Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked Computer or Network Computer Crashes


  • This topic is locked This topic is locked
12 replies to this topic

#1 youngwill

youngwill

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 27 November 2015 - 09:29 AM

Im running windows 7 64 bit home edition.

I LITERALLY just reformatted my computer and shut it down last night and saw error saying others are using this comp closing will kick them off... I shutdown and rebooted and it took forever to boot up then crashed within 10 minutes of use.

I just reformatted again and its still running slow... I have not added anything but chrome... I am not sure if my network is hacked as other computers I reforamtted are having the same issue....

Please help

I have posted my FRST Log below and have attached the additional log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by Will (administrator) on WILL-PC (27-11-2015 09:13:02)
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available Profiles: Will)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2009-08-21] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28EC4CE5-99B7-4C8E-93BD-06555D1DD229}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL [2009-08-21] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-26]
CHR Extension: (Google Docs) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26]
CHR Extension: (Google Drive) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Google Sheets) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-21] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS [136752 2009-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS [1461808 2009-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-21] (Symantec Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 09:13 - 2015-11-27 09:13 - 00016756 _____ C:\Users\Will\Downloads\FRST.txt
2015-11-27 09:12 - 2015-11-27 09:13 - 00000000 ____D C:\FRST
2015-11-27 09:12 - 2015-11-27 09:12 - 02348544 _____ (Farbar) C:\Users\Will\Downloads\FRST64.exe
2015-11-27 09:09 - 2015-11-27 09:09 - 00010857 _____ C:\Users\Will\Desktop\hijackthis log.txt
2015-11-27 09:06 - 2015-11-27 09:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Will\Downloads\HijackThis.exe
2015-11-27 09:00 - 2015-11-27 09:00 - 00204314 _____ C:\Windows\ntbtlog.txt
2015-11-26 08:49 - 2015-11-26 08:49 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-26 08:49 - 2015-11-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-26 08:49 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-26 08:48 - 2015-11-27 09:05 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-26 08:48 - 2015-11-27 08:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 08:48 - 2015-11-26 08:48 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-26 08:48 - 2015-11-26 08:48 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-26 08:48 - 2015-11-26 08:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-26 08:47 - 2015-11-26 08:49 - 00000000 ____D C:\Users\Will\AppData\Local\Google
2015-11-26 08:47 - 2015-11-26 08:47 - 00000000 ____D C:\Users\Will\AppData\Local\Deployment
2015-11-26 08:47 - 2015-11-26 08:47 - 00000000 ____D C:\Users\Will\AppData\Local\Apps\2.0
2015-11-26 08:46 - 2015-11-26 08:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\HpUpdate
2015-11-26 08:43 - 2015-11-26 08:43 - 00000000 ____D C:\Users\Will\TCPview
2015-11-26 08:42 - 2015-11-26 08:47 - 00000000 ____D C:\Users\Will\AppData\LocalLow\HPAppData
2015-11-26 08:42 - 2015-11-26 08:42 - 00000000 ____D C:\Users\Will\AppData\Roaming\Macromedia
2015-11-26 08:42 - 2015-11-26 08:42 - 00000000 ____D C:\Users\Will\AppData\Roaming\Adobe
2015-11-26 08:41 - 2015-11-27 09:06 - 00000189 _____ C:\ProgramData\HPWALog.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00003956 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2015-11-26 08:41 - 2015-11-26 08:41 - 00003764 _____ C:\Windows\System32\Tasks\Registration
2015-11-26 08:41 - 2015-11-26 08:41 - 00003290 _____ C:\Windows\System32\Tasks\RMCreator
2015-11-26 08:41 - 2015-11-26 08:41 - 00001443 _____ C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-26 08:41 - 2015-11-26 08:41 - 00001409 _____ C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Roaming\Hewlett-Packard
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Roaming\ATI
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\VirtualStore
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\Hewlett-Packard_Company
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\ATI
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\QSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\DSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\AtStart.txt
2015-11-26 08:40 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\Hewlett-Packard
2015-11-26 08:40 - 2015-11-26 08:40 - 00079864 _____ C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-26 08:40 - 2015-11-26 08:40 - 00000000 ____D C:\Users\Will\AppData\Roaming\hpqlog
2015-11-26 08:36 - 2015-11-26 08:36 - 00000000 ____D C:\Users\Will\AppData\Roaming\HP TCS
2015-11-26 08:36 - 2009-08-21 10:45 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2015-11-26 08:36 - 2009-08-21 10:45 - 00000182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
2015-11-26 08:36 - 2009-08-21 10:11 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
2015-11-26 08:36 - 2009-08-21 10:11 - 00002270 _____ C:\Users\Public\Desktop\eBay.lnk
2015-11-26 08:36 - 2007-04-18 09:23 - 00001562 _____ C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
2015-11-26 08:36 - 2007-04-18 09:23 - 00001562 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days.lnk
2015-11-26 08:35 - 2015-11-26 08:35 - 00000000 __RSH C:\Windows\SysWOW64\Drivers\103C_HP_cNB_G61 Notebook PC_Y5335KV_0U_QCNF9355587_E575209-001_4A_I363F_SQuanta_V42.12_F.03_T090822_WU3-0_L409_M2813_J250_7AMD_8F62_92.00_#151126_N10EC8136;168C002B_(VM355UA#ABA)_XMOBILE_CN10_Z.MRK
2015-11-26 08:35 - 2015-11-26 08:35 - 00000000 __RSH C:\Windows\system32\Drivers\103C_HP_cNB_G61 Notebook PC_Y5335KV_0U_QCNF9355587_E575209-001_4A_I363F_SQuanta_V42.12_F.03_T090822_WU3-0_L409_M2813_J250_7AMD_8F62_92.00_#151126_N10EC8136;168C002B_(VM355UA#ABA)_XMOBILE_CN10_Z.MRK
2015-11-26 08:34 - 2015-11-26 08:43 - 00000000 ____D C:\Users\Will
2015-11-26 08:34 - 2015-11-26 08:34 - 00000020 ___SH C:\Users\Will\ntuser.ini
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\My Documents
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Videos
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Pictures
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Music
2015-11-26 08:34 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Will\AppData\Roaming\Media Center Programs
2015-11-26 08:34 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-26 08:34 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-26 08:34 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-26 08:34 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-26 08:34 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-26 08:34 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-26 08:34 - 2009-08-21 09:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-11-26 02:07 - 2015-11-26 02:07 - 00000000 ____D C:\ProgramData\ATI
2015-11-26 01:48 - 2015-11-26 01:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-11-26 01:48 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-11-26 01:48 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-11-26 01:46 - 2015-11-26 01:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
2015-11-26 01:46 - 2015-11-26 01:46 - 00000000 ____D C:\Program Files (x86)\muvee Technologies
2015-11-26 01:45 - 2015-11-26 01:45 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingbox - Watch Your TV Anywhere.lnk
