Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep Getting Infected with Win32/bundled.Toolbar.Google.D


  • This topic is locked This topic is locked
29 replies to this topic

#1 justmeandmycomputer

justmeandmycomputer

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 23 December 2015 - 09:09 PM

I am student in school and need my computer on a daily basis. Well I was taking a test and the computer was freezing and doing crazy things. I decided to finish the test but I ran a scan with ESET free scan and it found two instances of Win32/bundled.Toolbar,Google.D  Can you please help me to see if this is still on my computer. I believe that affected my computer with passwords because I tried logging in with password and sometimes it tells me its wrong. I am finish with school until January 2016 so I will have time to work with this forum instructions. Thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 AM

Posted 25 December 2015 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 26 December 2015 - 09:33 PM

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 17:08:44
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows Vista ™ Home Premium  (x86)
# Username : 2015 Graduate - 2015GRADUATE-PC
# Running from : C:\Users\2015 Graduate\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{579BF8FB-CA34-4CDE-8079-47A8616041DA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{579BF8FB-CA34-4CDE-8079-47A8616041DA}

***** [ Web browsers ] *****

[-] [C:\Users\Calling All Students\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Calling All Students\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2917 bytes] ##########
 



#4 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 26 December 2015 - 09:35 PM

I am not able to run Malware bytes for some reason. I also noticed that when I started my computer it had already been restored but I did not restore anything. Something weird is definitely going on here. I will try to run the other reports. I am having trouble with logging in to your website. I can put my username and password then all of a sudden my password is highlighted but I am not the one that is doing the highlighting,



#5 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 26 December 2015 - 09:50 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-12-2015
Ran by 2015 Graduate (administrator) on 2015GRADUATE-PC (26-12-2015 18:43:45)
Running from C:\Users\2015 Graduate\Downloads
Loaded Profiles: 2015 Graduate (Available Profiles: 2015 Graduate & Calling All Students)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe
(Farbar) C:\Users\2015 Graduate\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSConfig] => C:\Windows\System32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.157.15
Tcpip\..\Interfaces\{93CDAA87-4D2A-4542-B734-BF9F283E1DD1}: [DhcpNameServer] 192.168.0.1 68.94.157.15

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-855041227-4292773430-1796702778-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
SearchScopes: HKLM -> DefaultScope {66C28D5A-94B2-4BB8-95F6-0A27B547FBFC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {37A4F48B-CEE3-407A-94AA-01B851CD11FC} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HQDUS7
SearchScopes: HKLM -> {66C28D5A-94B2-4BB8-95F6-0A27B547FBFC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-855041227-4292773430-1796702778-1000 -> DefaultScope {66C28D5A-94B2-4BB8-95F6-0A27B547FBFC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-855041227-4292773430-1796702778-1000 -> {37A4F48B-CEE3-407A-94AA-01B851CD11FC} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HQDUS7
SearchScopes: HKU\S-1-5-21-855041227-4292773430-1796702778-1000 -> {66C28D5A-94B2-4BB8-95F6-0A27B547FBFC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11] (Symantec Corporation)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11] (Symantec Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\2015 Graduate\AppData\Roaming\Mozilla\Firefox\Profiles\7pjjl38o.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2015-10-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2015-10-03] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-10-31] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49248 2007-01-12] (Symantec Corporation)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80504 2007-01-13] (Symantec Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2015-10-03] (Symantec Corporation)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-01-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 eapihdrv; C:\Users\2015 Graduate\AppData\Local\Temp\ehdrv.sys [135760 2015-12-26] (ESET)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-09] (Symantec Corporation)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-27] (Symantec Corporation)
R3 Linksys_adapter; C:\Windows\System32\DRIVERS\AE2500vista.sys [1073216 2011-03-30] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-26] (Malwarebytes)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2015-10-03] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [191544 2007-01-09] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys F032A2F91287A0B800891C7BEF9CA7A8
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Users\2015 Graduate\AppData\Local\Temp\ehdrv.sys 560EDC0912BDB68290930E2542823A24
C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08035DB1987412CCED1D4201263776ED
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DP.sys 88749FBF8BEB18C90E7D6626C8C1910B
C:\Windows\System32\DRIVERS\HSXHWBS2.sys FE440536BD98AF772130DC3A6FE1915F
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys 67070D3859BDE8EF7DBC995EBD49227E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 4A705BF2A6F7972F2F2AD8A0D8079F95
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AE2500vista.sys BA8494FE6EE119AAD2505A57058B282E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 40C7F4B63337414F967AC53E0520B06B
C:\Windows\system32\drivers\MBAMSwissArmy.sys 5023F594D5448E16F920157174C61358
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys EC839BA91E45CCE6EADAFC418FFF8206
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 7584F1794B23B83D63CC124A8C56D103
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys 874C12E3AD1431CABC854697D302C563
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm60x32.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys D5EDB88C13863473B2314AA14364B140
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\System32\drivers\nvstor32.sys 019054D997F65358DCA63ECAE5103F97
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys C04DEC5ACE67C5247B150C4223970BB7
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys B74EDF14453C9987E99E66535047EBEE
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys 68B0019FEE429EC49D29017AF937E482
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys 7A95B5DEB594616F1693486B8161411E
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\Drivers\SYMEVENT.SYS 403BD24FA5C55FC648ABDD039629A954
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 9D554E3509868322FABD3C9933E3CCC2
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys AD99BF6BEE66686D68721FFCC6E08CBE
C:\Windows\System32\DRIVERS\usbhub.sys 275DBB5A31281FEAF565378526319D5A
C:\Windows\System32\DRIVERS\usbohci.sys 725BFBE6FF8D60E8618F53CE9C3EC8D5
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



