Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP - MY RIG IS RUNNING V E R Y S L O W L Y


  • This topic is locked This topic is locked
3 replies to this topic

#1 Savvyheat

Savvyheat

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 05 October 2015 - 11:36 PM

My Desktop is running but SUPER SLOW --- Like I'm on an old Dial Up Modem --- but I have a Cable modem!!!  This started yesterday morning.  Here's an FRST scan, Addition and Shortcut attached.  What happens is I get into a program like Word, or Internet, then it says "Not Responding" and the circle keeps spinning... then a few minutes later it let's me continue.  I've run numerous Malware programs but they show my Computer is clean.  PLEASE HELP THANKS A LOT!!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by q8200 (administrator) on Q8200-PC (06-10-2015 07:49:34)
Running from C:\Users\q8200\Desktop
Loaded Profiles: q8200 (Available Profiles: q8200)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1125800 2015-09-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-902397581-1260628459-2964491631-1000\...\MountPoints2: G - G:\DriverPackSolution.exe
HKU\S-1-5-21-902397581-1260628459-2964491631-1000\...\MountPoints2: H - H:\SETUP.EXE
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{35FB9550-6024-4A52-B446-12B1A0E92B94}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{419F1B0A-62B8-421C-BE77-B3543E7F56AC}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-902397581-1260628459-2964491631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drudgereport.com/
HKU\S-1-5-21-902397581-1260628459-2964491631-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-902397581-1260628459-2964491631-1000 -> DefaultScope {5E2D5641-09F0-4EE2-ACBC-EC7CA836A4FF} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-902397581-1260628459-2964491631-1000 -> {5E2D5641-09F0-4EE2-ACBC-EC7CA836A4FF} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-15] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
 
FireFox:
========
FF ProfilePath: C:\Users\q8200\AppData\Roaming\Mozilla\Firefox\Profiles\c8kdovoj.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-902397581-1260628459-2964491631-1000: @citrixonline.com/appdetectorplugin -> C:\Users\q8200\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-24] (Citrix Online)
FF Extension: Beyond Australis - C:\Users\q8200\AppData\Roaming\Mozilla\Firefox\Profiles\c8kdovoj.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-07-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-06-24]
FF HKU\S-1-5-21-902397581-1260628459-2964491631-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Docs) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Google Sheets) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - C:\Users\q8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
 
