-08-20 19:12 - 00001905 _____ C:\Windows\diagwrn.xml
2015-08-20 19:11 - 2015-08-20 19:12 - 00001905 _____ C:\Windows\diagerr.xml
2015-08-20 18:29 - 2015-08-20 18:29 - 00000000 ____D D:\Users\Ash\AppData\Roaming\PCDr
2015-08-20 18:21 - 2015-08-20 18:27 - 00000000 ____D D:\Users\Ash\AppData\Roaming\DELL Drivers Update Utility
2015-08-20 18:18 - 2015-08-20 18:19 - 03401994 _____ D:\Users\Ash\Downloads\dell-drivers-update-utility.zip
2015-08-20 14:35 - 2015-08-20 14:35 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\Dell
2015-08-20 14:34 - 2015-08-20 18:29 - 00000000 ____D C:\Program Files\Dell
2015-08-20 14:32 - 2015-08-20 14:32 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\PCDr
2015-08-20 12:41 - 2015-08-21 13:23 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Deployment
2015-08-20 12:41 - 2015-08-20 12:41 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Apps\2.0
2015-08-20 11:49 - 2015-08-20 11:49 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\HpUpdate
2015-08-19 18:16 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:16 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 18:16 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:16 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 18:16 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-19 18:16 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 18:04 - 2015-08-19 18:04 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Nvidia Corporation
2015-08-19 12:12 - 2015-08-19 18:02 - 00000000 ____D D:\Users\PapPawS\AppData\Local\NVIDIA
2015-08-19 12:12 - 2015-08-19 12:12 - 00000000 ____D D:\Users\PapPawS\AppData\Local\Skype
2015-08-19 03:00 - 2015-08-19 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-08-18 11:21 - 2015-08-18 11:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-18 11:14 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 11:14 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 11:12 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-18 11:12 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-18 11:10 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-18 11:10 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-18 11:08 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-18 11:08 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-18 11:08 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-18 11:07 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-14 03:13 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-14 03:13 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-14 03:13 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-14 03:13 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-14 03:11 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-14 03:11 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-14 03:11 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-14 03:11 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-14 03:11 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-14 03:11 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-14 03:11 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-14 03:11 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-14 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-14 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-14 03:01 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-14 03:01 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-14 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-14 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-14 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-14 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-14 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-14 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-14 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-14 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-14 03:01 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-14 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-14 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-14 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-14 03:01 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-14 03:01 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-14 03:01 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 16:57 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 16:57 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 16:57 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 16:57 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 16:57 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 16:57 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 16:57 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 16:57 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 16:56 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 16:56 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 16:56 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 16:56 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 16:56 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-13 16:56 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 16:56 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-13 16:56 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-13 16:56 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-13 16:56 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 16:56 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 16:56 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 16:56 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 16:56 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 16:56 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-13 16:56 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 16:56 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 16:56 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 16:56 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-13 16:56 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-13 16:56 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-13 16:56 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00872528 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00681552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 10:24 - 2011-02-22 14:44 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{85E2E347-717D-4070-BBA7-DB72588B9070}.job
2015-08-28 10:10 - 2008-01-20 20:53 - 01329440 _____ C:\Windows\WindowsUpdate.log
2015-08-28 10:09 - 2012-01-05 14:28 - 00000000 ____D D:\Users\PapPawS\AppData\Roaming\Skype
2015-08-28 10:06 - 2006-11-02 10:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 10:06 - 2006-11-02 10:21 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 10:06 - 2006-11-02 10:21 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 17:38 - 2006-11-02 10:40 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-27 17:30 - 2012-05-21 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-26 12:47 - 2006-11-02 10:39 - 00329886 _____ C:\Windows\PFRO.log
2015-08-24 11:19 - 2014-07-30 18:12 - 00000000 ____D D:\Users\Ash\AppData\Roaming\Skype
2015-08-21 13:12 - 2012-01-05 15:59 - 00000000 ____D D:\Users\Tamara\AppData\Roaming\Skype
2015-08-21 13:00 - 2011-03-14 16:00 - 00000000 ____D D:\Users\PapPawS
2015-08-20 19:23 - 2011-03-14 16:01 - 00000895 _____ D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 19:12 - 2014-08-27 11:00 - 00001090 _____ C:\Windows\setupact.log
2015-08-20 19:11 - 2014-08-27 11:00 - 00000000 _____ C:\Windows\setuperr.log
2015-08-20 18:55 - 2011-03-15 11:06 - 00000895 _____ D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 17:14 - 2006-11-02 08:33 - 00000000 __RSD C:\Windows\Media
2015-08-20 15:30 - 2011-09-14 14:02 - 00000000 ____D C:\Temp
2015-08-20 12:16 - 2011-02-18 09:25 - 00752894 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-20 12:16 - 2006-11-02 07:46 - 00752894 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 11:37 - 2011-09-13 13:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-18 11:34 - 2011-02-18 10:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-18 11:34 - 2006-11-02 10:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-18 11:19 - 2014-08-28 12:09 - 00000000 ____D D:\Users\Ash\AppData\Local\NVIDIA
2015-08-18 10:51 - 2006-11-02 10:21 - 00299768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 03:11 - 2013-08-16 10:17 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 03:02 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 23:20 - 2012-05-21 16:38 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 23:20 - 2012-05-21 16:38 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 23:20 - 2011-08-22 15:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2012-01-03 12:25 - 2012-03-18 10:50 - 0001356 _____ () D:\Users\PapPawS\AppData\Local\d3d9caps.dat
2011-09-21 12:13 - 2011-09-21 12:13 - 0000732 _____ () D:\Users\PapPawS\AppData\Local\d3d9caps64.dat
2011-03-15 10:24 - 2011-09-21 15:37 - 0010240 _____ () D:\Users\PapPawS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-01 13:16 - 2014-02-01 13:30 - 0000799 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
D:\Users\Public\dcloner.exe
D:\Users\Public\vuex3290.exe
 
