WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please lead me to thread [Solved]

Started by sleepybear , Oct 23 2014 10:32 PM

pc healthcenter

Page 3 of 5
1
2
3
4
5

This topic is locked

74 replies to this topic

#31 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 05:24 PM

Farbar Recovery Scan Tool (x86) Version: 02-11-2014

Ran by HP_Administrator at 2014-11-05 15:23:24

Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop

Boot Mode: Normal

================== Search Registry: "pc health" ===========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Search Assistant\ACMru\5603]

"000"="pc health"

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Search Assistant\ACMru\5603]

"003"="pc healthcenter"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"

====== End Of Search ======

Advertisements

Register to Remove

#32 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 05:28 PM

Farbar Recovery Scan Tool (x86) Version: 02-11-2014

Ran by HP_Administrator at 2014-11-05 15:24:35

Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop

Boot Mode: Normal

================== Search: "pc health" ===================

=== End Of Search ===

#33 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 November 2014 - 05:41 PM

Those are legit, try PC HEALTH KIT

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#34 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 November 2014 - 05:46 PM

Then run this tool

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

See this Link for programs that need to be disabled and instruction on how to disable them.

Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

For Windows XP Users

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#35 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 06:57 PM

I've got a WARNING from Combo Fix with two loud beeps.

I'm borrowing a friends laptop to bring you this.

It says: Combo Fix has detected that Norton internet security is running. So I went into start menu\Programs and found Norton's folder there but no files inside, it's completely empty. Is it safe to click OK on this warning to proceed? I had Norton on here about 6 years ago and thought there was no trace of it left after starting with Avast.

BTW: The searches I ran for the words "pc health kit' also came up blank with FRST

Edited by sleepybear, 05 November 2014 - 07:02 PM.

#36 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 November 2014 - 07:45 PM

Go ahead and run Combofix, see if you can disable Avast and we can remove Norton when where done

http://www.bleepingc...lware-programs/

You can try this to disable Norton

Go to Start > Run and type in services.msc , press enter on your keyboard, when it loads look for Norton and right click on it and set its status as disabled

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#37 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 07:59 PM

OK many thanks.

I found Norton there where you said in services. It does show "disabled"

I'll continue combofix now.

#38 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 08:37 PM

ComboFix 14-10-29.01 - HP_Administrator 11/05/2014 18:06:10.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.635 [GMT -8:00]

Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\inst.exe

c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\~WRL0003.tmp

c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\WINDOWS

c:\documents and settings\HP_Administrator\WINDOWS

c:\program files\Common Files\ohijymudul.dl

c:\program files\Shared

c:\windows\$msi31uninstall_kb893803v2$

c:\windows\$msi31uninstall_kb893803v2$\msi.dll

c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe

c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll

c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll

c:\windows\$msi31uninstall_kb893803v2$\msisip.dll

c:\windows\$msi31uninstall_kb893803v2$\reg00013

c:\windows\$msi31uninstall_kb893803v2$\reg00014

c:\windows\$msi31uninstall_kb893803v2$\reg00015

c:\windows\$msi31uninstall_kb893803v2$\reg00016

c:\windows\$msi31uninstall_kb893803v2$\reg00017

c:\windows\$msi31uninstall_kb893803v2$\reg00018

c:\windows\$msi31uninstall_kb893803v2$\reg00019

c:\windows\$msi31uninstall_kb893803v2$\reg00020

c:\windows\$msi31uninstall_kb893803v2$\reg00021

c:\windows\$msi31uninstall_kb893803v2$\reg00022

c:\windows\$msi31uninstall_kb893803v2$\reg00023

c:\windows\$msi31uninstall_kb893803v2$\reg00024

c:\windows\$msi31uninstall_kb893803v2$\reg00025

c:\windows\$msi31uninstall_kb893803v2$\reg00026

c:\windows\$msi31uninstall_kb893803v2$\reg00027

c:\windows\$msi31uninstall_kb893803v2$\reg00028

c:\windows\$msi31uninstall_kb893803v2$\reg00029

c:\windows\$msi31uninstall_kb893803v2$\reg00030

c:\windows\$msi31uninstall_kb893803v2$\reg00031

c:\windows\$msi31uninstall_kb893803v2$\reg00032

c:\windows\$msi31uninstall_kb893803v2$\reg00033

c:\windows\$msi31uninstall_kb893803v2$\reg00034

c:\windows\$msi31uninstall_kb893803v2$\reg00035

c:\windows\$msi31uninstall_kb893803v2$\reg00036

c:\windows\$msi31uninstall_kb893803v2$\reg00037

c:\windows\$msi31uninstall_kb893803v2$\reg00038

c:\windows\$msi31uninstall_kb893803v2$\reg00039

c:\windows\$msi31uninstall_kb893803v2$\reg00040

c:\windows\$msi31uninstall_kb893803v2$\reg00041

c:\windows\$msi31uninstall_kb893803v2$\reg00042

c:\windows\$msi31uninstall_kb893803v2$\reg00043

c:\windows\$msi31uninstall_kb893803v2$\reg00044

c:\windows\$msi31uninstall_kb893803v2$\reg00045

c:\windows\$msi31uninstall_kb893803v2$\reg00046

c:\windows\$msi31uninstall_kb893803v2$\reg00047

c:\windows\$msi31uninstall_kb893803v2$\reg00048

c:\windows\$msi31uninstall_kb893803v2$\reg00051

c:\windows\$msi31uninstall_kb893803v2$\reg00052

c:\windows\$msi31uninstall_kb893803v2$\reg00053

c:\windows\$msi31uninstall_kb893803v2$\reg00054

c:\windows\$msi31uninstall_kb893803v2$\reg00055

c:\windows\$msi31uninstall_kb893803v2$\reg00056

c:\windows\$msi31uninstall_kb893803v2$\reg00057

c:\windows\$msi31uninstall_kb893803v2$\reg00058

c:\windows\$msi31uninstall_kb893803v2$\reg00059

c:\windows\$msi31uninstall_kb893803v2$\reg00060

c:\windows\$msi31uninstall_kb893803v2$\reg00061

c:\windows\$msi31uninstall_kb893803v2$\reg00062

c:\windows\$msi31uninstall_kb893803v2$\reg00063

c:\windows\$msi31uninstall_kb893803v2$\reg00064

c:\windows\$msi31uninstall_kb893803v2$\reg00065

c:\windows\$msi31uninstall_kb893803v2$\reg00066

c:\windows\$msi31uninstall_kb893803v2$\reg00067

c:\windows\$msi31uninstall_kb893803v2$\reg00068

c:\windows\$msi31uninstall_kb893803v2$\reg00069

c:\windows\$msi31uninstall_kb893803v2$\reg00070

c:\windows\$msi31uninstall_kb893803v2$\reg00071

c:\windows\$msi31uninstall_kb893803v2$\reg00072

c:\windows\$msi31uninstall_kb893803v2$\reg00073

c:\windows\$msi31uninstall_kb893803v2$\reg00074

c:\windows\$msi31uninstall_kb893803v2$\reg00075

c:\windows\$msi31uninstall_kb893803v2$\reg00076

c:\windows\$msi31uninstall_kb893803v2$\reg00077

c:\windows\$msi31uninstall_kb893803v2$\reg00078

c:\windows\$msi31uninstall_kb893803v2$\reg00079

c:\windows\$msi31uninstall_kb893803v2$\reg00080

c:\windows\$msi31uninstall_kb893803v2$\reg00081

c:\windows\$msi31uninstall_kb893803v2$\reg00082

c:\windows\$msi31uninstall_kb893803v2$\reg00083

c:\windows\$msi31uninstall_kb893803v2$\reg00084

c:\windows\$msi31uninstall_kb893803v2$\reg00085

c:\windows\$msi31uninstall_kb893803v2$\reg00086

c:\windows\$msi31uninstall_kb893803v2$\reg00087

c:\windows\$msi31uninstall_kb893803v2$\reg00088

c:\windows\$msi31uninstall_kb893803v2$\reg00089

c:\windows\$msi31uninstall_kb893803v2$\reg00090