2015-11-26 01:45 - 2015-11-26 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sling Media
2015-11-26 01:45 - 2015-11-26 01:45 - 00000000 ____D C:\Program Files (x86)\Sling Media
2015-11-26 01:43 - 2015-11-27 09:05 - 00000294 _____ C:\ProgramData\hpqp.ini
2015-11-26 01:43 - 2015-11-26 01:43 - 00001947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
2015-11-26 01:42 - 2015-11-26 01:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-11-26 01:42 - 2009-06-24 01:34 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 01060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 01047552 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00089088 ____N (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2015-11-26 01:40 - 2015-11-26 01:40 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-11-26 01:38 - 2015-11-26 01:38 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-11-26 01:38 - 2015-11-26 01:38 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-11-26 01:38 - 2009-07-21 20:33 - 12158464 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl
2015-11-26 01:38 - 2009-07-21 20:33 - 03593216 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2015-11-26 01:38 - 2009-07-21 20:33 - 00564224 _____ (IDT, Inc.) C:\Windows\system32\idt64mp1.exe
2015-11-26 01:38 - 2009-07-21 20:33 - 00450048 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2015-11-26 01:38 - 2009-06-25 16:59 - 00160768 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2015-11-26 01:38 - 2009-05-21 16:57 - 00436224 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2015-11-26 01:38 - 2009-03-02 15:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2015-11-26 01:38 - 2009-03-02 15:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2015-11-26 01:37 - 2015-11-26 01:38 - 00000000 ____D C:\Program Files\IDT
2015-11-26 01:37 - 2015-11-26 01:37 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-11-26 01:37 - 2009-07-21 20:33 - 01431552 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00604672 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00487936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2015-11-26 01:37 - 2009-07-21 20:33 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll
2015-11-26 01:37 - 2009-07-08 20:49 - 01484800 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-11-26 01:36 - 2015-11-26 01:37 - 00000000 ____D C:\ProgramData\Atheros
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Windows\Options
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files\LSI SoftModem
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files\DIFX
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files (x86)\AMD
2015-11-26 01:36 - 2009-05-23 01:52 - 00215040 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-11-26 01:36 - 2009-03-27 21:12 - 00014848 ____N (LSI Corporation) C:\Windows\SysWOW64\agrsco64.dll
2015-11-26 01:36 - 2009-03-27 21:12 - 00013824 ____N (LSI Corporation) C:\Windows\SysWOW64\agrscoin.dll
2015-11-26 01:36 - 2009-03-27 21:03 - 00061440 ____N (LSI Corporation) C:\Windows\SysWOW64\agrsmdel.exe
2015-11-26 01:36 - 2009-03-09 09:49 - 00036408 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-11-26 01:36 - 2009-03-05 17:54 - 00067584 _____ C:\Windows\system32\RtNicProp64.dll
2015-11-26 01:35 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 01:35 - 2015-11-26 01:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-11-26 01:35 - 2015-11-26 01:35 - 00000000 ____D C:\Program Files\Synaptics
2015-11-26 01:35 - 2009-02-02 21:27 - 07347200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSUSTORicon.dll
2015-11-26 01:34 - 2015-11-26 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-11-26 01:33 - 2015-11-26 01:34 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-26 01:33 - 2015-11-26 01:33 - 00000000 ____D C:\Program Files\ATI
2015-11-26 01:29 - 2015-11-26 01:29 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-26 01:29 - 2015-11-26 01:29 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-26 01:26 - 2009-06-10 15:30 - 00048265 _____ C:\Windows\HomePremium.xml
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 09:12 - 2009-07-13 23:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-27 09:12 - 2009-07-13 23:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-27 09:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-11-27 09:10 - 2009-07-14 00:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-27 09:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-11-27 09:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-26 08:41 - 2009-07-16 18:15 - 00000000 ____D C:\SwSetup
2015-11-26 08:40 - 2009-08-21 08:17 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-26 08:36 - 2009-08-21 10:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-11-26 08:36 - 2009-08-21 08:57 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-11-26 08:36 - 2009-07-16 18:15 - 00000000 ___HD C:\SYSTEM.SAV
2015-11-26 08:36 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-26 08:36 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-11-26 08:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-26 08:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-26 02:15 - 2009-07-25 01:11 - 00000000 ____D C:\Windows\Panther
2015-11-26 02:15 - 2009-07-13 23:45 - 00328184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-26 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-11-26 01:49 - 2009-08-21 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-11-26 01:49 - 2009-08-21 08:19 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-11-26 01:47 - 2009-08-21 11:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2015-11-26 01:47 - 2009-08-21 08:57 - 00000000 ___HD C:\HP
2015-11-26 01:45 - 2009-08-21 10:11 - 00000000 ____D C:\Windows\Downloaded Installations
2015-11-26 01:45 - 2009-08-21 09:30 - 00000000 ____D C:\ProgramData\Temp
2015-11-26 01:45 - 2009-08-21 08:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:43 - 2009-08-21 09:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-26 01:42 - 2009-08-21 10:11 - 00000000 ____D C:\Program Files (x86)\HP
2015-11-26 01:29 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 01:27 - 2009-08-21 08:55 - 00000012 _____ C:\Windows\CSUP.txt
2015-11-26 01:25 - 2009-07-14 00:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-11-26 01:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-11-26 01:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-11-26 01:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\AtStart.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\DSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\QSwitch.txt
2015-11-26 01:43 - 2015-11-27 09:05 - 0000294 _____ () C:\ProgramData\hpqp.ini
2015-11-26 08:41 - 2015-11-27 09:06 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2015-11-26 01:45 - 2015-11-26 01:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 10:00 - 2009-08-21 10:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-11-26 01:44 - 2015-11-26 01:44 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 09:54 - 2009-08-21 09:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-11-26 01:43 - 2015-11-26 01:43 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2015-11-26 01:44 - 2015-11-26 01:44 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 09:53 - 2009-08-21 09:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 09:56 - 2009-08-21 10:00 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2015-11-26 01:45 - 2015-11-26 01:45 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some files in TEMP:
====================
C:\Users\Will\AppData\Local\Temp\HPQSi.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-26 09:32
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 27 November 2015 - 11:50 AM