Opera: 
=======
OPR Extension: (FlashBlocker) - C:\Users\q8200\AppData\Roaming\Opera Software\Opera Stable\Extensions\cmlihhkijikdcjkddpgaollmmjmpipib [2015-08-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1042344 2015-09-22] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
S3 VGPU; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 07:49 - 2015-10-06 07:49 - 00014482 _____ C:\Users\q8200\Desktop\FRST.txt
2015-10-06 07:48 - 2015-10-06 07:49 - 00000000 ____D C:\FRST
2015-10-06 07:46 - 2015-10-06 07:47 - 02193920 _____ (Farbar) C:\Users\q8200\Desktop\FRST64.exe
2015-10-05 19:25 - 2015-10-05 19:25 - 00008536 _____ C:\Users\q8200\Downloads\hijackthis.log
2015-10-05 19:23 - 2015-10-05 19:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\q8200\Desktop\HijackThis.exe
2015-10-04 20:39 - 2015-10-04 20:39 - 00018596 _____ C:\winsock.txt
2015-10-04 18:53 - 2015-10-04 18:56 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-04 18:33 - 2015-10-04 18:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-10-03 18:28 - 2015-10-03 18:28 - 00000000 ____D C:\Users\q8200\Documents\Office Depot PC Support Agent
2015-10-03 18:24 - 2015-10-03 18:24 - 00000000 ____D C:\Users\q8200\AppData\Roaming\QuickScan
2015-10-03 18:22 - 2015-10-03 18:22 - 00000000 ____D C:\temp
2015-10-03 18:17 - 2015-10-03 18:18 - 08321712 _____ C:\Users\q8200\Downloads\Office_Depot_PC_SupportAgent.exe
2015-10-03 03:45 - 2015-10-04 23:45 - 00000000 ____D C:\ProgramData\TEMP
2015-10-03 03:45 - 2015-10-03 03:45 - 00000000 ____D C:\ProgramData\Licenses
2015-10-03 03:44 - 2015-10-03 03:44 - 00001109 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2015-10-03 03:44 - 2015-10-03 03:44 - 00000000 ____D C:\Users\q8200\Documents\Simply Super Software
2015-10-03 03:44 - 2015-10-03 03:44 - 00000000 ____D C:\Users\q8200\AppData\Roaming\Simply Super Software
2015-10-03 03:44 - 2015-10-03 03:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2015-10-03 03:44 - 2015-10-03 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-10-03 03:44 - 2015-10-03 03:44 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2015-10-03 01:36 - 2007-08-23 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 06:06 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-02 06:06 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-02 06:06 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-02 06:06 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-02 06:06 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-02 06:06 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-02 06:06 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-02 06:06 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-02 06:06 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-02 06:06 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-02 05:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-02 05:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-02 05:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-02 05:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-02 01:30 - 2015-10-02 01:30 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-02 01:30 - 2015-10-02 01:30 - 00000000 ____D C:\Users\q8200\AppData\Roaming\Sun
