[medusa9]

UPDATE: After posting this I tried to reboot into Safe Mode. It shut down in the middle of going trough the drivers and now WILL NOT EVEN BOOT!!!
__________________________________________________

I'm running Vista 32-bit. I have no other AV software that I'm aware of - but my grandson has also uses this computer so......... I've removed some of the programs I recognized that shouldn't be there but the rest are unfamiliar and I'm unsure.

The message I get is
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them.

I am logged in as administrator and even tried it through the "hidden" admin account but nothing works. Windows Defender is the same. When I tried to run Microsoft's FixIt to solve the problem but it said the service couldn't be stopped.

Internet Explorer also stopped FixIt and Malwarebytes from being downloaded, indicating they had failed because of virus but it wasn't Microsoft Essentials that reported it - there was no indication of the program that reported it. Just a white box with red border and black text at the bottom of the screen.


____________________________________________________

OTL logfile created on: 7/21/2013 5:54:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Donna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 52.73% Memory free
5.73 Gb Paging File | 4.42 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 78.84 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/21 17:53:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/04/15 15:42:16 | 000,070,912 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/06/21 00:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 13:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 13:49:43 | 013,599,184 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 13:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 13:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 13:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 13:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/12 03:33:37 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/12 03:33:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/12 03:31:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/12 03:31:01 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2008/06/12 00:18:38 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/06/12 00:18:36 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/06/12 00:18:34 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/06/12 00:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Services (SafeList) ==========

SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/04/28 15:37:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080122.037\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080122.037\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fweuhkhz.sys -- (fweuhkhz)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/23 19:17:00 | 000,437,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arusb_lh.sys -- (arusb_lh)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 13:35:27 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.charter.net/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC9713E-47B7-4DF1-9EC8-6436AA0CF073}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E04E5F45-78A7-4AE7-9457-6B5C886D7A40}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Donna\Pictures\MINDEN 07 09\DSC00689.JPG
O24 - Desktop BackupWallPaper: C:\Users\Donna\Pictures\MINDEN 07 09\DSC00689.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/01/01 10:48:52 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/21 13:37:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/21 12:04:17 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Malwarebytes
[2013/07/21 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/21 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/21 12:04:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/21 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2013/07/21 17:52:27 | 000,167,535 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/21 17:52:26 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013/07/21 17:52:16 | 000,167,783 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/07/21 17:43:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000UA.job
[2013/07/21 17:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 16:14:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/21 16:14:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/21 14:47:02 | 000,009,390 | ---- | M] () -- C:\Users\Donna\Desktop\bookmark.htm
[2013/07/21 14:14:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/21 13:03:24 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/21 13:03:24 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/21 12:51:47 | 006,460,170 | ---- | M] () -- C:\Users\Donna\Documents\lesstabs.rtf
[2013/07/21 12:04:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/21 11:06:09 | 000,009,392 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat
[2013/07/20 07:31:48 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000Core.job
[2013/07/17 07:29:14 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDonna.job
[2013/07/16 21:51:14 | 000,007,808 | ---- | M] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2013/07/12 21:51:51 | 000,002,082 | ---- | M] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/12 21:51:50 | 000,002,080 | ---- | M] () -- C:\Users\Donna\Desktop\Google Chrome.lnk
[2013/07/12 03:28:48 | 000,312,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/07/21 14:47:02 | 000,009,390 | ---- | C] () -- C:\Users\Donna\Desktop\bookmark.htm
[2013/07/21 13:33:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/21 13:33:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/21 12:51:47 | 006,460,170 | ---- | C] () -- C:\Users\Donna\Documents\lesstabs.rtf
[2013/07/21 12:04:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/07/19 16:31:02 | 000,007,808 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2008/12/28 22:39:24 | 000,009,392 | ---- | C] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat
[2008/12/27 16:49:13 | 000,041,984 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 15:00:01 | 000,167,783 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/25 14:57:37 | 000,167,535 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2013/06/06 08:50:05 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@
[2013/06/06 08:50:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
[2013/06/06 08:50:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/21 14:12:46 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\BitComet
[2008/12/29 22:02:59 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\funkitron
[2008/12/27 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\iWin
[2009/01/03 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Template
[2013/02/10 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Unity
[2013/01/01 10:41:11 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Donna\Desktop\Argo.avi:TOC.WMV

< End of report >

Edited by medusa9, 21 July 2013 - 05:34 PM.