Hello youngwill and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please carry out these instructions in the order given.

===================================================

Reset the Router

Let’s try to reset the router to its default configuration.

  • this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labelled "reset" located on the back of the router.
  • press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • if you don’t know the router's default password, you can look it up. here
  • you also need to reconfigure any security settings you had in place prior to the reset.
  • you may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Flush the DNS

Now lets flush the DNS on the computer:

  • hold down your Windows key and press R
  • a “run” window will appear
  • type in cmd and press Enter
  • a black window will open
  • please enter the following text into that window and then press Enter:


ipconfig /flushdns

 

Note There is a space after “ipconfig” and before the forward slash.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log plus the Addition.txt log which was also produced with the first run of FRST.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


Edited by satchfan, 27 November 2015 - 12:03 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 youngwill

youngwill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 29 November 2015 - 08:24 PM

I have attached the appropriate logs...

Router was reset, DNS flushed and followed instructions....

 

FYI when I ran the most recent FRST scan it did not produce an addition.txt so I am posting the first one as I think that is what you are asking for.

If I did anything incorrectly please let me know

 

ADW Log:

 

# AdwCleaner v5.022 - Logfile created 29/11/2015 at 20:01:54
# Updated 22/11/2015 by Xplode
# Database : 2015-11-29.2 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : Will - WILL-PC
# Running from : C:\Users\Will\Downloads\adwcleaner_5.022.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Users\Will\AppData\LocalLow\HPAppData
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1485 bytes] ##########
 
 
JRT LOG:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64 
Ran by Will (Administrator) on Sun 11/29/2015 at 20:07:38.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Program Files (x86)\Common Files\homepage protection (Folder) 
 
 
 