LastRegBack: 2015-12-26 17:46

==================== End of FRST.txt ============================

 

Attached Files



#6 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 26 December 2015 - 09:52 PM

When I try and bring my computer up their is a loud noise coming from my computer and it did not start this until after I found the win32/bundled.toolbar.google.d.,then after signing on still not able to post here correctly. I can only use the quote button.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 AM

Posted 27 December 2015 - 10:20 AM

When I try and bring my computer up their is a loud noise coming from my computer


I do not think that the noise is associated with the removal of some malware.

If the noise is more like beeps then you may have some hardware problems.

If Beeps are the signal you get then check the pattern against this page.
http://www.computerhope.com/beep.htm

Let me know what you found.
===

still not able to post here correctly. I can only use the quote button


Do you see the Reply to this Topic BOX?

If you click in the box can you paste your logs.

If not then remove the Cookies associated with this site.

p.s.
Is the situation normal if you use an other browser?

#8 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 31 December 2015 - 01:12 AM

Sorry for the delay but I have to work in safe mode with networking. When I start my computer up it is not a beeping noise but a clicking noise. It clicks then pause, clicks then pause. When I try to go to the web in regular mode everything is stalled while the machine is clicking. Let me be sure it is not beeping but a clicking noise.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 AM

Posted 31 December 2015 - 08:52 AM

Lets repair these services.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    07 - Repair Internet Explorer
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    18 - Repair CD/DVD Missing/Not Working
    19 - Repair Volume Shadow Copy Service
    20 - Repair Windows Sidebar/Gadgets
    21 - Repair MSI (Windows Installer)
    22 - Repair Windows Snipping tool
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#10 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 January 2016 - 09:16 PM

Sorry but I am not able to open this program. I have tried and tried but the clicking noise starts and it stalls the mouse and I am not able to do anything. I have tried do this in safe mode but it want open in safe mode. The clicking noise starts and once again stalls the mouse and even the program. Any suggestions



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 AM

Posted 04 January 2016 - 10:36 AM

I suspect that you have some hardware problems

Check this out.
http://burgessforensics.com/checklist_hard_disk_noise.php

If you need help on the hardware issue I suggest you start a new topic in this forum.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Someone with hardware experience may be able to help you.
This is not my forte.


I can suggest you try this but use it at your own risk.
You may have to reinstall some application and update some Microsoft Security updates.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.
http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7

#12 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 12 January 2016 - 06:11 PM

I had to restore my system using the disk and I hope this works. Can you please give me some legit programs to run on my system so this want happen again? I will try and download the last program you ask me to and give you the results. Thanks



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 AM

Posted 13 January 2016 - 09:23 AM

Now that you have restored the computer lets see what we you are working with.

Please refer to post no. 2.

Download and run the Farbar Recover Scan tool.

Post the FRST and the Addition.txt file for my review.

