Jump to content

Laptop Infected


Recommended Posts

I have two family laptops (this is laptop #1, I'll make a separate post for #2) that I want to install MB and the MB Anti-Exploit tool on, but first I need to fix whatever is screwing them up. They use to run well, but they got so slow, experience so many browser crashes, and get tons of popups that people just didn't want to use them any longer. I thought maybe if one of you guys could assist on cleaning them up then if I installed all the MB tools on it they would be functional once again. Appreciate the help and below are the first log files.

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Christy (administrator) on CHRISTY-PC on 08-06-2015 15:14:18
Running from C:\Users\Christy\Desktop
Loaded Profiles: Christy (Available Profiles: Christy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Seagate LLC) C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-333a4f79.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\852577424a8662c9c3a7d0651f35\MPSigStub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Christy\AppData\Local\Google\Desktop\Install\{616d2c63-cfa2-9044-6cc0-cc3988972e2d}\❤≸⋙\Ⱒ☠⍨\‮๛\{616d2c63-cfa2-9044-6cc0-cc3988972e2d}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {2a577756-f9c4-11e0-8eda-001e3346c7a9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {655ecffa-8f2a-11de-b9f5-001e3346c7a9} - E:\autoply.exe OPEN
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {66f252bb-a269-11de-be43-c0540f79b453} - E:\autoply.exe OPEN
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {66f25322-a269-11de-be43-c0540f79b453} - E:\autoply.exe OPEN
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {8c9e74d5-b959-11de-8ef2-cf480a9ac759} - E:\LaunchU3.exe
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {97ad8da2-c234-11dd-b1b6-001e3346c7a9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {9c7e1a51-072e-11df-8e29-001e3346c7a9} - E:\autoply.exe OPEN
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {b08d6580-1817-11de-a3d9-001e3346c7a9} - E:\Autorun.exe /run
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\MountPoints2: {c29ae049-9f32-11de-ab5e-ad654fad393b} - E:\autoply.exe OPEN
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\katelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2008-11-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-771492675-3648702646-1731262982-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm002YYus&ptb=C5D6BB5B-2872-4557-8EB1-4A89D24FA992&psa=&ind=2011082622&ptnrS=YLxdm002YYus&si=CPXMgcS77qoCFWgCQAodUjtSPg&st=sb&n=77deaf7e&searchfor={searchTerms}
SearchScopes: HKLM -> {B9313A4A-5AE6-40D4-A1E3-5492200A2E85} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-771492675-3648702646-1731262982-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-06] (Oracle Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-06] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-771492675-3648702646-1731262982-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-771492675-3648702646-1731262982-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-06-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-06] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2007-08-30] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org [2013-09-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-10-11]
FF HKU\S-1-5-21-771492675-3648702646-1731262982-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Christy\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Christy\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-06-16]
CHR HKU\S-1-5-21-771492675-3648702646-1731262982-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Christy\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-06-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S4 gupdate1c9e69be983ad10; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-06] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( ) [File not signed]
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [166320 2012-05-25] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-09-24] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S4 Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [24120 2007-01-18] (Seagate Technology LLC)
S4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] () [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-09-24] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-19] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133928 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235488 2013-09-24] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365256 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [571608 2013-09-24] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213200 2013-09-24] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1083520 2006-11-02] (Philips Semiconductors GmbH)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Christy\AppData\Local\Temp\catchme.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 15:14 - 2015-06-08 15:19 - 00018689 _____ C:\Users\Christy\Desktop\FRST.txt
2015-06-08 15:13 - 2015-06-08 15:14 - 00000000 ____D C:\FRST
2015-06-08 15:13 - 2015-06-08 15:09 - 01147904 _____ (Farbar) C:\Users\Christy\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 15:15 - 2008-06-22 18:51 - 01397028 _____ C:\Windows\WindowsUpdate.log
2015-06-08 15:14 - 2006-11-02 05:33 - 00006564 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 15:12 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 15:12 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 15:11 - 2014-04-29 19:58 - 00002419 _____ C:\Windows\setupact.log
2015-06-08 15:07 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2013-11-28 14:49 - 2011-08-26 21:50 - 0161728 _____ () C:\Program Files\gcres.dll
2013-04-29 23:37 - 2013-04-29 23:47 - 0000510 _____ () C:\Users\Christy\AppData\Roaming\wklnhst.dat
2008-09-07 06:29 - 2008-09-07 06:29 - 0000680 _____ () C:\Users\Christy\AppData\Local\d3d9caps.dat
2008-07-18 16:38 - 2013-11-15 10:31 - 0202240 _____ () C:\Users\Christy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-26 21:51 - 2011-08-26 21:51 - 0096312 _____ (WeatherBlink) C:\Users\Christy\AppData\Local\WeatherBlinkAuto.exe
2008-08-29 08:53 - 2008-08-29 08:53 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-11 17:06 - 2014-04-19 15:10 - 0007885 _____ () C:\ProgramData\hpzinstall.log
2010-04-22 10:15 - 2010-05-14 15:41 - 0000492 _____ () C:\ProgramData\lxdnDiagnostics.log
2010-01-19 20:26 - 2010-01-19 20:26 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
ZeroAccess:
C:\Users\Christy\AppData\Local\Google\Desktop\Install