 
Some files in TEMP:
====================
D:\Users\Ash\AppData\Local\Temp\ICReinstall_AnyProtectSetup.exe
D:\Users\Ash\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe
D:\Users\Ash\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
D:\Users\Ash\AppData\Local\Temp\nvSCPAPI.dll
D:\Users\Ash\AppData\Local\Temp\nvSCPAPI64.dll
D:\Users\Ash\AppData\Local\Temp\nvStInst.exe
D:\Users\Ash\AppData\Local\Temp\SkypeSetup.exe
D:\Users\Ash\AppData\Local\Temp\_isF9A.exe
D:\Users\PapPawS\AppData\Local\Temp\0_Offer_1.exe
D:\Users\PapPawS\AppData\Local\Temp\Couponscom.exe
D:\Users\PapPawS\AppData\Local\Temp\DefaultPack.exe
D:\Users\PapPawS\AppData\Local\Temp\installChecker.exe
D:\Users\PapPawS\AppData\Local\Temp\java-runtime-environment-jre.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
D:\Users\PapPawS\AppData\Local\Temp\MSNDF96.exe
D:\Users\PapPawS\AppData\Local\Temp\nvSCPAPI64.dll
D:\Users\PapPawS\AppData\Local\Temp\nvStereoApiI64.dll
D:\Users\PapPawS\AppData\Local\Temp\nvStInst.exe
D:\Users\PapPawS\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 10:12
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by PapPawS (2015-08-28 10:12:04)
Running from D:\Users\PapPawS\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-155455009-3369571507-3939979054-500 - Administrator - Disabled)
Ash (S-1-5-21-155455009-3369571507-3939979054-1007 - Administrator - Enabled) => D:\Users\Ash
Guest (S-1-5-21-155455009-3369571507-3939979054-501 - Limited - Enabled)
PapPawS (S-1-5-21-155455009-3369571507-3939979054-1006 - Administrator - Enabled) => D:\Users\PapPawS
Tamara (S-1-5-21-155455009-3369571507-3939979054-1008 - Limited - Enabled) => D:\Users\Tamara
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1600 (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Copy (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DVD-Cloner V9.20 Build 1104 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.20.0.1104 - OpenCloner Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LightScribe Diagnostic Utility (HKLM-x32\...\{3826DBF4-55C3-4F8B-8830-68D41FF7DB93}) (Version: 1.18.21.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LightScribe Template Designs - Straight Text (HKLM-x32\...\{F8AACE23-4E68-4F07-BAC0-D3536584EAC0}) (Version: 1.18.18.3 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM-x32\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB Updater (HKLM-x32\...\{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}) (Version: 5.6.01.03300 - Sony Corporation)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 8.5.2.607 - American Power Conversion)
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Status (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
VueScan (HKLM\...\VueScan) (Version:  - )
VueScan (HKLM-x32\...\VueScan) (Version:  - )
WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
19-08-2015 00:00:04 Scheduled Checkpoint
19-08-2015 03:00:11 Windows Update
19-08-2015 17:32:44 Removed Driver Support.
19-08-2015 17:39:46 Removed Search App by Ask
19-08-2015 18:15:44 Windows Update
20-08-2015 12:10:00 Windows Update
21-08-2015 11:08:48 Intel Driver Update Utility
21-08-2015 11:18:08 Intel Driver Update Utility
21-08-2015 12:58:07 JRT Pre-Junkware Removal
21-08-2015 13:51:07 Checkpoint by HitmanPro
21-08-2015 13:52:14 Checkpoint by HitmanPro
23-08-2015 15:23:21 Windows Update
25-08-2015 11:46:22 Scheduled Checkpoint
26-08-2015 11:58:47 Scheduled Checkpoint
27-08-2015 17:15:52 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-08-26 12:46 - 2015-08-26 12:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {208ABBCD-6424-4FA7-A909-E85387000EDD} - System32\Tasks\{6AD1F476-5087-46F0-ABFC-75C2FA9CBCD7} => pcalua.exe -a D:\Users\PapPawS\Desktop\esetsmartinstaller_enu.exe -d D:\Users\PapPawS\Desktop