2015-10-02 01:30 - 2015-10-02 01:30 - 00000000 ____D C:\Users\q8200\.oracle_jre_usage
2015-10-02 00:59 - 2015-10-02 00:59 - 00003230 _____ C:\Windows\System32\Tasks\{CD8334BA-629C-45B6-9240-2375768C0EBC}
2015-10-02 00:50 - 2015-10-02 00:51 - 00003130 _____ C:\Windows\System32\Tasks\{D7BD0645-3FF8-4E43-B412-ED5B1F0994B7}
2015-10-02 00:46 - 2015-10-02 00:48 - 49695840 _____ (Oracle Corporation) C:\Users\q8200\Downloads\jre-8u60-windows-i586.exe
2015-10-02 00:21 - 2015-10-02 00:21 - 00584288 _____ (Oracle Corporation) C:\Users\q8200\Downloads\jxpiinstall.exe
2015-10-01 19:05 - 2015-10-04 18:31 - 00000000 ____D C:\ProgramData\PCPitstop
2015-10-01 19:05 - 2015-10-04 18:31 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2015-10-01 19:01 - 2015-10-01 19:01 - 05335664 _____ (PC Pitstop LLC ) C:\Users\q8200\Downloads\pcmatic-setup-1067(1).exe
2015-10-01 18:57 - 2015-10-01 18:59 - 05335664 _____ (PC Pitstop LLC ) C:\Users\q8200\Downloads\pcmatic-setup-1067.exe
2015-10-01 17:45 - 2015-10-01 18:03 - 00000000 ____D C:\ProgramData\Avg
2015-10-01 17:45 - 2015-10-01 18:03 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-01 17:41 - 2015-10-01 17:48 - 00000000 ____D C:\Users\q8200\AppData\Local\AvgSetupLog
2015-10-01 17:41 - 2015-10-01 17:41 - 00000000 ____D C:\Users\q8200\AppData\Local\Avg
2015-09-30 14:27 - 2015-09-30 14:35 - 00010733 _____ C:\Users\q8200\Desktop\Revised Toner Spreadsheet from CJ 30 Sep 2015.xlsx
2015-09-29 20:13 - 2015-09-30 14:25 - 00012202 _____ C:\Users\q8200\Desktop\Vendors Toner List 28 Sep 2015 (2).xlsx
2015-09-29 00:39 - 2015-09-29 00:39 - 00330056 _____ C:\Windows\Minidump\092915-15256-01.dmp
2015-09-28 21:08 - 2015-09-28 21:09 - 00009425 _____ C:\Users\q8200\Desktop\Toner List 28 Sep 2015.xlsx
2015-09-22 19:49 - 2015-09-22 19:49 - 00370912 _____ C:\Windows\Minidump\092215-19562-01.dmp
2015-09-21 12:24 - 2015-09-21 12:27 - 00000000 ____D C:\Users\q8200\Desktop\Memory Card 21Sept2016
2015-09-18 16:34 - 2015-09-18 16:35 - 00009574 _____ C:\Users\q8200\Documents\Dave Creighton Toner Spreadsheet 17Sept2015.xlsx
2015-09-18 13:38 - 2015-09-18 13:38 - 00396520 _____ C:\Windows\Minidump\091815-14227-01.dmp
2015-09-15 19:03 - 2015-09-15 19:03 - 00000000 ____D C:\Users\q8200\AppData\Roaming\WinRAR
2015-09-11 07:45 - 2015-09-11 07:45 - 00405496 _____ C:\Windows\Minidump\091115-17284-01.dmp
2015-09-06 23:13 - 2015-09-06 23:13 - 00377760 _____ C:\Windows\Minidump\090615-15334-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 07:44 - 2015-06-24 09:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 07:35 - 2015-08-27 15:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-06 07:34 - 2015-06-24 13:23 - 00000000 ____D C:\Users\q8200\Documents\Outlook Files
2015-10-06 07:23 - 2015-06-24 08:57 - 00435180 _____ C:\Windows\WindowsUpdate.log
2015-10-06 00:58 - 2015-06-26 11:52 - 00000000 ____D C:\Users\q8200\AppData\Roaming\SlimBrowser
2015-10-05 21:58 - 2015-06-24 10:06 - 00000000 ____D C:\Users\q8200\Desktop\CJP Misc Pics
2015-10-05 19:55 - 2015-06-25 15:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 18:11 - 2015-08-28 01:55 - 00000000 ____D C:\Users\q8200\Desktop\Excel Spreadsheets