Some files in TEMP:
====================
C:\Users\Christy\AppData\Local\Temp\bpuninstall.exe
C:\Users\katelyn\AppData\Local\Temp\symlcsv1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-08 15:13

==================== End of log ============================

 

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Christy at 2015-06-08 15:21:25
Running from C:\Users\Christy\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-771492675-3648702646-1731262982-500 - Administrator - Disabled)
Christy (S-1-5-21-771492675-3648702646-1731262982-1000 - Administrator - Enabled) => C:\Users\Christy
Guest (S-1-5-21-771492675-3648702646-1731262982-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audio Bible Download Manager 3.0 (HKLM\...\Audio Bible Download Manager_is1) (Version:  - Faith Comes By Hearing)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.05 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
FreeAgent Go Tools (HKLM\...\InstallShield_{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}) (Version: 1.01.0045 - Seagate)
FreeAgent Go Tools (Version: 1.01.0045 - Seagate) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 9.0.597.98 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
Memeo AutoBackup (HKLM\...\InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}) (Version: 3.00.3023 - Memeo Inc)
Memeo AutoBackup (Version: 3.00.3023 - Memeo Inc) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
MobileMe Control Panel (HKLM\...\{3AC54383-31D1-4907-961B-B12CBB1D0AE8}) (Version: 2.6.0.29 - Apple Inc.)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.6 - Google, Inc.)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Safari (HKLM\...\{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}) (Version: 3.525.28.1 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SCR3xxx Smart Card Reader (HKLM\...\{3A313405-6499-4176-B114-1393C3342543}) (Version: 8.27 - SCM Microsystems)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP3Writer.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> "C:\Users\Christy\AppData\Roaming\Smilebox\OzDesktopImporter.exe" No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\Christy\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP3Encoder.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> "C:\Users\Christy\AppData\Roaming\Smilebox\OzDesktopImporter.exe" No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-771492675-3648702646-1731262982-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Christy\AppData\Roaming\Smilebox\MP4Splitter.ax No File