[Advertisements]

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[JSntgRvr]

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[medusa9]

Thank you for helping me.

OTL Moved Files:

========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07212013_193544






FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-07-2013
Ran by Donna (administrator) on 21-07-2013 19:40:19
Running from C:\Users\Donna\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft® Corporation) C:\Program Files\Microsoft Works\WkCalRem.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2008-02-26] (Hewlett-Packard Company)
HKU\Cindy Gabriel\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2008-02-26] (Hewlett-Packard Company)
HKU\Cindy Gabriel\...\RunOnce: [Application Restart #0] - C:\Program Files\HP\QuickPlay\QPService.exe [ 2008-06-12] (CyberLink Corp.)
HKU\Cindy Gabriel\...\RunOnce: [Application Restart #1] - C:\Program Files\Microsoft Security Client\msseces.exe -Recover [ 2013-01-27] ()
HKU\Cindy Gabriel\...\RunOnce: [Application Restart #2] - C:\Program Files\Windows Sidebar\sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\Cindy Gabriel\...\RunOnce: [Application Restart #3] - C:\Program Files\Windows Sidebar\sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\Donna Jo Holt\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2008-02-26] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL (Charter Communications)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU -Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL (Charter Communications)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.177.176.38 71.92.29.130 24.217.201.67

Chrome:
=======
CHR HomePage: hxxp://www.charter.net/
CHR StartMenuInternet: Google Chrome - "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe"

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()

==================== Drivers (Whitelisted) ====================

S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [437760 2008-07-23] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
U1 eabfiltr;
S1 fweuhkhz; \??\C:\Windows\system32\drivers\fweuhkhz.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080122.037\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080122.037\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 19:39 - 2013-07-21 19:39 - 00000000 ____D C:\FRST
2013-07-21 19:37 - 2013-07-21 19:37 - 01219874 _____ (Farbar) C:\Users\Donna\Downloads\FRST.exe
2013-07-21 19:36 - 2013-07-21 19:36 - 00000730 _____ C:\Users\Donna\Desktop\fix.txt
2013-07-21 19:35 - 2013-07-21 19:35 - 00000000 ____D C:\_OTL
2013-07-21 18:06 - 2013-07-21 18:06 - 00037026 _____ C:\Users\Donna\Downloads\Extras.Txt
2013-07-21 18:02 - 2013-07-21 18:02 - 00044172 _____ C:\Users\Donna\Downloads\OTL.Txt
2013-07-21 17:53 - 2013-07-21 17:53 - 00602112 _____ (OldTimer Tools) C:\Users\Donna\Downloads\OTL.exe
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\QSwitch.txt
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\DSwitch.txt
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\AtStart.txt
2013-07-21 17:49 - 2013-07-21 17:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-07-21 17:49 - 2013-07-21 17:49 - 00000000 ___RD C:\Users\Administrator\Desktop
2013-07-21 17:49 - 2013-07-21 17:49 - 00000000 ____D C:\Users\Administrator
2013-07-21 17:49 - 2012-09-13 08:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-07-21 17:27 - 2013-07-21 17:28 - 00899584 _____ C:\Users\Donna\Downloads\MicrosoftFixit50535.msi
2013-07-21 14:57 - 2013-07-21 14:57 - 00659968 _____ C:\Users\Donna\Downloads\MicrosoftFixit50195 (1).msi
2013-07-21 14:47 - 2013-07-21 14:47 - 00009390 _____ C:\Users\Donna\Desktop\bookmark.htm
2013-07-21 14:43 - 2013-07-21 14:43 - 00659968 _____ C:\Users\Donna\Downloads\MicrosoftFixit50195.msi