Task: {51F328F0-565A-4912-8699-064A16AB593C} - System32\Tasks\{FE7DC7F2-C8B3-4360-BADA-4F581663AF4F} => pcalua.exe -a D:\RestoreNeeds\Dell_P670_Configs\Canoni9900\DriverUpgd\aomvstea23us.exe -d D:\RestoreNeeds\Dell_P670_Configs\Canoni9900\DriverUpgd
Task: {5B1F3F3E-6C3A-47C2-A188-3AB2EEE8D8D4} - System32\Tasks\PC Shutdown => Shutdown
Task: {5DE46EBE-BBA3-42D4-8860-E43E0F5ED703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {B5AD03F5-3266-4347-9642-9A886C6F1D9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{85E2E347-717D-4070-BBA7-DB72588B9070}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-21 12:56 - 2008-05-02 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-03-31 14:14 - 2005-01-05 12:13 - 00024576 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\apcusb.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-08-18 11:34 - 2015-07-23 23:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2006-12-10 22:51 - 2006-12-10 22:51 - 00065536 ____R () C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 22:51 - 2006-12-10 22:51 - 00077824 ____R () C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-155455009-3369571507-3939979054-1006\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-155455009-3369571507-3939979054-1006\Control Panel\Desktop\\Wallpaper -> D:\Users\PapPawS\Pictures\3Cousins2010.jpg
DNS Servers: 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{3920C4E7-2FE8-4867-A096-BD4C50BFD9C5}] => (Allow) LPort=80
FirewallRules: [{BCA9CF89-AE33-481C-B96B-9521D87C4015}] => (Allow) LPort=80
FirewallRules: [{C7AF7C78-8617-435D-96C3-AFD752C09C38}] => (Allow) LPort=80
FirewallRules: [{7B2D7001-88AC-495A-B93C-0E43E6068E74}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{69A39942-52A9-4EAB-8791-AA589F0A2A9C}] => (Allow) LPort=2869
FirewallRules: [{74E255B6-7DAE-4DA0-9805-3785CEC0DA53}] => (Allow) LPort=1900
FirewallRules: [{AF561F3C-6665-424D-80C7-3F170EA0D2DA}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{A11E1C27-88B5-4419-9378-F15D1EB8DC7A}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{FBD330A6-4149-42A3-A671-4B2D6EC18CB6}] => (Allow) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
FirewallRules: [{93C90EBA-608B-4659-B50B-CB75C7D69598}] => (Allow) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
FirewallRules: [{6275AAEE-8053-4C68-8847-C350591DB5FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C39484E-B4EF-46FD-8DC9-535E31BA4BF8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{33728268-E4A7-4EDD-977D-6D6B764C8B97}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E0940EF3-F219-4832-A04B-0A748739254D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB5ECF4F-C0A7-492C-86DA-D458AFE09E42}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BA53C9C8-6681-4503-AEF8-890F97F67E9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F408E839-4CBF-44B2-B38F-4C9B119FD315}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6733B611-8CE8-4A0B-B018-8334FAB6BE6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{168744FC-CB0A-4FD8-B6F0-88D435F14B46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CBBAC94E-AF07-4EE7-98EF-16523CFA5CD3}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{8C93C711-67F0-4424-BDB5-7678E37930E3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LOGIN.HTML> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LOGIN.HTML> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\INDEX.HTML> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\INDEX.HTML> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/28/2015 10:09:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <D:\USERS\PAPPAWS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/28/2015 10:08:23 AM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d278f
 