==================== Restore Points =========================

19-04-2014 15:50:02 Windows Update
29-04-2014 19:58:44 Windows Update
30-04-2014 18:17:33 Windows Update
01-05-2014 03:00:14 Windows Update
08-06-2015 15:13:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-03-16 11:15 - 00000804 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33CB78B0-0D52-4D46-BC24-763540F5519B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4AF9DCAA-1720-4EA4-A834-BCFE8DA2E2CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {5AC25CEF-B349-4590-B6F5-70979909A0F1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - katelyn => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6A417F17-137A-4CC4-8397-3CF690F40A70} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {8310568E-FF45-44C2-ABE5-3FE5A0515938} - System32\Tasks\Microsoft\Windows\RestartManager\{DCA76B09-99E4-491a-921F-E7B3E8F4286A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A20C72A3-ECC8-4D04-8BD5-5B5705B8DA93} - System32\Tasks\FreeAgentLauncher => C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18] (Seagate LLC)
Task: {FB223D2F-5D70-442C-A119-CE88AACC275F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - megan => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BearShareNAG.job => C:\Users\megan\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\Google Software Updater.job => h4 rX2 ZWl sX2 ou 6g r6 h4 rX2 W3 \ / ? 2q Vp UdI lO ? 7X iP 1G fz 9i / ? 4J u9 o4 QD AZ \ Rh dt lLe \ vO Dq KQ6nq YTV kF pKt \ Up /g ssX \ vX6 Hf Q9 / Cu Ln ? u9z