2015-10-05 08:44 - 2015-06-24 09:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 00:28 - 2009-07-13 21:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 00:28 - 2009-07-13 21:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 23:39 - 2009-07-13 21:51 - 00042883 _____ C:\Windows\setupact.log
2015-10-04 23:36 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 23:35 - 2015-06-24 09:19 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-04 22:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-04 19:14 - 2010-11-20 20:47 - 00017472 _____ C:\Windows\PFRO.log
2015-10-04 18:33 - 2015-06-24 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-04 18:33 - 2015-06-24 09:52 - 00002809 _____ C:\ProgramData\hpzinstall.log
2015-10-04 18:33 - 2015-06-24 09:52 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-04 18:32 - 2015-06-24 19:05 - 00000000 ____D C:\Users\q8200\AppData\Local\Citrix
2015-10-03 03:36 - 2015-06-25 20:16 - 292264080 _____ (NVIDIA Corporation) C:\Users\q8200\Downloads\353.30-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-10-03 03:36 - 2007-08-23 00:27 - 00000000 ____D C:\Users\q8200\AppData\LocalLow\Adblock Plus for IE
2015-10-03 03:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-10-03 03:06 - 2015-06-25 14:47 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-03 00:15 - 2015-06-24 09:07 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 01:30 - 2015-06-24 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-02 01:30 - 2015-06-24 08:54 - 00000000 ____D C:\Users\q8200
2015-10-02 01:14 - 2015-06-24 09:10 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-02 00:04 - 2015-06-24 10:09 - 00000000 ____D C:\Users\q8200\Desktop\MARBROOK
2015-10-01 22:46 - 2015-06-24 10:06 - 00000000 ____D C:\Users\q8200\Desktop\Old Desktop Items
2015-10-01 14:50 - 2015-06-25 20:13 - 00000000 ____D C:\Users\q8200\AppData\Roaming\FedEx
2015-10-01 07:51 - 2015-06-24 09:07 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1435162074
2015-09-29 00:39 - 2015-06-25 21:08 - 348964979 _____ C:\Windows\MEMORY.DMP
2015-09-29 00:39 - 2015-06-25 21:08 - 00000000 ____D C:\Windows\Minidump
2015-09-28 23:30 - 2015-06-24 10:06 - 00000000 ____D C:\Users\q8200\Desktop\EBAY AUCTIONS
2015-09-28 16:53 - 2015-06-24 08:55 - 00000000 ____D C:\Users\q8200\AppData\Local\VirtualStore
2015-09-21 17:35 - 2015-08-27 15:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 17:35 - 2015-06-25 14:47 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-09-21 17:35 - 2015-06-24 10:08 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 17:35 - 2015-06-24 10:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-19 23:37 - 2015-06-24 09:09 - 00000000 ____D C:\Users\q8200\AppData\Local\Google
2015-09-16 08:39 - 2015-06-24 09:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 08:39 - 2015-06-24 09:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-06-24 09:52 - 2015-10-04 18:33 - 0002809 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\q8200\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\q8200\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\q8200\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\q8200\AppData\Local\Temp\mpam-a36c261b.exe
C:\Users\q8200\AppData\Local\Temp\NSISUtils.dll
C:\Users\q8200\AppData\Local\Temp\nvStInst.exe
C:\Users\q8200\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 01:45
 