Error: (08/28/2015 10:08:22 AM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d278f
 
Error: (08/27/2015 05:05:15 PM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d278f
 
Error: (08/27/2015 05:05:14 PM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d278f
 
Error: (08/27/2015 05:03:19 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "SLACKERSATHOME7:1d" could not be registered on the interface with IP address 192.168.0.195.
The computer with the IP address 192.168.0.197 did not allow the name to be claimed by
this computer.
 
Error: (08/26/2015 03:15:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\PapPawS\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/26/2015 03:15:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\PapPawS\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/26/2015 03:15:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\PapPawS\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/26/2015 03:15:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\PapPawS\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/26/2015 03:15:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Users\PapPawS\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-23 15:10:40.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 15:10:40.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 15:10:39.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 15:10:39.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 15:10:38.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 15:10:38.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-21 14:14:17.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-21 13:56:20.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-21 13:17:38.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-21 12:31:17.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon™ CPU 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 12221.24 MB
Available physical RAM: 10011.42 MB
Total Virtual: 24373.53 MB
Available Virtual: 22414.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:65.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Mirrored Data) (Fixed) (Total:465.73 GB) (Free:258.81 GB) NTFS
Drive h: (My Book) (Fixed) (Total:931.48 GB) (Free:663.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: E273E273)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.7 GB) (Disk ID: BDE7C306)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of FRST.txt ============================
 