#14 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 14 January 2016 - 04:32 PM

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by College Graduate 2 (administrator) on COLLEGEGRADU-PC (14-01-2016 13:23:24)
Running from C:\Users\College Graduate 2\Downloads
Loaded Profiles: College Graduate 2 (Available Profiles: College Graduate 2)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1004136 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKU\S-1-5-21-1897395172-3675367904-2178357570-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1773568 2007-03-12] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.157.15
Tcpip\..\Interfaces\{FE3F9A98-58F8-4F38-93CF-CBB461126D60}: [DhcpNameServer] 192.168.0.1 68.94.157.15

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1897395172-3675367904-2178357570-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
SearchScopes: HKLM -> DefaultScope {B87383B3-0EC7-4680-8B2B-C09921AA157B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {63984D22-31CA-4D8D-B7C6-C64425387B37} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HQDUS7
SearchScopes: HKLM -> {B87383B3-0EC7-4680-8B2B-C09921AA157B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-1897395172-3675367904-2178357570-1000 -> DefaultScope {B87383B3-0EC7-4680-8B2B-C09921AA157B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-1897395172-3675367904-2178357570-1000 -> {63984D22-31CA-4D8D-B7C6-C64425387B37} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HQDUS7
SearchScopes: HKU\S-1-5-21-1897395172-3675367904-2178357570-1000 -> {B87383B3-0EC7-4680-8B2B-C09921AA157B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\College Graduate 2\AppData\Roaming\Mozilla\Firefox\Profiles\joh3ilew.default
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2016-01-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2016-01-10] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [263272 2006-11-02] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Linksys_adapter; C:\Windows\System32\DRIVERS\AE2500vista.sys [1073216 2011-03-30] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 13:23 - 2016-01-14 13:24 - 00007747 _____ C:\Users\College Graduate 2\Downloads\FRST.txt
2016-01-14 13:23 - 2016-01-14 13:23 - 00000000 ____D C:\FRST
2016-01-14 13:22 - 2016-01-14 13:22 - 01721856 _____ (Farbar) C:\Users\College Graduate 2\Downloads\FRST.exe
2016-01-12 17:08 - 2016-01-12 17:08 - 00000864 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 17:08 - 2016-01-12 17:08 - 00000852 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 17:08 - 2016-01-12 17:08 - 00000000 ____D C:\Users\College Graduate 2\AppData\Roaming\Mozilla
2016-01-12 17:08 - 2016-01-12 17:08 - 00000000 ____D C:\Users\College Graduate 2\AppData\Local\Mozilla
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-12 17:00 - 2016-01-12 17:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AE2500vista_01005.Wdf
2016-01-12 17:00 - 2011-03-30 19:54 - 01073216 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\AE2500vista.sys
2016-01-12 17:00 - 2011-03-30 19:54 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2016-01-12 17:00 - 2011-03-30 19:51 - 03874816 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2016-01-12 17:00 - 2011-03-30 19:51 - 03563520 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2016-01-12 17:00 - 2006-11-02 06:09 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll
2016-01-12 16:56 - 2016-01-12 16:56 - 00001840 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#160113_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2016-01-12 16:56 - 2016-01-12 16:56 - 00001063 _____ C:\scan.txt
2016-01-12 16:44 - 2016-01-12 16:44 - 00000000 ____D C:\Users\College Graduate 2\AppData\Roaming\Snapfish
2016-01-12 16:44 - 2016-01-12 16:44 - 00000000 ____D C:\Users\College Graduate 2\AppData\Local\Hewlett-Packard
2016-01-12 16:43 - 2016-01-12 16:43 - 00092472 _____ C:\Users\College Graduate 2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-12 16:43 - 2016-01-12 16:43 - 00000955 _____ C:\Users\College Graduate 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-12 16:43 - 2016-01-12 16:43 - 00000950 _____ C:\Users\College Graduate 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-12 16:43 - 2016-01-12 16:43 - 00000921 _____ C:\Users\College Graduate 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-01-12 16:43 - 2016-01-12 16:43 - 00000000 ____D C:\Users\College Graduate 2\AppData\Local\VirtualStore
2016-01-12 16:42 - 2016-01-12 16:42 - 00001847 _____ C:\Users\Public\Desktop\Easy Internet Services.lnk
2016-01-12 16:42 - 2016-01-12 16:42 - 00001656 _____ C:\Users\Public\Desktop\Walmart.com Digital Photo Center.lnk
2016-01-12 16:42 - 2016-01-12 16:42 - 00000044 _____ C:\Windows\system\hpsysdrv.dat