==================== End of FRST.txt ============================
 
Addiition
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by q8200 (2015-10-06 07:50:14)
Running from C:\Users\q8200\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-06-24 15:54:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-902397581-1260628459-2964491631-500 - Administrator - Disabled)
Guest (S-1-5-21-902397581-1260628459-2964491631-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-902397581-1260628459-2964491631-1002 - Limited - Enabled)
q8200 (S-1-5-21-902397581-1260628459-2964491631-1000 - Administrator - Enabled) => C:\Users\q8200
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
BlackHawk Web Browser (HKLM\...\BlackHawk Web Browser_is1) (Version:  - NETGATE Technologies s.r.o.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FedEx Desktop Customer Tools - 1  (HKU\S-1-5-21-902397581-1260628459-2964491631-1000\...\2ec8858bbf53e241) (Version: 2609.0.0.1 - FedEx)
FedEx Desktop Customer Tools (HKU\S-1-5-21-902397581-1260628459-2964491631-1000\...\2ec9e9d1bf522caa) (Version: 2608.1.0.2 - FedEx)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.120 - FlashPeak Inc.)
FMW 1 (Version: 1.12.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\{2EC1270D-EBD9-335A-B0E4-45B5CB3E9AAC}) (Version: 66.77.16514 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
06-10-2015 02:55:01 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {056DBD1D-B030-4B9D-A98F-621C96CCD8DE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {0D75A1A3-CE48-4191-99C4-3A7461401F85} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {23766295-7CDC-49CD-B42B-090370A169CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {27A7127F-FE8A-4A67-929F-32B72DC577B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {A4272B4A-D611-4EA0-95B8-6BE44AB8C314} - System32\Tasks\{D7BD0645-3FF8-4E43-B412-ED5B1F0994B7} => pcalua.exe -a C:\Users\q8200\Downloads\jxpiinstall.exe -d C:\Users\q8200\Downloads
Task: {AF4B2C4D-D51E-40ED-B5E0-DD941588ACD5} - System32\Tasks\Opera scheduled Autoupdate 1435162074 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {BF2EAA7C-99A2-4BB8-96AF-738E51434C39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {F13E665A-E71E-432C-AA2F-5495A9F0163A} - System32\Tasks\{CD8334BA-629C-45B6-9240-2375768C0EBC} => pcalua.exe -a C:\Users\q8200\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-24 09:19 - 2015-06-16 23:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-24 08:57 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 03:08 - 2010-02-28 03:08 - 01549152 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-06-24 09:19 - 2015-06-17 02:10 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\q8200\Desktop\Caprice 1.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\q8200\Desktop\Caprice 1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-902397581-1260628459-2964491631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\q8200\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8CADCB66-CB44-41A1-95D5-D375FBC01282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CADB6ABC-1BC9-4F6C-9859-F7F7CD22A617}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1445AA38-3AF1-419E-9823-85A183A1AAAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6C5C8168-84CC-47D5-B8B5-548BC9A1A1FD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EA60C8D8-666E-425D-8F6E-35D039158BD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{19BFD060-94E4-4DC2-957C-48CE3D170252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A2610A37-7432-4563-BD81-27B79AA98331}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3512AEDD-53D3-4567-9F83-C5421C91D905}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{000F6DB1-D090-4D9F-A3CF-2E32ECC36AD2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{D8737865-A1EE-4DA8-AF31-77593EEFD16C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{51FB8A84-9C5F-4C83-8850-F21B4435187F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7E1FB6E4-931E-4BCA-885F-8A759A7C0082}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0326F756-5000-4571-BAA4-91E75330B603}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{BF3D3FA2-D65B-4AF3-9702-162582DE01B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D9884764-E689-42AF-A2E6-17D24FDA558C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9CBC60AC-80C0-4BBC-A19A-5DC5455461C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{45F8006C-2E92-416B-A328-888B8E621AF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{D8620C16-7736-4FE8-8BFB-33A0DAAC385E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{08D5C45F-5942-4DCD-BB4A-2A2C6F67AB14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{3D4FA617-9144-44F0-AFE7-63833A70D6F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{57FFD01C-2E4D-4B6C-B03E-13D645FE63F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{A784A231-8FFC-424A-804B-A7DD76D998E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D09E6A69-22C9-45DB-AE7E-55E35ECF7D60}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{064C6846-E7E8-4677-BEE6-A2667BB6FE05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{865E59F3-101E-4E77-8008-D93651CC2250}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{EA0D42FF-0DBB-4DCF-803F-45BEA5678979}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C93EA94C-C7FA-42F1-BC40-EF7197F5CF39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{011CEBB9-BFBA-43DB-9F6C-134B7EB0139F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{58554E9F-0DBF-43CA-BA3A-83CE7C9C20EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4D958CFE-0FA1-4599-89C5-F6AC4CBB7CCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6DC1E67A-9530-475E-8341-1BD7CA57AF1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A9A204B-E2DA-4ACC-8E80-5293872433F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{22A73A4A-7694-4856-A0B1-A3D598D178E8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B3FE2EAF-1ADD-467C-8C7E-883B9D29D736}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{AEBA5349-9140-4CEA-9E5D-1544193C994B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2015 07:46:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 169c
 
Start Time: 01d1004592a8bb50
 
Termination Time: 46
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: dc483582-6c38-11e5-b41f-001bb9dc65bb
 
Error: (10/06/2015 07:34:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.4760.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 109c
 
Start Time: 01d0ff3fa226db7d
 
Termination Time: 0
 
Application Path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
 
Report Id:
 
Error: (10/06/2015 12:58:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SBRender.exe, version: 7.0.120.0, time stamp: 0x557da9bb
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xefc
Faulting application start time: 0xSBRender.exe0
Faulting application path: SBRender.exe1
Faulting module path: SBRender.exe2
Report Id: SBRender.exe3
 
Error: (10/05/2015 06:20:30 AM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).
 
Error: (10/05/2015 06:20:29 AM) (Source: ESENT) (EventID: 471) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: Unable to rollback operation #11205 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -510. All future database updates will be rejected.
 
Error: (10/05/2015 06:20:29 AM) (Source: ESENT) (EventID: 492) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.
 
Error: (10/05/2015 06:20:29 AM) (Source: ESENT) (EventID: 416) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: Unable to write to section 2 while flushing logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -1022 (0xfffffc02).
 