 
Users shortcut scan result (x64) Version:24-08-2015
Ran by PapPawS (2015-08-28 10:26:16)
Running from D:\Users\PapPawS\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: D:\Users\Ash\Videos\Sample Videos.lnk -> D:\Users\Public\Videos\Sample Videos ()
Shortcut: D:\Users\Ash\Music\Sample Music.lnk -> D:\Users\Public\Music\Sample Music ()
Shortcut: D:\Users\Ash\Links\Documents.lnk -> D:\Users\Ash\Documents ()
Shortcut: D:\Users\Ash\Links\Music.lnk -> D:\Users\Ash\Music ()
Shortcut: D:\Users\Ash\Links\Pictures.lnk -> D:\Users\Ash\Pictures ()
Shortcut: D:\Users\Ash\Links\Public.lnk -> D:\Users\Public ()
Shortcut: D:\Users\Ash\Links\Recently Changed.lnk -> D:\Users\Ash\Searches\Recently Changed.search-ms ()
Shortcut: D:\Users\Ash\Links\Searches.lnk -> D:\Users\Ash\Searches ()
Shortcut: D:\Users\Ash\Documents\OP ORD 1 BOLC II(rewrite) - Shortcut.lnk -> G:\OP ORD 1 BOLC II(rewrite).doc (No File)
Shortcut: D:\Users\Ash\Desktop\HP Photosmart Essential.lnk -> C:\Program Files (x86)\HP\Photosmart Essential\HP_IZE.exe (Hewlett-Packard, Co.)
Shortcut: D:\Users\Ash\Desktop\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company)
Shortcut: D:\Users\Ash\Desktop\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
Shortcut: D:\Users\Ash\Desktop\LightScribe.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company)
Shortcut: D:\Users\Ash\Desktop\Logitech Webcam Software  .lnk -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: D:\Users\Ash\Desktop\Shutterfly Express Uploader.lnk -> C:\Program Files (x86)\Shutterfly\Shutterfly Express Uploader\Shutterfly Express Uploader.exe ()
Shortcut: D:\Users\Ash\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: D:\Users\Ash\Desktop\VueScan.lnk -> C:\VueScan\vuescan.exe (Hamrick Software)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\Videos\Sample Videos.lnk -> D:\Users\Public\Videos\Sample Videos ()
Shortcut: D:\Users\PapPawS\Pictures\Sample Pictures.lnk -> D:\Users\Public\Pictures\Sample Pictures ()
Shortcut: D:\Users\PapPawS\Music\Sample Music.lnk -> D:\Users\Public\Music\Sample Music ()
Shortcut: D:\Users\PapPawS\Links\Documents.lnk -> D:\Users\PapPawS\Documents ()
Shortcut: D:\Users\PapPawS\Links\Music.lnk -> D:\Users\PapPawS\Music ()
Shortcut: D:\Users\PapPawS\Links\Pictures.lnk -> D:\Users\PapPawS\Pictures ()
Shortcut: D:\Users\PapPawS\Links\Public.lnk -> D:\Users\Public ()
Shortcut: D:\Users\PapPawS\Links\Recently Changed.lnk -> D:\Users\PapPawS\Searches\Recently Changed.search-ms ()
Shortcut: D:\Users\PapPawS\Links\Searches.lnk -> D:\Users\PapPawS\Searches ()
Shortcut: D:\Users\PapPawS\Desktop\DVD-Cloner9.lnk -> C:\Program Files (x86)\DVD-Cloner\Dvd-cloner.exe (OPENCOLONER INC.)
Shortcut: D:\Users\PapPawS\Desktop\VueScan.lnk -> C:\VueScan\vuescan.exe (Hamrick Software)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Local\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: D:\Users\PapPawS\AppData\Local\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: D:\Users\Public\PapPawsPCfiles\Pictures7_12\Sample Pictures.lnk -> D:\Users\Public\Pictures\Sample Pictures ()
Shortcut: D:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: D:\Users\Tamara\Videos\Sample Videos.lnk -> D:\Users\Public\Videos\Sample Videos ()
Shortcut: D:\Users\Tamara\Pictures\Sample Pictures.lnk -> D:\Users\Public\Pictures\Sample Pictures ()
Shortcut: D:\Users\Tamara\Music\Sample Music.lnk -> D:\Users\Public\Music\Sample Music ()
Shortcut: D:\Users\Tamara\Links\Documents.lnk -> D:\Users\Tamara\Documents ()
Shortcut: D:\Users\Tamara\Links\Music.lnk -> D:\Users\Tamara\Music ()
Shortcut: D:\Users\Tamara\Links\Pictures.lnk -> D:\Users\Tamara\Pictures ()
Shortcut: D:\Users\Tamara\Links\Public.lnk -> D:\Users\Public ()
Shortcut: D:\Users\Tamara\Links\Recently Changed.lnk -> D:\Users\Tamara\Searches\Recently Changed.search-ms ()
Shortcut: D:\Users\Tamara\Links\Searches.lnk -> D:\Users\Tamara\Searches ()
Shortcut: D:\Users\Tamara\Desktop\VueScan.lnk -> C:\VueScan\vuescan.exe (Hamrick Software)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
 
 
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: D:\Users\Tamara\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
 