2016-01-12 16:42 - 2016-01-12 16:42 - 00000000 ____D C:\Users\College Graduate 2\AppData\Roaming\Macromedia
2016-01-12 16:42 - 2016-01-10 14:20 - 00002027 _____ C:\Users\Public\Desktop\Try  AOL Today.lnk
2016-01-12 16:42 - 2016-01-10 14:20 - 00001875 _____ C:\Users\Public\Desktop\High-Speed Services.lnk
2016-01-12 16:42 - 2016-01-10 14:19 - 00002021 _____ C:\Users\Public\Desktop\Vonage.lnk
2016-01-12 16:42 - 2016-01-10 14:18 - 00001993 _____ C:\Users\Public\Desktop\MSN.lnk
2016-01-12 16:39 - 2016-01-12 16:44 - 00000000 ____D C:\Users\College Graduate 2\AppData\Roaming\Hewlett-Packard
2016-01-12 16:37 - 2016-01-12 17:00 - 00000000 ____D C:\Users\College Graduate 2
2016-01-12 16:37 - 2016-01-12 16:37 - 00000020 ___SH C:\Users\College Graduate 2\ntuser.ini
2016-01-12 16:37 - 2016-01-12 16:37 - 00000000 _SHDL C:\Users\College Graduate 2\My Documents
2016-01-12 16:37 - 2016-01-12 16:37 - 00000000 _SHDL C:\Users\College Graduate 2\Documents\My Videos
2016-01-12 16:37 - 2016-01-12 16:37 - 00000000 _SHDL C:\Users\College Graduate 2\Documents\My Pictures
2016-01-12 16:37 - 2016-01-12 16:37 - 00000000 _SHDL C:\Users\College Graduate 2\Documents\My Music
2016-01-12 16:37 - 2006-11-02 04:37 - 00000000 ____D C:\Users\College Graduate 2\AppData\Roaming\Media Center Programs
2016-01-12 15:58 - 2015-12-02 13:25 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-01-12 15:38 - 2016-01-12 15:40 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 15:38 - 2016-01-12 15:38 - 00000905 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-12 15:38 - 2016-01-12 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-12 15:38 - 2016-01-12 15:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-12 15:38 - 2016-01-12 15:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-12 15:38 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-12 15:38 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-12 15:38 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-12 15:36 - 2016-01-12 15:37 - 22908888 _____ (Malwarebytes ) C:\Users\College Graduate 2\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-12 15:27 - 2016-01-12 15:27 - 00000000 ____D C:\5c54d648c3166f577dbc4049a6
2016-01-12 15:25 - 2016-01-12 15:28 - 00000000 ____D C:\AdwCleaner
2016-01-10 14:31 - 2016-01-12 16:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-10 14:31 - 2016-01-10 14:07 - 00001043 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2016-01-10 14:31 - 2006-11-02 04:55 - 00001630 _____ C:\Users\Public\Desktop\Windows Media Center.lnk
2016-01-10 14:28 - 2016-01-14 13:18 - 00000000 ____D C:\Windows\SMINST
2016-01-10 14:21 - 2016-01-12 16:55 - 00000000 ____D C:\ProgramData\Symantec
2016-01-10 14:21 - 2016-01-12 16:50 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-10 14:21 - 2007-01-05 06:04 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\capicom.dll
2016-01-10 14:20 - 2016-01-12 16:52 - 00000000 ____D C:\Program Files\Yahoo!
2016-01-10 14:18 - 2016-01-12 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-01-10 14:18 - 2016-01-10 14:20 - 00000000 ____D C:\Program Files\Online Services
2016-01-10 14:18 - 2016-01-10 14:18 - 00002021 _____ C:\Users\Public\Desktop\HP Total Care Advisor.lnk
2016-01-10 14:18 - 2016-01-10 14:18 - 00001975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Total Care Advisor.lnk
2016-01-10 14:18 - 2016-01-10 14:18 - 00000000 ____D C:\Program Files\earthlink totalaccess
2016-01-10 14:18 - 2006-11-02 05:04 - 00000955 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2016-01-10 14:16 - 2016-01-10 14:16 - 00000000 ____D C:\ProgramData\PC-Doctor
2016-01-10 14:16 - 2016-01-10 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2016-01-10 14:15 - 2016-01-10 14:31 - 00000000 ____D C:\Program Files\PC-Doctor 5 for Windows
2016-01-10 14:15 - 2006-09-11 12:54 - 00000172 _____ C:\Users\Public\Desktop\Help and Support.lnk
2016-01-10 14:13 - 2016-01-10 14:13 - 00002136 _____ C:\Users\Public\Desktop\Microsoft Office – 60 Day Trial..lnk
2016-01-10 14:13 - 2016-01-10 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-10 14:13 - 2016-01-10 14:13 - 00000000 ____D C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2016-01-10 14:13 - 2016-01-10 14:13 - 00000000 ____D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2016-01-10 14:13 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2016-01-10 14:12 - 2016-01-10 14:12 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-10 14:12 - 2016-01-10 14:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-10 14:11 - 2016-01-10 14:11 - 00001881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
2016-01-10 14:11 - 2016-01-10 14:11 - 00001789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-01-10 14:11 - 2016-01-10 14:11 - 00000000 __RHD C:\MSOCache
2016-01-10 14:11 - 2016-01-10 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2016-01-10 14:10 - 2016-01-10 14:12 - 00000000 ____D C:\Program Files\Microsoft Works