Registry: 6 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/29/2015 at 20:10:56.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by Will (administrator) on WILL-PC (29-11-2015 20:13:57)
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available Profiles: Will)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2009-08-21] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28EC4CE5-99B7-4C8E-93BD-06555D1DD229}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
SearchScopes: HKLM -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL [2009-08-21] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-21] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-26]
CHR Extension: (Google Docs) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26]
CHR Extension: (Google Drive) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Google Sheets) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-21] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS [136752 2009-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS [1461808 2009-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-21] (Symantec Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-29 20:13 - 2015-11-29 20:13 - 00000000 ____D C:\Users\Will\Downloads\FRST-OlderVersion
2015-11-29 20:12 - 2015-11-29 20:13 - 00000000 ____D C:\Users\Will\Desktop\Old Logs
2015-11-29 20:10 - 2015-11-29 20:10 - 00001360 _____ C:\Users\Will\Desktop\JRT.txt
2015-11-29 20:06 - 2015-11-29 20:06 - 01599336 _____ (Malwarebytes) C:\Users\Will\Downloads\JRT.exe
2015-11-29 20:04 - 2015-11-29 20:04 - 00001564 _____ C:\Users\Will\Desktop\AdwCleanerWill.txt
2015-11-29 19:57 - 2015-11-29 20:01 - 00000000 ____D C:\AdwCleaner
2015-11-29 19:55 - 2015-11-29 19:55 - 01733632 _____ C:\Users\Will\Downloads\adwcleaner_5.022.exe
2015-11-29 19:47 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-11-29 19:47 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-11-29 19:47 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-11-29 19:47 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-11-27 14:41 - 2015-11-27 14:41 - 00000307 _____ C:\Users\Will\Desktop\Soledad Calls.txt
2015-11-27 09:44 - 2015-11-27 09:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-27 09:44 - 2015-11-27 09:44 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-27 09:43 - 2015-11-27 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-27 09:42 - 2015-11-27 09:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-27 09:42 - 2015-11-27 09:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-27 09:41 - 2015-11-27 09:41 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-11-27 09:19 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-11-27 09:19 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-11-27 09:13 - 2015-11-29 20:13 - 00014449 _____ C:\Users\Will\Downloads\FRST.txt
2015-11-27 09:13 - 2015-11-27 09:14 - 00018431 _____ C:\Users\Will\Downloads\Addition.txt
2015-11-27 09:12 - 2015-11-29 20:13 - 02350080 _____ (Farbar) C:\Users\Will\Downloads\FRST64.exe
2015-11-27 09:12 - 2015-11-29 20:13 - 00000000 ____D C:\FRST
2015-11-27 09:06 - 2015-11-27 09:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Will\Downloads\HijackThis.exe
2015-11-27 09:00 - 2015-11-27 09:00 - 00204314 _____ C:\Windows\ntbtlog.txt
2015-11-27 08:57 - 2015-09-18 11:49 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-27 08:57 - 2015-09-18 11:47 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-27 08:57 - 2015-09-18 11:47 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-27 08:57 - 2015-09-18 11:47 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-27 08:57 - 2015-09-18 11:47 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-27 08:57 - 2015-09-18 11:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-27 08:57 - 2015-09-18 11:41 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-27 08:57 - 2015-05-21 08:12 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-11-27 08:57 - 2015-03-18 22:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 08:57 - 2015-03-18 21:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-27 08:57 - 2015-03-18 21:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-27 08:57 - 2015-01-27 18:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-11-27 08:57 - 2014-09-14 19:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-27 08:57 - 2013-03-19 00:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 08:57 - 2013-03-18 23:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-27 08:57 - 2013-03-18 22:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-26 08:49 - 2015-11-26 08:49 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-26 08:49 - 2015-11-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-26 08:49 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-26 08:48 - 2015-11-29 20:04 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-26 08:48 - 2015-11-29 19:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 08:48 - 2015-11-26 08:48 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-26 08:48 - 2015-11-26 08:48 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-26 08:48 - 2015-11-26 08:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-26 08:47 - 2015-11-26 08:49 - 00000000 ____D C:\Users\Will\AppData\Local\Google
2015-11-26 08:47 - 2015-11-26 08:47 - 00000000 ____D C:\Users\Will\AppData\Local\Deployment
2015-11-26 08:47 - 2015-11-26 08:47 - 00000000 ____D C:\Users\Will\AppData\Local\Apps\2.0
2015-11-26 08:46 - 2015-11-26 08:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\HpUpdate
2015-11-26 08:43 - 2015-11-26 08:43 - 00000000 ____D C:\Users\Will\TCPview
2015-11-26 08:42 - 2015-11-26 08:42 - 00000000 ____D C:\Users\Will\AppData\Roaming\Macromedia
2015-11-26 08:42 - 2015-11-26 08:42 - 00000000 ____D C:\Users\Will\AppData\Roaming\Adobe
2015-11-26 08:41 - 2015-11-29 20:04 - 00000189 _____ C:\ProgramData\HPWALog.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00003956 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2015-11-26 08:41 - 2015-11-26 08:41 - 00003764 _____ C:\Windows\System32\Tasks\Registration