Error: (10/05/2015 06:20:28 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" at offset 548864 (0x0000000000086000) for 135168 (0x00021000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (10/05/2015 06:07:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (488) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 137035776 (0x00000000082b0000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (10/05/2015 01:54:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SBRender.exe version 7.0.120.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d00
 
Start Time: 01d0ff446f565663
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\SlimBrowser\SBRender.exe
 
Report Id: a576aa78-6b3e-11e5-b41f-001bb9dc65bb
 
 
System errors:
=============
Error: (10/06/2015 02:58:42 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk1\DR1, is not ready for access yet.
 
Error: (10/06/2015 02:58:42 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (10/05/2015 11:26:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/05/2015 10:30:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/05/2015 09:43:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/05/2015 08:24:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (10/05/2015 08:24:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (10/05/2015 08:24:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (10/05/2015 08:24:10 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (10/05/2015 08:24:10 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 40%
Total physical RAM: 4095.24 MB
Available physical RAM: 2433.15 MB
Total Virtual: 8188.68 MB
Available Virtual: 6589.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:390.62 GB) (Free:338.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:540.88 GB) (Free:469.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 398DF7AF)
Partition 1: (Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Shortcut
 
 
Users shortcut scan result (x64) Version:04-10-2015
Ran by q8200 (2015-10-06 07:50:43)
Running from C:\Users\q8200\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover\FastScan.lnk -> C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover\Trojan Remover Help.lnk -> C:\Program Files (x86)\Trojan Remover\trjhelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover\Trojan Remover.lnk -> C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe (Simply Super Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover\Uninstall Trojan Remover.lnk -> C:\Program Files (x86)\Trojan Remover\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover\Updater.lnk -> C:\Program Files (x86)\Trojan Remover\trupd.exe (Simply Super Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.exe (PowerISO Computing, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk -> C:\Program Files (x86)\PowerISO\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\aio32.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Product Support Website.lnk -> C:\Program Files (x86)\HP\Digital Imaging\hp photosmart C6100 series\help\HP Product Support Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Readme.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\AIO_CDA_readme\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\HP Smart Web Printing Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\Help\hpsmartprint.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser\FlashPeak SlimBrowser.lnk -> C:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser\SlimBrowser Manual.lnk -> C:\Program Files (x86)\SlimBrowser\sbframe.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser\Uninstall SlimBrowser.lnk -> C:\Program Files (x86)\SlimBrowser\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackHawk Web Browser\BlackHawk Web Browser.lnk -> C:\Program Files\NETGATE\Black Hawk\blackhawk.exe (NETGATE Technologies s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackHawk Web Browser\Uninstall BlackHawk Web Browser.lnk -> C:\Program Files\NETGATE\Black Hawk\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\Users\Public\Desktop\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Trojan Remover.lnk -> C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe (Simply Super Software)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\q8200\Links\Desktop.lnk -> C:\Users\q8200\Desktop ()
Shortcut: C:\Users\q8200\Links\Downloads.lnk -> C:\Users\q8200\Downloads ()