 
InternetURL: D:\Users\Ash\Favorites\ADP iPayStatements  Login.url -> hxxps://ipay.adp.com/iPay/login.jsf
InternetURL: D:\Users\Ash\Favorites\Blackboard Learn.url -> hxxps://bb.nsuok.edu/webapps/portal/frameset.jsp?tab_tab_group_id=_2_1&url=%2Fwebapps%2Fblackboard%2Fexecute%2Flauncher%3Ftype%3DCourse%26id%3D_6802_1%26url%3D
InternetURL: D:\Users\Ash\Favorites\Sapling Learning.url -> hxxps://www.saplinglearning.com/
InternetURL: D:\Users\Ash\Favorites\Schmid, Ashley 1LT USARMY (US) - Outlook Web App.url -> hxxps://web-stlm01.mail.mil/owa
InternetURL: D:\Users\Ash\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: D:\Users\Ash\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: D:\Users\Ash\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: D:\Users\Ash\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: D:\Users\Ash\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: D:\Users\Ash\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: D:\Users\Ash\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: D:\Users\Ash\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: D:\Users\Ash\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: D:\Users\Ash\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: D:\Users\Ash\Favorites\Links\abouttabs.url -> about:tabs
InternetURL: D:\Users\Ash\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: D:\Users\Ash\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: D:\Users\Ash\Favorites\Links\Yahoo! Sports Fantasy Football.url -> hxxp://football.fantasysports.yahoo.com/f1/538822/13
InternetURL: D:\Users\Ash\Desktop\HP Printer Diagnostic Tools.url -> hxxp://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e016-1&h_keyword=dg-THD&jumpid=ex_r4155/hho/ipg/ccdoc/trailhead_doc
InternetURL: D:\Users\Ash\Desktop\Ash\1750's\279­ 175­0 and­ 206­2.url -> hxxps://www.us.army.mil/suite/doc/35486100
InternetURL: D:\Users\Ash\Desktop\Ash\1750's\C BOX­ 1 175­0.url -> hxxps://www.us.army.mil/suite/doc/35096533
InternetURL: D:\Users\Ash\Desktop\Ash\1750's\C BOX­ 1 CUS­TOM­S.url -> hxxps://www.us.army.mil/suite/doc/35096722
InternetURL: D:\Users\Ash\Desktop\Ash\1750's\clu­ 175­0 etc­.url -> hxxps://www.us.army.mil/suite/doc/35486101
InternetURL: D:\Users\Ash\Desktop\Ash\1750's\MIN­U08­027­05 SEA­LED­.url -> hxxps://www.us.army.mil/suite/doc/35185702
InternetURL: D:\Users\PapPawS\Favorites\Steve On Java » Live Video Streaming Guide – Part 1  Introduction.url -> hxxp://steveonjava.com/live-video-streaming-guide-part-1-introduction/
InternetURL: D:\Users\PapPawS\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: D:\Users\PapPawS\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: D:\Users\PapPawS\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: D:\Users\PapPawS\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: D:\Users\PapPawS\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: D:\Users\PapPawS\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: D:\Users\PapPawS\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: D:\Users\PapPawS\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: D:\Users\PapPawS\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: D:\Users\PapPawS\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: D:\Users\PapPawS\Favorites\Links\Set Up Windows Live Mail 2011 for Your E-mail Account.url -> hxxp://help.outlook.com/en-us/140/gg316699.aspx
InternetURL: D:\Users\PapPawS\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: D:\Users\PapPawS\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: D:\Users\Tamara\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: D:\Users\Tamara\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: D:\Users\Tamara\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: D:\Users\Tamara\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: D:\Users\Tamara\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: D:\Users\Tamara\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: D:\Users\Tamara\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: D:\Users\Tamara\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: D:\Users\Tamara\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: D:\Users\Tamara\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: D:\Users\Tamara\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: D:\Users\Tamara\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of Shortcut.txt =============================
 
 
After following your 2 steps and pasting the file copies above, I again launched Internet Explorer and the bingvc malware still launches first from a tabbed page in place of the home page (?)


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 28 August 2015 - 11:18 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
    ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
    ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
    ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

 

Java 7 Update 67



Tips

The Internet Explorer is quite vulnerable. I would recommend using Firefox.

I recommend also to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 PapPawS

PapPawS
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 29 August 2015 - 10:24 AM

All steps are completed and it successfully removed the malware. Thank you so much Jurgen! The final log is included below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by PapPawS (2015-08-28 14:51:15) Run:2
Running from D:\Users\PapPawS\Desktop
Loaded Profiles: PapPawS (Available Profiles: PapPawS & Ash & Tamara)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\Ash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
ShortcutWithArgument: D:\Users\PapPawS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://bing.vc/?r=15443&lnk=sct2
*****************
 
D:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
D:\Users\Ash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
D:\Users\PapPawS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
D:\Users\PapPawS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
 
==== End of Fixlog 14:51:15 ====


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 29 August 2015 - 10:42 AM

You are welcome! Take care! :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 29 August 2015 - 10:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users