2015-11-26 08:41 - 2015-11-26 08:41 - 00003290 _____ C:\Windows\System32\Tasks\RMCreator
2015-11-26 08:41 - 2015-11-26 08:41 - 00001443 _____ C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-26 08:41 - 2015-11-26 08:41 - 00001409 _____ C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Roaming\Hewlett-Packard
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Roaming\ATI
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\VirtualStore
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\Hewlett-Packard_Company
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\ATI
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\QSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\DSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 00000000 _____ C:\Users\Will\AppData\Local\AtStart.txt
2015-11-26 08:40 - 2015-11-26 08:41 - 00000000 ____D C:\Users\Will\AppData\Local\Hewlett-Packard
2015-11-26 08:40 - 2015-11-26 08:40 - 00079864 _____ C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-26 08:40 - 2015-11-26 08:40 - 00000000 ____D C:\Users\Will\AppData\Roaming\hpqlog
2015-11-26 08:36 - 2015-11-26 08:36 - 00000000 ____D C:\Users\Will\AppData\Roaming\HP TCS
2015-11-26 08:36 - 2009-08-21 10:45 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2015-11-26 08:36 - 2009-08-21 10:45 - 00000182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
2015-11-26 08:36 - 2007-04-18 09:23 - 00001562 _____ C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
2015-11-26 08:36 - 2007-04-18 09:23 - 00001562 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days.lnk
2015-11-26 08:35 - 2015-11-26 08:35 - 00000000 __RSH C:\Windows\SysWOW64\Drivers\103C_HP_cNB_G61 Notebook PC_Y5335KV_0U_QCNF9355587_E575209-001_4A_I363F_SQuanta_V42.12_F.03_T090822_WU3-0_L409_M2813_J250_7AMD_8F62_92.00_#151126_N10EC8136;168C002B_(VM355UA#ABA)_XMOBILE_CN10_Z.MRK
2015-11-26 08:35 - 2015-11-26 08:35 - 00000000 __RSH C:\Windows\system32\Drivers\103C_HP_cNB_G61 Notebook PC_Y5335KV_0U_QCNF9355587_E575209-001_4A_I363F_SQuanta_V42.12_F.03_T090822_WU3-0_L409_M2813_J250_7AMD_8F62_92.00_#151126_N10EC8136;168C002B_(VM355UA#ABA)_XMOBILE_CN10_Z.MRK
2015-11-26 08:34 - 2015-11-26 08:43 - 00000000 ____D C:\Users\Will
2015-11-26 08:34 - 2015-11-26 08:34 - 00000020 ___SH C:\Users\Will\ntuser.ini
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\My Documents
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Videos
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Pictures
2015-11-26 08:34 - 2015-11-26 08:34 - 00000000 _SHDL C:\Users\Will\Documents\My Music
2015-11-26 08:34 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Will\AppData\Roaming\Media Center Programs
2015-11-26 08:34 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-26 08:34 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-26 08:34 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-26 08:34 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-26 08:34 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-26 08:34 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-26 08:34 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-26 08:34 - 2009-08-21 09:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-11-26 02:07 - 2015-11-26 02:07 - 00000000 ____D C:\ProgramData\ATI
2015-11-26 01:48 - 2015-11-26 01:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-11-26 01:48 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-11-26 01:48 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-11-26 01:46 - 2015-11-26 01:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
2015-11-26 01:46 - 2015-11-26 01:46 - 00000000 ____D C:\Program Files (x86)\muvee Technologies
2015-11-26 01:45 - 2015-11-26 01:45 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingbox - Watch Your TV Anywhere.lnk
2015-11-26 01:45 - 2015-11-26 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sling Media
2015-11-26 01:45 - 2015-11-26 01:45 - 00000000 ____D C:\Program Files (x86)\Sling Media
2015-11-26 01:43 - 2015-11-29 20:04 - 00000298 _____ C:\ProgramData\hpqp.ini
2015-11-26 01:43 - 2015-11-26 01:43 - 00001947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
2015-11-26 01:42 - 2015-11-26 01:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-11-26 01:42 - 2009-06-24 01:34 - 01060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 01047552 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00089088 ____N (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2015-11-26 01:42 - 2009-06-24 01:34 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2015-11-26 01:40 - 2015-11-26 01:40 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-11-26 01:38 - 2015-11-26 01:38 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-11-26 01:38 - 2015-11-26 01:38 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-11-26 01:38 - 2009-07-21 20:33 - 12158464 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl
2015-11-26 01:38 - 2009-07-21 20:33 - 03593216 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2015-11-26 01:38 - 2009-07-21 20:33 - 00564224 _____ (IDT, Inc.) C:\Windows\system32\idt64mp1.exe
2015-11-26 01:38 - 2009-07-21 20:33 - 00450048 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2015-11-26 01:38 - 2009-06-25 16:59 - 00160768 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2015-11-26 01:38 - 2009-05-21 16:57 - 00436224 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2015-11-26 01:38 - 2009-03-02 15:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2015-11-26 01:38 - 2009-03-02 15:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2015-11-26 01:37 - 2015-11-26 01:38 - 00000000 ____D C:\Program Files\IDT
2015-11-26 01:37 - 2015-11-26 01:37 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-11-26 01:37 - 2009-07-21 20:33 - 01431552 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00604672 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00487936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2015-11-26 01:37 - 2009-07-21 20:33 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2015-11-26 01:37 - 2009-07-21 20:33 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll
2015-11-26 01:37 - 2009-07-08 20:49 - 01484800 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-11-26 01:36 - 2015-11-26 01:37 - 00000000 ____D C:\ProgramData\Atheros
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Windows\Options
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files\LSI SoftModem
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files\DIFX
2015-11-26 01:36 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files (x86)\AMD
2015-11-26 01:36 - 2009-05-23 01:52 - 00215040 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-11-26 01:36 - 2009-03-27 21:12 - 00014848 ____N (LSI Corporation) C:\Windows\SysWOW64\agrsco64.dll
2015-11-26 01:36 - 2009-03-27 21:12 - 00013824 ____N (LSI Corporation) C:\Windows\SysWOW64\agrscoin.dll
2015-11-26 01:36 - 2009-03-27 21:03 - 00061440 ____N (LSI Corporation) C:\Windows\SysWOW64\agrsmdel.exe
2015-11-26 01:36 - 2009-03-09 09:49 - 00036408 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-11-26 01:36 - 2009-03-05 17:54 - 00067584 _____ C:\Windows\system32\RtNicProp64.dll
2015-11-26 01:35 - 2015-11-26 01:36 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 01:35 - 2015-11-26 01:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-11-26 01:35 - 2015-11-26 01:35 - 00000000 ____D C:\Program Files\Synaptics
2015-11-26 01:35 - 2009-02-02 21:27 - 07347200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSUSTORicon.dll
2015-11-26 01:34 - 2015-11-26 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-11-26 01:33 - 2015-11-26 01:34 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-26 01:33 - 2015-11-26 01:33 - 00000000 ____D C:\Program Files\ATI
2015-11-26 01:29 - 2015-11-26 01:29 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-26 01:29 - 2015-11-26 01:29 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-26 01:26 - 2009-06-10 15:30 - 00048265 _____ C:\Windows\HomePremium.xml
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-11-26 01:25 - 2015-11-26 01:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-29 20:12 - 2009-07-14 00:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 20:12 - 2009-07-13 23:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-29 20:12 - 2009-07-13 23:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-29 20:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-11-29 20:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 19:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-27 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-27 09:45 - 2009-07-13 23:45 - 00327656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-27 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-11-27 09:41 - 2009-08-21 09:08 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2015-11-27 09:41 - 2009-08-21 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-11-27 09:41 - 2009-08-21 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-11-26 08:41 - 2009-07-16 18:15 - 00000000 ____D C:\SwSetup
2015-11-26 08:40 - 2009-08-21 08:17 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-26 08:36 - 2009-08-21 10:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-11-26 08:36 - 2009-08-21 08:57 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-11-26 08:36 - 2009-07-16 18:15 - 00000000 ___HD C:\SYSTEM.SAV
2015-11-26 08:36 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-26 08:36 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-11-26 08:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-26 02:15 - 2009-07-25 01:11 - 00000000 ____D C:\Windows\Panther
2015-11-26 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-11-26 01:49 - 2009-08-21 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-11-26 01:49 - 2009-08-21 08:19 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-11-26 01:47 - 2009-08-21 11:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2015-11-26 01:47 - 2009-08-21 08:57 - 00000000 ___HD C:\HP
2015-11-26 01:45 - 2009-08-21 10:11 - 00000000 ____D C:\Windows\Downloaded Installations
2015-11-26 01:45 - 2009-08-21 09:30 - 00000000 ____D C:\ProgramData\Temp
2015-11-26 01:45 - 2009-08-21 08:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:43 - 2009-08-21 09:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-26 01:42 - 2009-08-21 10:11 - 00000000 ____D C:\Program Files (x86)\HP
2015-11-26 01:29 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 01:27 - 2009-08-21 08:55 - 00000012 _____ C:\Windows\CSUP.txt
2015-11-26 01:25 - 2009-07-14 00:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-11-26 01:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-11-26 01:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-11-26 01:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\AtStart.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\DSwitch.txt
2015-11-26 08:41 - 2015-11-26 08:41 - 0000000 _____ () C:\Users\Will\AppData\Local\QSwitch.txt
2015-11-26 01:43 - 2015-11-29 20:04 - 0000298 _____ () C:\ProgramData\hpqp.ini
2015-11-26 08:41 - 2015-11-29 20:04 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2015-11-26 01:45 - 2015-11-26 01:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 10:00 - 2009-08-21 10:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-11-26 01:44 - 2015-11-26 01:44 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 09:54 - 2009-08-21 09:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-11-26 01:43 - 2015-11-26 01:43 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2015-11-26 01:44 - 2015-11-26 01:44 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 09:53 - 2009-08-21 09:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 09:56 - 2009-08-21 10:00 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2015-11-26 01:45 - 2015-11-26 01:45 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some files in TEMP:
====================
C:\Users\Will\AppData\Local\Temp\HPQSi.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-26 09:32
 