2016-01-10 14:10 - 2016-01-10 14:12 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-10 14:09 - 2016-01-10 14:09 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
2016-01-10 14:09 - 2016-01-10 14:09 - 00000000 ____D C:\ProgramData\Adobe
2016-01-10 14:08 - 2016-01-10 14:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-10 14:08 - 2016-01-10 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee autoProducer 6.0
2016-01-10 14:08 - 2016-01-10 14:08 - 00000000 ____D C:\Program Files\Adobe
2016-01-10 14:08 - 2006-08-30 07:10 - 00068344 ____N (Sonic Solutions) C:\Windows\system32\pxhpinst.exe
2016-01-10 14:07 - 2016-01-10 14:07 - 00278528 _____ (Real Networks, Inc) C:\Windows\system32\pncrt.dll
2016-01-10 14:07 - 2016-01-10 14:07 - 00185952 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2016-01-10 14:07 - 2016-01-10 14:07 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2016-01-10 14:07 - 2016-01-10 14:07 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\ProgramData\muvee Technologies
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\Program Files\muvee Technologies
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\Program Files\Common Files\xing shared
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\Program Files\Common Files\Real
2016-01-10 14:07 - 2016-01-10 14:07 - 00000000 ____D C:\Program Files\Common Files\muvee Technologies
2016-01-10 14:06 - 2016-01-10 14:07 - 00000000 ____D C:\Program Files\Real
2016-01-10 14:05 - 2016-01-10 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-01-10 14:05 - 2016-01-10 14:05 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2016-01-10 14:05 - 2016-01-10 14:05 - 00000000 ____D C:\Program Files\Common Files\LS Getting Started
2016-01-10 14:05 - 2016-01-10 14:05 - 00000000 ____D C:\Program Files\Common Files\LightScribe
2016-01-10 14:04 - 2016-01-10 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2016-01-10 14:04 - 2016-01-10 14:04 - 00000000 ____D C:\ProgramData\Sonic
2016-01-10 14:04 - 2016-01-10 14:04 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2016-01-10 14:03 - 2016-01-10 14:05 - 00000000 ____D C:\Program Files\Roxio
2016-01-10 14:03 - 2016-01-10 14:05 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2016-01-10 14:03 - 2016-01-10 14:04 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2016-01-10 14:03 - 2016-01-10 14:03 - 00000000 ____D C:\ProgramData\Roxio
2016-01-10 13:57 - 2016-01-12 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-10 13:57 - 2016-01-12 16:51 - 00000000 ____D C:\Program Files\HP
2016-01-10 13:57 - 2016-01-10 13:57 - 00000000 ____D C:\Program Files\Common Files\HP
2016-01-10 13:56 - 2016-01-10 13:58 - 00103521 _____ C:\Windows\hpqins13.dat
2016-01-10 13:56 - 2016-01-10 13:57 - 00000000 ____D C:\ProgramData\HP
2016-01-10 13:56 - 2016-01-10 13:56 - 00001997 _____ C:\Users\Public\Desktop\My HP Games.lnk
2016-01-10 13:51 - 2016-01-10 13:56 - 00000000 ____D C:\ProgramData\WildTangent
2016-01-10 13:51 - 2016-01-10 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
2016-01-10 13:51 - 2016-01-10 13:56 - 00000000 ____D C:\Program Files\HP Games
2016-01-10 13:51 - 2016-01-10 13:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-01-10 13:45 - 2016-01-10 14:17 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-01-10 13:45 - 2016-01-10 13:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2016-01-10 13:45 - 2016-01-10 13:45 - 00315392 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2016-01-10 13:45 - 2016-01-10 13:45 - 00000000 ____D C:\Windows\system32\RTCOM
2016-01-10 13:45 - 2016-01-10 13:45 - 00000000 ____D C:\Program Files\Realtek
2016-01-10 13:45 - 2007-03-01 08:21 - 01744928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2016-01-10 13:45 - 2007-03-01 07:38 - 04390912 _____ (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
2016-01-10 13:45 - 2007-03-01 06:30 - 01840640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2016-01-10 13:45 - 2007-02-06 06:55 - 00494080 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2016-01-10 13:45 - 2007-01-29 07:34 - 00532480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2016-01-10 13:45 - 2007-01-16 02:39 - 01191936 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlUpd.exe