Shortcut: C:\Users\q8200\Desktop\CJ Phone Numbers.lnk -> C:\Users\q8200\Desktop\Old Desktop Items\CJ Phone Numbers.docx ()
Shortcut: C:\Users\q8200\Desktop\FedEx Desktop - Shortcut (2).lnk -> C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe ()
Shortcut: C:\Users\q8200\Desktop\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\q8200\Desktop\psych. forms.lnk -> C:\Users\q8200\Desktop\My Documents\psych. forms ()
Shortcut: C:\Users\q8200\Desktop\PWORDS.lnk -> C:\Users\q8200\Desktop\My Documents\PWORDS.doc ()
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\Desktop - Shortcut.lnk -> G:\Documents and Settings\admin\Desktop (No File)
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\Documents - Shortcut.lnk -> C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\Dropbox.lnk -> C:\Users\q8200\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\intention document - Shortcut.lnk -> C:\Users\2.3GHz Core 2 Quad\Documents\intention document.docx (No File)
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\My Documents - Shortcut.lnk -> G:\Documents and Settings\admin\My Documents (No File)
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\My Music - Shortcut.lnk -> G:\Documents and Settings\admin\My Documents\My Music (No File)
Shortcut: C:\Users\q8200\Desktop\Old Desktop Items\Emily Photos\Emily Pics\Emily 3A - Shortcut.lnk -> J:\DCIM\105_PANA\Emily 3A.jpg (No File)
Shortcut: C:\Users\q8200\Desktop\My Documents\Shortcut to Marbrook Return Address Boxes.lnk -> C:\My Documents\Marbrook Return Address Boxes.doc (No File)
Shortcut: C:\Users\q8200\Desktop\My Documents\Shortcut to My Scans.lnk -> C:\Users\q8200\Documents\My Scans (No File)
Shortcut: C:\Users\q8200\Desktop\My Documents\Shortcut to Northwind.lnk -> C:\MSOffice\Access\Samples\Northwind.mdb (No File)
Shortcut: C:\Users\q8200\Desktop\My Documents\My Music\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (No File)
Shortcut: C:\Users\q8200\Desktop\MARBROOK\Marbrook - Shortcut.lnk -> C:\Users\q8200\Desktop\MARBROOK ()
Shortcut: C:\Users\q8200\Desktop\Excel Spreadsheets\All Vendors List 20_08_15.lnk -> C:\Users\q8200\Documents\All Vendors List 20_08_15.xls ()
Shortcut: C:\Users\q8200\Desktop\Excel Spreadsheets\Final Shipment cj marbrook, mod 1.5 back to cj marbrook.lnk -> C:\Users\q8200\Desktop\Final Shipment cj marbrook, mod 1.5 back to cj marbrook.xls (No File)
Shortcut: C:\Users\q8200\Desktop\CJP Misc Pics\Computer Fix Issues.lnk -> E:\_A back up temp\desktop\Al Yahoo - Computer Issues.docx ()
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk -> C:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BlackHawk Web Browser.lnk -> C:\Program Files\NETGATE\Black Hawk\blackhawk.exe (NETGATE Technologies s.r.o.)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FlashPeak SlimBrowser.lnk -> C:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FedEx Desktop - Shortcut (2).lnk -> C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe ()
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe () ->  /design 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Add A Device.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{17016DA1-F040-4032-BD36-34DD317BC9D5}\hpzstub.exe (Hewlett-Packard) -> -addadevice -connectiontypes usb,wired,wireless
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Product Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP Photosmart C6100 series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C6100 series\Uninstall.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{17016DA1-F040-4032-BD36-34DD317BC9D5}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hposcr18.dat -onestop
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\Uninstall HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\HP\Digital Imaging\photosmartessential\hpzscr01.exe (Hewlett-Packard) -> -datfile hpqbud13.dat
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\q8200\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\q8200\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser\SlimBrowser Homepage.url -> hxxp://www.slimbrowser.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackHawk Web Browser\BlackHawk Web Browser on the Web.url -> hxxp://www.netgate.sk/blackhawk/
InternetURL: C:\Users\q8200\Favorites\Genuine Xerox 8560 cartidges.url -> hxxps://dallas.craigslist.org/dal/sys/5091757797.html
InternetURL: C:\Users\q8200\Favorites\Italian Mature Filled Pussy - 2216634 - DrTuber.com.url -> hxxp://www.drtuber.com/video/2216634/italian-mature-filled-pussy