==================== End of FRST.txt ============================
 
 
 
 
Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by Will (2015-11-27 09:13:58)
Running from C:\Users\Will\Downloads
Windows 7 Home Premium (X64) (2015-11-26 13:34:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-734724650-4153314746-2741401117-500 - Administrator - Disabled)
Guest (S-1-5-21-734724650-4153314746-2741401117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-734724650-4153314746-2741401117-1002 - Limited - Enabled)
Will (S-1-5-21-734724650-4153314746-2741401117-1001 - Administrator - Enabled) => C:\Users\Will
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}) (Version: 7.0.40.10061 - muvee Technologies Pte Ltd)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
26-11-2015 08:36:12 First_User_Boot
26-11-2015 08:48:39 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3B8B1890-D214-42C8-964C-4B9E050672F7} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2009-07-23] (CyberLink)
Task: {4DB08056-6BF5-4A00-AA47-A6987128D7EE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {B6EBD9FF-95DF-4EAF-AAFB-A724786022F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {C78C4A45-BD46-41CE-A15B-DF881954C595} - System32\Tasks\Hewlett-Packard\HP Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2009-07-09] (Hewlett-Packard)
Task: {DB98D4E3-66D6-410A-A78F-69A60A320510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {FBC4B02F-4770-4AF2-B0E7-73F41B5635B3} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-08-21 10:00 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-07 14:56 - 2009-07-07 14:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-11-26 01:35 - 2015-11-26 01:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2009-06-17 14:40 - 2009-06-17 14:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 14:40 - 2009-06-17 14:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 14:40 - 2009-06-17 14:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-11-26 08:49 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-26 08:48 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Will\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F01066C1-DDD6-4958-89C3-245CC3D3217F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A03860B8-4F7D-4E00-A7DD-839F00551E22}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{90572630-4067-48F5-B253-EF4122545829}] => (Allow) svchost.exe
FirewallRules: [{DB202359-A155-4D90-9147-5A7ACC7C65AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CEE6B464-D0ED-44EA-8D7A-23C124E0389A}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{7448F017-A71D-4025-931C-EFB6A81ED1B2}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{4F28206A-70E6-4B33-BC44-8E2CE986E91C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{4FB4F484-CD3A-413C-9D28-FD850E1EE0F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/26/2015 09:35:15 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (11/26/2015 08:40:52 AM) (Source: Network not useful.  Exception. HP AdvisorUpdate) (EventID: 0) (User: )
Description: The operation has timed out     at System.Net.HttpWebRequest.GetResponse()
   at TotalCareSetup.Common.InternetDetector.HttpUtility.GetIsNetworkUseful()
 
 
System errors:
=============
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (11/27/2015 09:03:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (11/27/2015 09:03:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/27/2015 09:03:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ M100
Percentage of memory in use: 45%
Total physical RAM: 2812.2 MB
Available physical RAM: 1527.39 MB
Total Virtual: 5622.55 MB
Available Virtual: 4110.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:219.48 GB) (Free:194.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 068F0963)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================


#4 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 30 November 2015 - 09:08 AM

when I ran the most recent FRST scan it did not produce an addition.txt so I am posting the first one

Addition.txt is only automatically produced with the first run so yes, that was the correct one. :)

 

There’s nothing bad that I can see but the tools you ran have cleaned up a few things and this should tidy up a bit more.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
Task: {B6EBD9FF-95DF-4EAF-AAFB-A724786022F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {DB98D4E3-66D6-410A-A78F-69A60A320510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Fixlog.txt
checkup.txt


Can you tell me if there is any change.