2013-07-21 13:37 - 2013-07-21 13:41 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 13:33 - 2012-07-25 22:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-21 13:33 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-21 13:33 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-21 13:33 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-21 13:33 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-21 13:33 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-21 13:33 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-21 13:33 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-21 13:33 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-21 13:33 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-21 13:33 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-21 13:33 - 2012-06-02 09:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-21 13:33 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-07-21 13:32 - 2012-11-21 22:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-07-21 13:31 - 2013-04-17 07:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-21 12:04 - 2013-07-21 12:04 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Malwarebytes
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-21 12:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-12 03:02 - 2013-05-28 20:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:02 - 2013-05-28 20:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:02 - 2013-05-28 20:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:02 - 2013-05-28 20:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 03:02 - 2013-05-28 20:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:02 - 2013-05-28 20:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:02 - 2013-05-28 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 03:02 - 2013-05-28 20:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:02 - 2013-05-28 20:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 03:02 - 2013-05-28 20:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 03:02 - 2013-05-28 20:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:02 - 2013-05-28 20:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:02 - 2013-05-28 20:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:02 - 2013-05-28 20:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:02 - 2013-05-28 20:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 03:02 - 2013-05-28 20:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 08:57 - 2013-06-03 20:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 08:56 - 2013-05-31 23:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 08:56 - 2013-05-07 23:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 08:56 - 2013-04-17 06:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 08:56 - 2013-04-17 06:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 08:56 - 2013-04-17 06:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 08:56 - 2013-04-17 06:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 08:56 - 2013-04-17 05:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 08:56 - 2013-04-17 05:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 08:56 - 2013-04-17 05:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 08:56 - 2013-04-17 05:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 08:56 - 2013-04-17 05:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-08 08:00 - 2013-07-21 10:59 - 00000034 _____ C:\Windows\setupact.log
2013-07-08 08:00 - 2013-07-08 08:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-07 19:41 - 2013-07-07 19:40 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-29 17:52 - 2013-06-29 17:52 - 00001776 _____ C:\Users\Donna\Documents\bobby.txt
2013-06-29 15:54 - 2013-06-29 17:23 - 00001487 _____ C:\Users\Donna\Documents\neon.txt