InternetURL: C:\Users\q8200\Favorites\Make Google my default search engine - Search Help.url -> hxxps://support.google.com/websearch/answer/464?hl=en
InternetURL: C:\Users\q8200\Favorites\Xerox Solid Ink 8560 model.url -> hxxps://asheville.craigslist.org/sys/5092576672.html
InternetURL: C:\Users\q8200\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\q8200\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\q8200\Favorites\Links\eBay - Discount shopping.url -> hxxp://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=1&pub=5574949420&toolid=10001&campid=5336783799&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg&sbSource=linksbar
InternetURL: C:\Users\q8200\Favorites\Links\Shop at Amazon.url -> hxxp://www.amazon.com/?_encoding=UTF8&camp=1789&creative=9325&linkCode=ur2&tag=flashpcom-20&sbSource=linksbar
InternetURL: C:\Users\q8200\Favorites\Links\SlimBrowser Homepage.url -> hxxp://www.slimbrowser.net/?sbSource=sblinksbar
InternetURL: C:\Users\q8200\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\q8200\Favorites\Links\Web Search.url -> hxxp://search.slimbrowser.org/?sbSource=sblinksbar
InternetURL: C:\Users\q8200\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\q8200\Desktop\Accounts - AT&T Universal.URL -> hxxps://online.citibank.com/US/JPS/portal/Home.do?JFP_TOKEN=RRP4W490
InternetURL: C:\Users\q8200\Desktop\advanta.URL -> hxxps://advantabankcorp.com/LogonRegister/Logon
InternetURL: C:\Users\q8200\Desktop\Free Invoice Generator by Invoiced.URL -> hxxps://invoice-generator.com/#/
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\camft (2).URL -> hxxp://www.camft.org/COS/Default.aspx
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\camft.URL -> hxxp://www.camft.org/COS/Default.aspx
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Create Invoice - Business Invoice Template Template.URL -> hxxp://create.onlineinvoices.com/invoices-generator/create/3
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Free Animated Holidays Gifs, 3D Holiday Animations and Animated Holidays Clipart For MySpace - Copy.URL -> hxxp://www.amazing-animations.com/animated-holidays.php
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Free Animated Holidays Gifs, 3D Holiday Animations and Animated Holidays Clipart For MySpace.URL -> hxxp://www.amazing-animations.com/animated-holidays.php
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Free Invoice Generator Commercial Invoice Template.URL -> hxxps://invoiceatonce.com/
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\New Invoice - Marbrook - Online invoices.URL -> hxxp://marbrook.onlineinvoices.com/owner/invoices/add
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\View Ads - CAMFT.org.URL -> hxxps://www.camft.org/COS/Members_Only/Job_Board/Employment/COS/ClassifiedAds/ViewAds_CAMFT.aspx?category=Employment&hkey=5c5293be-0954-4ddf-a5ab-bfaf5c669025
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\gifs\Animated gifs happy birthday, cake, balloons, clowns.URL -> hxxp://caccioppoli.com/Animated%20gifs%20happy%20birthday,%20cake,%20balloons,%20clowns.html
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\Account Information - AT&T Universal.URL -> hxxps://online.citibank.com/US/CBOL/ain/accdetact/flow.action?instanceID=062a796b-84c7-4876-ac91-3b83aea846f8
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\California Lottery.URL -> hxxp://www.calottery.com/
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\Invite Tennis Players Accept Tennis Invitations Tennis Round.URL -> hxxp://www.tennisround.com/message/list
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\Message List - ca.rr.com - Copy - Copy.URL -> hxxp://webmail.roadrunner.com/do/mail/folder/view
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\Ryokan Blog — #1 Online Psychology School in Los Angeles & California.URL -> hxxp://www.ryokan.edu/blog/
InternetURL: C:\Users\q8200\Desktop\Old Desktop Items\Emily Desktop\W9.pdf.URL -> hxxps://www.freepdfconvert.com/result/downloadfile/6f3f80d8-20c5-452a-960f-ec372ebc6431
 
==================== End of Shortcut.txt =============================

Edited by Savvyheat, 06 October 2015 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 08 October 2015 - 04:33 AM

:welcome:

Hello Savvyheat,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 11 October 2015 - 09:37 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 13 October 2015 - 05:02 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users