Thanks

Satchfan


Edited by satchfan, 30 November 2015 - 09:09 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 youngwill

youngwill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 30 November 2015 - 03:55 PM

Results posted below..

Computer seems to be running a bit better :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by Will (2015-11-30 14:47:51) Run:1
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available Profiles: Will)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {35E9167E-0CF1-4A68-ABF3-7AE495F91469} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> DefaultScope {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-734724650-4153314746-2741401117-1001 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
Task: {B6EBD9FF-95DF-4EAF-AAFB-A724786022F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {DB98D4E3-66D6-410A-A78F-69A60A320510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}" => key removed successfully
HKCR\CLSID\{35E9167E-0CF1-4A68-ABF3-7AE495F91469} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D870C61B-DDD8-4C25-8692-9728BDBCDE59}" => key removed successfully
HKCR\CLSID\{D870C61B-DDD8-4C25-8692-9728BDBCDE59} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D870C61B-DDD8-4C25-8692-9728BDBCDE59}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D870C61B-DDD8-4C25-8692-9728BDBCDE59} => key not found. 
HKU\S-1-5-21-734724650-4153314746-2741401117-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-734724650-4153314746-2741401117-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D870C61B-DDD8-4C25-8692-9728BDBCDE59}" => key removed successfully
HKCR\CLSID\{D870C61B-DDD8-4C25-8692-9728BDBCDE59} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
RSUSBSTOR => service removed successfully
RtsUIR => service removed successfully
USBCCID => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6EBD9FF-95DF-4EAF-AAFB-A724786022F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6EBD9FF-95DF-4EAF-AAFB-A724786022F8}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB98D4E3-66D6-410A-A78F-69A60A320510}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB98D4E3-66D6-410A-A78F-69A60A320510}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Program Files (x86)\Google => moved successfully
EmptyTemp: => 159.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:48:16 ====

 Results of screen317's Security Check version 1.013 --- 11/28/15  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 14  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
Thanks


#6 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 01 December 2015 - 03:33 AM

There are a few issues to deal with according to your Security Check log.

Most importantly, you appear to have conflicting firewall settings which can cause all kinds of problems. Norton Internet Security comes with a firewall and yet it appeared to be “disabled” in an earlier log and Windows firewall “enabled” so we’ll check this.

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:


Internet Services
Windows Firewallsfc
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.

===================================================

Download Malwarebytes-Anti-Malware

Click here

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

FSS.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 youngwill

youngwill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 01 December 2015 - 08:51 AM

Attached are the Logs requested...

FYI my Google Chrome no longer displays the Chrome colored circle logo...just looks like a generic application? This happened after I ran that script... Not a big deal just wondering what happened?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/1/2015
Scan Time: 8:00 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.01.03
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Will
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324689
Time Elapsed: 15 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Farbar Service Scanner Version: 10-06-2014
Ran by Will (administrator) on 01-12-2015 at 07:30:57
Running from "C:\Users\Will\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#8 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 01 December 2015 - 09:50 AM

FYI my Google Chrome no longer displays the Chrome colored circle logo...just looks like a generic application? This happened after I ran that script... Not a big deal just wondering what happened?

 

No idea. I don't use Google Chrome, (I see it causing too many problems in these forums), so don't know which icon you mean. You could always uninstall/reinstall Chrome if it's something you want.

 

Windows firewall is disabled so that's OK.

 

 

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 youngwill

youngwill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 02 December 2015 - 11:17 AM

I appreciate all your assistance... upon scanning with ESET the computer shut down... I mentioned I felt my Network is hacked...

The scans you requested did not complete because of the shutdown and reboot... I have however ran a NEW FRST scan log.

Can you please review and shed some light on what is going on.... 

 

NEW FRST LOG after we completed all that other stuff......

Again I greatly appreciate your assistance!!!!!

 

Could not post log as it was too long, 

I have attached it for your review... Please help... Im getting very frustrated....Every PC on my network seems to be hacked and I thought I was making progress with this one...

 

 

=================

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 02 December 2015 - 12:33 PM

Thanks for the log.

 

I'm sure there is a reason for this as I see no evidence of your computer being "hacked".

 

I am unable to check your log until later but please bear with me - I'm sure we'll find a reason. :)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 03 December 2015 - 07:07 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise this fix will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

When you’ve done the above, please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with the next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Satchfan

 


Edited by satchfan, 03 December 2015 - 07:48 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 07 December 2015 - 03:55 AM

Hi youngwill

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:23 PM

Posted 08 December 2015 - 08:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users