==================== One Month Modified Files and Folders =======

2013-07-21 19:39 - 2013-07-21 19:39 - 00000000 ____D C:\FRST
2013-07-21 19:37 - 2013-07-21 19:37 - 01219874 _____ (Farbar) C:\Users\Donna\Downloads\FRST.exe
2013-07-21 19:36 - 2013-07-21 19:36 - 00000730 _____ C:\Users\Donna\Desktop\fix.txt
2013-07-21 19:36 - 2008-12-25 14:27 - 00000000 ___RD C:\Users\Donna\Desktop
2013-07-21 19:35 - 2013-07-21 19:35 - 00000000 ____D C:\_OTL
2013-07-21 19:28 - 2008-10-10 23:57 - 01500822 _____ C:\Windows\WindowsUpdate.log
2013-07-21 19:26 - 2012-04-28 15:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 19:23 - 2008-12-25 15:00 - 00167535 _____ C:\ProgramData\nvModes.001
2013-07-21 19:23 - 2008-12-25 14:57 - 00167535 _____ C:\ProgramData\nvModes.dat
2013-07-21 19:23 - 2008-10-11 00:45 - 00000246 _____ C:\Users\Public\Documents\hpqp.ini
2013-07-21 19:23 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 19:23 - 2006-11-02 07:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 19:23 - 2006-11-02 07:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 19:17 - 2006-11-02 08:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 18:06 - 2013-07-21 18:06 - 00037026 _____ C:\Users\Donna\Downloads\Extras.Txt
2013-07-21 18:02 - 2013-07-21 18:02 - 00044172 _____ C:\Users\Donna\Downloads\OTL.Txt
2013-07-21 17:53 - 2013-07-21 17:53 - 00602112 _____ (OldTimer Tools) C:\Users\Donna\Downloads\OTL.exe
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\QSwitch.txt
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\DSwitch.txt
2013-07-21 17:50 - 2013-07-21 17:50 - 00000000 _____ C:\Users\Administrator\AppData\Local\AtStart.txt
2013-07-21 17:49 - 2013-07-21 17:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-07-21 17:49 - 2013-07-21 17:49 - 00000000 ___RD C:\Users\Administrator\Desktop
2013-07-21 17:49 - 2013-07-21 17:49 - 00000000 ____D C:\Users\Administrator
2013-07-21 17:43 - 2011-07-01 14:40 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000UA.job
2013-07-21 17:28 - 2013-07-21 17:27 - 00899584 _____ C:\Users\Donna\Downloads\MicrosoftFixit50535.msi
2013-07-21 14:57 - 2013-07-21 14:57 - 00659968 _____ C:\Users\Donna\Downloads\MicrosoftFixit50195 (1).msi
2013-07-21 14:47 - 2013-07-21 14:47 - 00009390 _____ C:\Users\Donna\Desktop\bookmark.htm
2013-07-21 14:43 - 2013-07-21 14:43 - 00659968 _____ C:\Users\Donna\Downloads\MicrosoftFixit50195.msi
2013-07-21 14:30 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-07-21 14:12 - 2013-05-12 19:04 - 00000000 ____D C:\Users\Donna\AppData\Roaming\BitComet
2013-07-21 14:12 - 2006-11-02 06:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-21 13:41 - 2013-07-21 13:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 13:41 - 2008-08-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-21 13:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-21 13:36 - 2008-08-04 12:51 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-21 13:35 - 2012-09-10 19:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-21 13:34 - 2008-12-25 14:27 - 00000000 ____D C:\Users\Donna
2013-07-21 13:03 - 2006-11-02 05:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 12:04 - 2013-07-21 12:04 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Malwarebytes
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:04 - 2013-07-21 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-21 11:10 - 2008-04-10 05:26 - 00000000 ____D C:\Windows\SMINST
2013-07-21 11:06 - 2008-12-28 22:39 - 00009392 _____ C:\Users\Donna\AppData\Roaming\wklnhst.dat
2013-07-21 10:59 - 2013-07-08 08:00 - 00000034 _____ C:\Windows\setupact.log
2013-07-20 07:31 - 2011-07-01 14:40 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000Core.job
2013-07-18 17:45 - 2009-07-16 09:28 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-07-17 07:29 - 2009-01-24 14:42 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForDonna.job
2013-07-16 21:51 - 2009-07-19 16:31 - 00007808 _____ C:\Users\Donna\AppData\Local\d3d9caps.dat
2013-07-12 21:51 - 2011-07-01 14:41 - 00002080 _____ C:\Users\Donna\Desktop\Google Chrome.lnk
2013-07-12 03:28 - 2006-11-02 07:47 - 00312272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:27 - 2012-09-10 21:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:25 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-12 03:00 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-08 08:00 - 2013-07-08 08:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-07 19:40 - 2013-07-07 19:41 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-07 19:40 - 2013-07-07 19:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-07 19:40 - 2012-10-28 20:30 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-07-07 19:40 - 2011-07-01 14:46 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-29 17:52 - 2013-06-29 17:52 - 00001776 _____ C:\Users\Donna\Documents\bobby.txt
2013-06-29 17:23 - 2013-06-29 15:54 - 00001487 _____ C:\Users\Donna\Documents\neon.txt
2013-06-24 00:37 - 2006-11-02 05:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-22 09:22 - 2012-12-26 17:21 - 00000680 _____ C:\Users\Donna Jo Holt\AppData\Local\d3d9caps.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1246803856-2244257844-3536057404-1000\$ff24043d55f85ce9a20a8337d9b4b888