==================== Loaded Modules (Whitelisted) ==============

2007-05-17 16:42 - 2007-05-17 16:42 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-10-08 16:03 - 2007-10-08 16:03 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2008-12-04 14:07 - 2007-11-01 09:29 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL
2008-12-04 14:06 - 2007-08-27 12:44 - 00053248 _____ () C:\Windows\System32\LXF3OEM.DLL
2008-12-04 14:06 - 2007-11-01 09:33 - 00012288 _____ () C:\Windows\System32\LXF3PMRC.DLL
2011-08-04 09:51 - 2009-08-13 12:02 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdndrpp.dll
2007-09-13 16:11 - 2007-09-13 16:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2015-06-08 15:11 - 2015-02-24 04:23 - 00246920 _____ () C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\852577424a8662c9c3a7d0651f35\MpSigStub.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-771492675-3648702646-1731262982-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Christy\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: gupdate1c9e69be983ad10 => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lxdn_device => 2
MSCONFIG\Services: MapsGalaxy_39Service => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: pinger => 2
MSCONFIG\Services: Seagate Sync Service => 2
MSCONFIG\Services: sprtsvc_verizondm => 2
MSCONFIG\Services: Swupdtmr => 2
MSCONFIG\Services: tgsrvc_verizondm => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: masqform.exe => C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
MSCONFIG\startupreg: TOSCDSPD => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{777FFCA2-CA6B-4F5F-AFE6-FAF0F1A48257}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEA8F944-9FDC-4F6D-A04E-7AD3FB1B6783}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5B9AB487-9E92-49AC-BE67-D2E5D814BF74}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{89738A45-1938-4ABE-86C3-AB6363EF63AF}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{56DCD4BA-0946-4919-8420-F37B3CF9F678}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F8DCEB53-E696-4E86-8839-F8C6B96275DA}] => (Allow) svchost.exe
FirewallRules: [{6DDA4D09-E951-4C6C-9BAD-E890E8E4D6CA}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{4D46C44D-B9A1-459A-9E05-12FB984E75D7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FB17A56D-F794-479A-8084-2F97784D9843}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{7C4FA64E-0946-417C-9C40-22A8B74DAF3D}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{B1173B14-B510-453D-83FE-9B0B04D57FE3}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{C45E2C60-2B38-42F7-B8E9-D6152232DB9C}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{F845BFDB-1561-466A-8838-1F13748768B9}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [{2B4B200E-9995-4378-BCE2-8808FBB23F2B}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [{E9B7ECF3-77BF-44B3-B68E-2D4AF1A8C5D5}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntime.exe
FirewallRules: [{871EC6D6-30CD-46C6-9FC9-D694D6DFA994}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntime.exe
FirewallRules: [{D2393781-C6F1-4516-8244-DCE044065B28}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe
FirewallRules: [{0109E954-E776-40C1-A053-F8F6FB9D7B0B}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe
FirewallRules: [{08E12509-A2DA-4141-A1FE-C4E129C2990A}] => (Allow) C:\Program Files\Audio Bible Download Manager\FCBHDownloadManager3.exe
FirewallRules: [{CE479D9D-9F5A-4E83-B6BF-6EBFA27C8B6F}] => (Allow) C:\Program Files\Audio Bible Download Manager\FCBHDownloadManager3.exe
FirewallRules: [{F502CBE1-A784-4803-AF1E-A39E844AEC35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{26957CCB-E205-437B-972D-4FC73C215784}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BCF3C09-FBC1-4712-B683-B1309DB0C26F}] => (Allow) D:\setup\hpznui01.exe
FirewallRules: [{67D147BD-A4AF-45C8-8C9F-630CACEE04D6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0D01463B-3334-4AA4-8B74-2118BFCE14BF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A7567DB9-ECA6-4A49-B739-9D9B4E70FBF8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A0A8E627-DA99-4E34-883C-BF48DD676182}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6495980D-CD40-4056-9794-EDB22B13E685}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E18CDA47-335F-489E-B351-CCFA413462C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A7861121-5B3A-45C3-8EE6-1982738855C5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8682E719-5BE9-484B-B0D7-DB7F9DEEF433}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D2ECD210-3B07-40F8-89C5-E85B7C7F0D5E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4365C491-6185-4E48-A40A-949B009650F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{19F5CA94-9974-4D7E-84E8-1EBA6E428BC5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C3533809-12C2-44DF-A58E-5F1CB24C2931}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{904493B5-2378-4CD5-AF55-5F44ADDB2C22}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D0F6EF8F-767B-47C4-AC1A-17D84907AC39}] => (Allow) LPort=49162
FirewallRules: [{A093A579-6E34-473A-9E53-22348A442DA7}] => (Allow) LPort=5000
FirewallRules: [{DD3ABCCE-BD8D-4B52-8AC3-B6914A5B9321}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D51A333E-EB78-4670-BBAB-C04AAC43F416}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{AAEA0E25-455E-4DE4-8F5A-A8E74CB251EE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7FF8F5F8-5585-4A85-98ED-D163D16E55A0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{31073CBE-4219-450C-BF0A-9938C4F5C0AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4841B4A6-F4E4-4153-B3FE-29C676AC10F6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BBFA81C6-FFF1-4345-8D66-22EB8494724A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{007ABD2F-6B85-429E-BE08-33601847A31E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A68E9A16-38E8-4045-AFB3-8C95606817BB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7D45D829-851D-4E8B-B439-E8AC5CF6E3D6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9A825424-C349-4747-8393-B4C1C8E2E50D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CCFAC0FF-917B-409D-94BC-83DDF066A675}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{83139F68-9BEB-4C45-BA6A-15B20F982E7A}] => (Allow) D:\setup\hpznui01.exe
FirewallRules: [{CCE2955F-9682-4D86-A6BE-06E6898EBE91}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{78D21171-840B-42C2-8B48-D9A34F391E5B}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [uDP Query User{2B00D67B-D57C-44ED-9A30-F7BA13506581}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{FC199EE3-D185-42B9-840E-3684F80A6222}] => (Allow) LPort=80
FirewallRules: [{EC56C7F9-5782-4342-A13A-6A5587B5801A}] => (Allow) LPort=80
FirewallRules: [{47DECF2A-E19E-4A3C-ABCD-7CA0E5C7A74A}] => (Allow) LPort=80
FirewallRules: [{0A10B27D-73DE-44C3-ACA5-2A3DA98BBC6A}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{73673DEB-F056-4FF4-A821-03C10441BA7B}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [TCP Query User{7B68CEC9-B733-4B1B-8B6A-1DAE52C42040}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [uDP Query User{35083098-526A-4042-98FB-9E70FFFE1D16}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [{14AFB7DC-2CF5-4FEC-8A66-355F19046748}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{69E0B4E5-DE3C-4328-A3BC-3C85D3A6C240}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E074A84C-1FD8-4D22-AFCF-A39D682F682E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCC6C608-24F3-4C59-8B05-B7269A3A6DE7}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{F1938F5D-5EAB-479C-9B5F-6F443E2895F2}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [uDP Query User{3E6A2568-C85E-4D6A-9CBC-25521136FF33}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Faulty Device Manager Devices =============