2016-01-10 13:45 - 2007-01-12 08:54 - 00520192 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-01-10 13:45 - 2006-12-13 02:30 - 00339968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2016-01-10 13:45 - 2006-11-29 10:47 - 00135168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2016-01-10 13:43 - 2016-01-10 13:43 - 04153344 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2016-01-10 13:43 - 2016-01-10 13:43 - 01686016 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 08429568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 07409024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-10 13:43 - 2007-02-10 16:18 - 06828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 05709824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdisps.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 05246976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispsr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 03620864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvitvsr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 03391488 _____ (NVIDIA Corporation) C:\Windows\system32\nvvitvs.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 03235840 _____ (NVIDIA Corporation) C:\Windows\system32\nvgamesr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 03153920 _____ (NVIDIA Corporation) C:\Windows\system32\nvgames.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 02854912 _____ (NVIDIA Corporation) C:\Windows\system32\nvmoblsr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 02379776 _____ (NVIDIA Corporation) C:\Windows\system32\nvwssr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 02113536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwss.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 01069056 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpluir.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00958464 _____ (NVIDIA Corporation) C:\Windows\system32\nvmobls.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00815104 _____ (NVIDIA Corporation) C:\Windows\system32\nvcplui.exe
2016-01-10 13:43 - 2007-02-10 16:18 - 00521128 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe
2016-01-10 13:43 - 2007-02-10 16:18 - 00458752 _____ (NVIDIA Corporation) C:\Windows\system32\nvmccssr.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00356352 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2016-01-10 13:43 - 2007-02-10 16:18 - 00356352 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe
2016-01-10 13:43 - 2007-02-10 16:18 - 00327680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00307200 _____ (NVIDIA Corporation) C:\Windows\system32\nvexpbar.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00229376 _____ (NVIDIA Corporation) C:\Windows\system32\nvmccs.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00188416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmccss.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00143360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcolor.exe
2016-01-10 13:43 - 2007-02-10 16:18 - 00109706 _____ C:\Windows\system32\nvapps.xml
2016-01-10 13:43 - 2007-02-10 16:18 - 00090192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00081920 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00075268 _____ C:\Windows\system32\nvwsapps.xml
2016-01-10 13:43 - 2007-02-10 16:18 - 00073728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.cpl
2016-01-10 13:43 - 2007-02-10 16:18 - 00045056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmccsrs.dll
2016-01-10 13:43 - 2007-02-10 16:18 - 00003411 _____ C:\Windows\system32\nvdisp.nvu
2016-01-10 13:42 - 2016-01-10 13:42 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-01-10 13:42 - 2016-01-10 13:42 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2016-01-10 13:41 - 2016-01-10 13:41 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-01-10 13:41 - 2016-01-10 13:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-01-10 13:41 - 2016-01-10 13:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2016-01-10 13:40 - 2016-01-10 13:40 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-01-10 13:40 - 2016-01-10 13:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2016-01-10 13:40 - 2016-01-10 13:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2016-01-10 13:39 - 2016-01-10 13:39 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2016-01-10 13:39 - 2016-01-10 13:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-01-10 13:39 - 2016-01-10 13:39 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2016-01-10 13:38 - 2016-01-10 13:38 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-01-10 13:38 - 2016-01-10 13:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-01-10 13:38 - 2016-01-10 13:38 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-01-10 13:38 - 2016-01-10 13:38 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-01-10 13:38 - 2016-01-10 13:38 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-01-10 13:37 - 2016-01-10 13:37 - 03580416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-10 13:37 - 2016-01-10 13:37 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-10 13:37 - 2016-01-10 13:37 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-01-10 13:37 - 2016-01-10 13:37 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-01-10 13:37 - 2016-01-10 13:37 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-01-10 13:37 - 2016-01-10 13:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-01-10 13:37 - 2016-01-10 13:37 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-01-10 13:37 - 2016-01-10 13:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\hccoin.dll