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-07-21 19:30

==================== End Of Log ============================







Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-07-2013
Ran by Donna at 2013-07-21 19:40:45
Running from C:\Users\Donna\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Shockwave Player (Version: 10.2.0.023)
Atheros Driver Installation Program (Version: 5.2)
BufferChm (Version: 100.0.170.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Charter Browser Updater
Charter Toolbar
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.1.0)
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
ESU for Microsoft Vista (Version: 1.0.0)
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
Google Chrome (HKCU Version: 28.0.1500.72)
GPBaseService (Version: 100.0.187.000)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
Hoyle Board Games 2007 (Version: 1.0.0.0)
Hoyle Card Games 2007 (Version: 1.2.0.0)
Hoyle Puzzle Games 2007 (Version: 1.0.0.0)
HP Active Support Library (Version: 3.1.4.1)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Doc Viewer (Version: 1.01.0005)
HP DVD Play 3.7
HP Help and Support (Version: 2.0.8.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Quick Launch Buttons 6.40 D3 (Version: 6.40 D3)
HP Smart Web Printing (Version: 109.9.19158)
HP Solution Center 10.0 (Version: 10.0)
HP Total Care Advisor (Version: 2.1.4047.2685)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 J1)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
HPTCSSetup (Version: 1.0.964.2626)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 5 (Version: 1.6.0.50)
LabelPrint (Version: 2.20.2719)
LightScribe System Software 1.12.33.2 (Version: 1.12.33.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.43)
NetWaiting (Version: 2.5.52)
NVIDIA Drivers (Version: 1.5)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
Pirate101 (Version: 1.0.0)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
PSSWCORE (Version: 2.02.0000)
PVSonyDll (Version: 1.00.0001)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
Realtek USB 2.0 Card Reader (Version: )
Reflexive Arcade Games - Puzzle
Reflexive Arcade Games - Strategy
Reflexive Arcade Games - Word
Scan (Version: 10.0.0.0)
Shop for HP Supplies (Version: 10.0)
SmartAudio
SMCWUSB-N2 Wireless Utility (Version: 1.0)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
Unity Web Player (HKCU Version: )
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VideoLAN VLC media player 0.8.6e (Version: 0.8.6e)
VideoToolkit01 (Version: 100.0.128.000)
Viewpoint Media Player
WebReg (Version: 100.0.170.000)
WildTangent Games App (HP Games) (Version: 4.0.5.14)
Yahoo! Install Manager
Yahoo! Toolbar


==================== Restore Points =========================

16-05-2013 12:15:31 Windows Update
17-05-2013 00:13:22 Removed Java™ 6 Update 37
17-05-2013 00:14:27 Installed Java 7 Update 21
19-05-2013 14:58:13 Windows Update
25-05-2013 21:50:54 Windows Update
28-05-2013 22:50:14 Windows Update
01-06-2013 21:39:44 Windows Update
05-06-2013 12:00:09 Windows Update
13-06-2013 08:00:15 Windows Update
08-07-2013 00:38:46 Installed Java 7 Update 25
12-07-2013 08:00:22 Windows Update
21-07-2013 16:15:25 Before Lisa made changes_2013July21
21-07-2013 18:32:05 Windows Update
21-07-2013 19:57:20 Installed Microsoft Fix it 50195
21-07-2013 22:28:12 Installed Microsoft Fix it 50535

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {035348FE-944A-4B25-8FE8-EEDDB52558F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DC5857C-D36C-43DA-85EB-B22FB595A460} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000Core => C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {7D082987-5B81-414A-A6C6-947397155AEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {A688A186-7736-452C-8E8C-B0328DBD0F50} - System32\Tasks\User_Feed_Synchronization-{685E9A6F-BE97-48AE-A2D7-FE8663FF9F76} => C:\Windows\system32\msfeedssync.exe [2012-02-16] (Microsoft Corporation)
Task: {AF43655B-F5DB-45C7-839C-A2AB5DAF9AE5} - System32\Tasks\HPCeeScheduleForDonna => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {E42A7536-B05A-4CAA-BB2F-BEA9B754BE8F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EB9BC177-EEDF-4EAF-9B13-D9A0EA399862} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {F68FD3FE-34A3-4165-ADEA-B12B9907AA09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000UA => C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000Core.job => C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246803856-2244257844-3536057404-1000UA.job => C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDonna.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2013 07:25:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 07:11:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 05:36:58 PM) (Source: MsiInstaller) (User: Donna-PC)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (07/21/2013 05:36:51 PM) (Source: MsiInstaller) (User: Donna-PC)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (07/21/2013 05:28:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/21/2013 05:28:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/21/2013 03:01:32 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1428
Start Time: 01ce864ce2a57796
Termination Time: 0