Name: Lexmark 2600 Series #2
Description: Lexmark 2600 Series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ADS Instant HDTV PCI
Description: ADS Instant HDTV PCI
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ADS Technologies
Service: Ph3xIB32
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ADS Instant HDTV PCI
Description: ADS Instant HDTV PCI
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ADS Technologies
Service: Ph3xIB32
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 400 color M451dw
Description: HP LaserJet 400 color M451dw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 03:14:19 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (06/08/2015 03:14:19 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (06/08/2015 03:13:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.

Error: (06/08/2015 03:13:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {886b6389-900a-4ed8-bde3-82928a269a27}

Error: (06/08/2015 03:13:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.9.0, time stamp 0x4acfa581, faulting module HPWUCli.exe, version 5.0.9.0, time stamp 0x4acfa581, exception code 0xc0000005, fault offset 0x00009b66,
process id 0x12b0, application start time 0xHPWUCli.exe0.

Error: (06/08/2015 03:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.9.0, time stamp 0x4acfa581, faulting module hpupdatecomponent.dll, version 1.0.16.0, time stamp 0x4acfa56c, exception code 0xc0000005, fault offset 0x00007e3b,
process id 0x12b0, application start time 0xHPWUCli.exe0.

Error: (06/08/2015 03:12:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.

Error: (06/08/2015 03:11:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {886b6389-900a-4ed8-bde3-82928a269a27}

Error: (06/08/2015 03:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 03:07:35 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

System errors:
=============
Error: (06/24/2009 03:49:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/24/2009 03:45:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/19/2009 01:55:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxdnCATSCustConnectService%%1053

Error: (06/19/2009 01:55:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxdnCATSCustConnectService

Error: (06/19/2009 01:53:52 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/19/2009 01:53:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:49:49 PM on 6/19/2009 was unexpected.

Error: (06/19/2009 01:48:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/19/2009 08:30:14 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DUFFEYHOME
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10B333C1-5853-4168-A612-6A97171.
The master browser is stopping or an election is being forced.

Error: (06/19/2009 08:18:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/19/2009 07:22:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Microsoft Office:
=========================
Error: (11/05/2008 03:30:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1204 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-03-19 13:44:52.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-19 13:44:52.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:29:53.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:29:52.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:23:45.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:23:45.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:17:57.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 09:17:56.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-09 20:17:24.417
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-09 20:17:24.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 3061.22 MB
Available physical RAM: 790.56 MB
Total Pagefile: 6326.68 MB
Available Pagefile: 3846.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.27 MB

==================== Drives ================================

Drive c: (SQ004725V01) (Fixed) (Total:231.42 GB) (Free:132.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (GSP1RMCPRXF) (Removable) (Total:14.55 GB) (Free:14.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: EB02F3DE)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

 

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Yes, this one seems pretty infected. It's 11.16 PM here, so I'll be going to sleep soon.
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine.
icon_exclaim.gif Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.
 
 
mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

So I keep getting a failed Microsoft Update for an "ADS Technologies - Streaming Media and Broadcast - ADS Instant HDTV PCI"

 

I cant find this anywhere on the system and from a Google search it looks like some trash software from Download.com.

 

I'm guessing it's downloading an update because it's finding some trace of the program on the system and trying to update it. Any clue how to find it and stop this failed update from coming up over and over again?

 

Also, is there anything else we need to do with this machine or are we done with it? I know in the past they've had me run a security check to make sure everything was up to date. I'm locating that program now to run and see.

Link to post
Share on other sites

Well I just selected Hide Update and it went away lol - hopefully it stays away. Still wondering if something from that program is installed on this computer, but it doesn't appear to be causing any issues than that failed update so hopefully that "Hide Update" keeps it away.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.