2016-01-10 13:37 - 2016-01-10 13:37 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-01-10 13:36 - 2016-01-10 14:17 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-01-10 13:36 - 2016-01-10 13:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2016-01-10 13:36 - 2007-02-12 07:01 - 00061440 ____N C:\Windows\system32\OsdRemove.exe
2016-01-10 13:35 - 2016-01-10 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-01-10 13:35 - 2007-02-08 02:40 - 00253952 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\cPC_DMIRD.dll
2016-01-10 13:35 - 2006-12-19 09:58 - 00048760 _____ (Hewlett-Packard Company) C:\Windows\system32\RUNCLOSE.OCX
2016-01-10 13:33 - 2006-07-16 13:23 - 00327680 _____ () C:\Windows\system32\pythoncom24.dll
2016-01-10 13:33 - 2006-07-16 13:15 - 00102400 _____ () C:\Windows\system32\pywintypes24.dll
2016-01-10 13:32 - 2016-01-10 13:32 - 00000012 _____ C:\Windows\csup.txt
2016-01-10 13:32 - 2006-09-07 09:13 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2016-01-10 13:32 - 2006-09-07 09:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2016-01-10 13:25 - 2016-01-10 13:25 - 00000000 ____D C:\Program Files\CONEXANT
2016-01-10 13:20 - 2016-01-12 16:56 - 00000000 ___HD C:\hp
2016-01-10 13:20 - 2007-03-19 05:58 - 00101672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys
2016-01-10 13:20 - 2007-03-19 05:39 - 00352768 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll
2016-01-10 13:20 - 2007-03-19 05:39 - 00352768 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll
2016-01-10 13:20 - 2006-12-07 07:04 - 00659968 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSX_CNXT.sys
2016-01-10 13:20 - 2006-12-07 07:04 - 00258048 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSXHWBS2.sys
2016-01-10 13:20 - 2006-12-07 07:03 - 00985600 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSX_DP.sys
2016-01-10 13:20 - 2006-12-07 06:29 - 00144201 _____ C:\Windows\system32\Drivers\HSFProf.cty
2016-01-10 13:20 - 2006-11-29 02:14 - 00172032 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32m15.dll
2016-01-10 13:20 - 2006-11-28 08:44 - 00386560 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio.exe
2016-01-10 13:20 - 2006-11-28 08:44 - 00008192 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio.sys
2016-01-10 13:20 - 2006-06-19 06:26 - 00094208 _____ (Conexant) C:\Windows\system32\mdmxsdk.dll
2016-01-10 13:20 - 2006-06-19 06:26 - 00012672 _____ (Conexant) C:\Windows\system32\Drivers\mdmxsdk.sys
2016-01-10 13:19 - 2016-01-10 14:33 - 00000000 ____D C:\Windows\Panther
2016-01-10 13:19 - 2016-01-10 13:19 - 00008192 ___RS C:\BOOTSECT.BAK
2016-01-10 13:19 - 2006-11-02 01:53 - 00438840 __RSH C:\bootmgr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 13:24 - 2006-11-02 02:33 - 00716948 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-14 13:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows
2016-01-14 13:18 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 13:18 - 2006-11-02 04:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-14 13:18 - 2006-11-02 04:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 16:42 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system
2016-01-12 16:33 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2016-01-12 15:34 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\inf
2016-01-12 15:28 - 2006-11-02 05:01 - 00003578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-10 14:33 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\sysprep
2016-01-10 14:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\oobe
2016-01-10 14:30 - 2006-11-02 04:47 - 00354224 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-10 14:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2016-01-10 14:12 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-10 14:11 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew
2016-01-10 14:08 - 2006-11-02 02:23 - 00000074 _____ C:\autoexec.bat
2016-01-10 13:56 - 2006-11-02 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-10 13:39 - 2006-11-02 02:25 - 00160872 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-01-10 13:39 - 2006-11-02 00:30 - 00160872 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2016-01-10 13:39 - 2006-11-02 00:30 - 00134760 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2016-01-10 13:32 - 2006-11-02 04:47 - 00000000 ____D C:\Windows\Setup
2016-01-10 13:19 - 2006-11-02 04:37 - 00262144 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories =======