Error: (07/21/2013 02:57:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/21/2013 02:57:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/21/2013 02:16:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/21/2013 07:25:12 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/21/2013 07:25:12 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/21/2013 07:25:12 PM) (Source: Service Control Manager) (User: )
Description: WinDefend%%5

Error: (07/21/2013 07:25:12 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (07/21/2013 07:11:25 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/21/2013 07:11:25 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/21/2013 07:11:25 PM) (Source: Service Control Manager) (User: )
Description: WinDefend%%5

Error: (07/21/2013 07:11:25 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (07/21/2013 02:16:17 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/21/2013 02:16:04 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-07-21 17:59:54.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:53.661
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:52.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:51.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:50.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:49.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:47.850
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:46.694
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:45.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:59:44.334
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 2813.69 MB
Available physical RAM: 1834.9 MB
Total Pagefile: 5863.87 MB
Available Pagefile: 4867.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.19 GB) (Free:78.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.85 GB) (Free:1.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FD03D783)
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[JSntgRvr]

Download the enclosed file. [attachment=65696:fixlist.txt]

Save it next to FRST.

Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log (Fixlog.txt). Please post it in your next reply.

[medusa9]

SHOOT!!! I forgot to run as admin. Should I do it again?



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-07-2013
Ran by Donna at 2013-07-21 20:57:11 Run:1
Running from C:\Users\Donna\Downloads
Boot Mode: Normal

==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Cindy Gabriel\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => Value deleted successfully.
HKU\Cindy Gabriel\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value deleted successfully.
HKU\Cindy Gabriel\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => Value deleted successfully.
HKU\Cindy Gabriel\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1246803856-2244257844-3536057404-1000\$ff24043d55f85ce9a20a8337d9b4b888 => Directory moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.


The system needs a manual reboot.

==== End of Fixlog ====

Edited by medusa9, 21 July 2013 - 07:59 PM.

[JSntgRvr]

Restart the computer, then proceed as follows:

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[medusa9]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Donna on Mon 07/22/2013 at 9:46:01.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] viewpoint manager service
Successfully deleted: [Service] viewpoint manager service

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE30}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE31}

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Donna\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/22/2013 at 9:48:36.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








# AdwCleaner v2.306 - Logfile created 07/22/2013 at 09:57:42
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Donna - DONNA-PC
# Boot Mode : Normal
# Running from : C:\Users\Donna\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2952 octets] - [22/07/2013 09:56:24]
AdwCleaner[S1].txt - [2933 octets] - [22/07/2013 09:57:42]

########## EOF - C:\AdwCleaner[S1].txt - [2993 octets] ##########








Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.21.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Donna :: DONNA-PC [administrator]

7/22/2013 10:06:12 AM
mbam-log-2013-07-22 (10-06-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290185
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[JSntgRvr]

How is the computer doing?

[medusa9]

Nearly like new! I updated Microsoft Security Essentials, downloaded Windows Updates for Essentials but now my hard drive runs non-stop for about 4+ minutes after I boot. Essentials and internet take a long time to turn on, as well.

I can certainly live with it, but if you know of a simple fix I'll take it.

Thank you for all of your good work. PayPal-ing!

[JSntgRvr]

You are welcome.

Lets take a look at some of the services.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[medusa9]

Hey. Sorry, I've been away from that computer for a couple of days. I'll do the scan and report back this afternoon (CST).

[JSntgRvr]

[medusa9]

Farbar Service Scanner Version: 13-07-2013
Ran by Donna (administrator) on 25-07-2013 at 12:23:00
Running from "C:\Users\Donna\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 07:13] - [2013-05-07 22:40] - 0914792 ____A (Microsoft Corporation) 078218D74C4EFC2CE7E4C6DF22A94F2F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-12 07:13] - [2013-04-23 23:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[JSntgRvr]

That report is clear.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.