2016-01-10 13:56 - 2016-01-10 13:58 - 0000311 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\College Graduate 2\AppData\Local\Temp\sqlite3.dll
C:\Users\College Graduate 2\AppData\Local\Temp\SymLCSVC.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-14 13:23

==================== End of FRST.txt ============================


 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by College Graduate 2 (2016-01-14 13:25:45)
Running from C:\Users\College Graduate 2\Downloads
Microsoft® Windows Vista™ Home Premium  (X86) (2016-01-10 21:28:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1897395172-3675367904-2178357570-500 - Administrator - Disabled)
College Graduate 2 (S-1-5-21-1897395172-3675367904-2178357570-1000 - Administrator - Enabled) => C:\Users\College Graduate 2
Guest (S-1-5-21-1897395172-3675367904-2178357570-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {4981ED48-6176-44B6-A64A-2B5A53A73240} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {817E7B4A-224D-4F31-935A-6EB14035F869} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {8F23CC71-7ED3-4B2E-8B3E-64BE643FEB78} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {9D6904A0-8EBD-43CC-BBEC-6BA61EB62B9C} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-03-05] ()
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 14:18 - 2016-01-10 14:18 - 00073728 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\a6c49d13f4e8534d5d5b8624510f4268\MessagingMessages.ni.dll
2016-01-10 14:18 - 2016-01-10 14:18 - 00020480 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\79720ae7a0a58e3aebd29c2d0a60bdec\MessagingInterface.ni.dll
2016-01-10 14:18 - 2016-01-10 14:18 - 00114688 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\74e483e79942faf8a96bac85816d11da\MessagingServer.ni.dll
2007-03-12 17:44 - 2007-03-12 17:44 - 00053248 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2006-11-01 22:47 - 2006-11-02 01:46 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2016-01-10 14:18 - 2016-01-10 14:18 - 00086016 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\9ee22437b0fca2ed5d48a91ce82a61a0\MessagingClients.ni.dll
2016-01-10 14:18 - 2016-01-10 14:18 - 00020992 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\8ae40f5b5b065d8aea779641dd8f8427\RemotingClient.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1897395172-3675367904-2178357570-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\aflow_q.jpg
DNS Servers: 192.168.0.1 - 68.94.157.15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{24BB715C-60B4-4B9B-9233-1468226B8B01}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{FB957E57-D18F-4445-88A3-C83935C56B8C}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{49ACA1A4-F8D1-4C9C-8C8E-7F8F4481AE8C}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{5F4096F2-973F-419B-B001-06A14A336E18}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{6B8876FD-4F63-4866-8C81-C226DD377F37}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{0ECF85E6-4A6C-4C43-9552-52C1B68FB59A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{9112B8C2-F9F0-4506-90D1-93523E333E60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3B85011-C992-49A4-9432-C5B1DB63522C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

12-01-2016 15:27:24 Windows Update
12-01-2016 15:55:49 Windows Update
12-01-2016 16:50:35 Removed HP Update
12-01-2016 16:51:39 Removed Snapfish Media Detector
12-01-2016 16:56:31 Scripted restore
12-01-2016 17:00:14 Device Driver Package Install: Cisco Consumer Products LLC Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2016 05:17:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 92c
Start Time: 01d14d9d29ce3811
Termination Time: 119

Error: (01/12/2016 04:50:05 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: CollegeGradu-PC)
Description: errorFailed unregistering service.


System errors:
=============
Error: (01/14/2016 01:18:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:02:38 PM on 1/12/2016 was unexpected.

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-39_neutral_PACKAGE from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-13_neutral_GDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-12_neutral_LDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-11_neutral_GDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-10_neutral_LDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-9_neutral_GDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-8_neutral_LDR from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-14_neutral_PACKAGE from package KB968389(Update) into Staging(Staging) state

Error: (01/12/2016 05:03:21 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of changing update 968389-86_neutral_PACKAGE from package KB968389(Update) into Staging(Staging) state


CodeIntegrity:
===================================
  Date: 2016-01-14 13:25:02.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:02.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:02.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:01.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:01.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:01.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:01.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 13:25:01.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 16:21:06.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 16:21:06.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 57%
Total physical RAM: 1917.88 MB
Available physical RAM: 817.01 MB
Total Virtual: 4059.47 MB
Available Virtual: 2796.84 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:289.3 GB) (Free:270.92 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.79 GB) (Free:1.01 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 173FDC42)
Partition 1: (Active) - (Size=289.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#15 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 14 January 2016 - 04:40 PM

Certain things I have noticed since the restore with the disk. I can't not use Internet Explorer at all so that is why I use Mozilla. Internet Explorer message I get when trying to search: Internet Explorer can not open this site:

 

Also when I am running programs such as the Farbar or any others I am still getting not responding and the computer seems stuck.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users