c:\windows\$msi31uninstall_kb893803v2$\reg00091

c:\windows\$msi31uninstall_kb893803v2$\reg00092

c:\windows\$msi31uninstall_kb893803v2$\reg00093

c:\windows\$msi31uninstall_kb893803v2$\reg00094

c:\windows\$msi31uninstall_kb893803v2$\reg00095

c:\windows\$msi31uninstall_kb893803v2$\reg00096

c:\windows\$msi31uninstall_kb893803v2$\reg00097

c:\windows\$msi31uninstall_kb893803v2$\reg00098

c:\windows\$msi31uninstall_kb893803v2$\reg00099

c:\windows\$msi31uninstall_kb893803v2$\reg00100

c:\windows\$msi31uninstall_kb893803v2$\reg00101

c:\windows\$msi31uninstall_kb893803v2$\reg00102

c:\windows\$msi31uninstall_kb893803v2$\reg00103

c:\windows\$msi31uninstall_kb893803v2$\reg00104

c:\windows\$msi31uninstall_kb893803v2$\reg00105

c:\windows\$msi31uninstall_kb893803v2$\reg00106

c:\windows\$msi31uninstall_kb893803v2$\reg00107

c:\windows\$msi31uninstall_kb893803v2$\reg00108

c:\windows\$msi31uninstall_kb893803v2$\reg00109

c:\windows\$msi31uninstall_kb893803v2$\reg00110

c:\windows\$msi31uninstall_kb893803v2$\reg00111

c:\windows\$msi31uninstall_kb893803v2$\reg00112

c:\windows\$msi31uninstall_kb893803v2$\reg00113

c:\windows\$msi31uninstall_kb893803v2$\reg00114

c:\windows\$msi31uninstall_kb893803v2$\reg00115

c:\windows\$msi31uninstall_kb893803v2$\reg00116

c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe

c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf

c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt

c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll

c:\windows\efev.dll

c:\windows\iqeculu.exe

c:\windows\iun6002.exe

c:\windows\msvcr71.dll

c:\windows\SET4C8.tmp

c:\windows\system32\_008174_.tmp.dll

c:\windows\system32\_008175_.tmp.dll

c:\windows\system32\_008176_.tmp.dll

c:\windows\system32\_008177_.tmp.dll

c:\windows\system32\_008184_.tmp.dll

c:\windows\system32\_008185_.tmp.dll

c:\windows\system32\_008186_.tmp.dll

c:\windows\system32\_008187_.tmp.dll

c:\windows\system32\_008189_.tmp.dll

c:\windows\system32\_008190_.tmp.dll

c:\windows\system32\_008193_.tmp.dll

c:\windows\system32\_008194_.tmp.dll

c:\windows\system32\_008196_.tmp.dll

c:\windows\system32\_008197_.tmp.dll

c:\windows\system32\_008198_.tmp.dll

c:\windows\system32\_008200_.tmp.dll

c:\windows\system32\_008203_.tmp.dll

c:\windows\system32\_008204_.tmp.dll

c:\windows\system32\_008208_.tmp.dll

c:\windows\system32\_008209_.tmp.dll

c:\windows\system32\_008211_.tmp.dll

c:\windows\system32\_008214_.tmp.dll

c:\windows\system32\_008216_.tmp.dll

c:\windows\system32\_008217_.tmp.dll

c:\windows\system32\_008218_.tmp.dll

c:\windows\system32\_008219_.tmp.dll

c:\windows\system32\_008220_.tmp.dll

c:\windows\system32\_008223_.tmp.dll

c:\windows\system32\_008224_.tmp.dll

c:\windows\system32\_008225_.tmp.dll

c:\windows\system32\_008226_.tmp.dll

c:\windows\system32\_008227_.tmp.dll

c:\windows\system32\_008232_.tmp.dll

c:\windows\system32\_008234_.tmp.dll

c:\windows\system32\_008235_.tmp.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

c:\windows\system32\SET18F.tmp

c:\windows\system32\SET190.tmp

c:\windows\system32\SET192.tmp

c:\windows\system32\SET194.tmp

c:\windows\system32\SET195.tmp

c:\windows\system32\SET196.tmp

c:\windows\system32\SET19D.tmp

c:\windows\system32\SET19E.tmp

c:\windows\system32\SET1A1.tmp

c:\windows\system32\SET1A2.tmp

c:\windows\system32\SET1A3.tmp

c:\windows\system32\SET1AA.tmp

c:\windows\system32\SET1AB.tmp

c:\windows\system32\SET1AC.tmp

c:\windows\system32\SET1AE.tmp

c:\windows\system32\SET1AF.tmp

c:\windows\system32\SET1B0.tmp

c:\windows\system32\SET1B1.tmp

c:\windows\system32\SET1B2.tmp

c:\windows\system32\SET1B4.tmp

c:\windows\system32\SET1B5.tmp

c:\windows\system32\SET1B6.tmp

c:\windows\system32\SET1B7.tmp

c:\windows\system32\SET1BA.tmp

c:\windows\system32\SET1C1.tmp

c:\windows\system32\SET1C2.tmp

c:\windows\system32\SET1C3.tmp

c:\windows\system32\SET1C4.tmp

c:\windows\system32\SET1C7.tmp

c:\windows\system32\SET1C9.tmp

c:\windows\system32\SET1CB.tmp

c:\windows\system32\SET1D2.tmp

c:\windows\system32\SET1D4.tmp

c:\windows\system32\SET1D5.tmp

c:\windows\system32\SET1D6.tmp

c:\windows\system32\SET1D8.tmp

c:\windows\system32\SET1D9.tmp

c:\windows\system32\SET1DA.tmp

c:\windows\system32\SET1DF.tmp

c:\windows\system32\SET1E0.tmp

c:\windows\system32\SET1E1.tmp

c:\windows\system32\SET1E2.tmp

c:\windows\system32\SET1E3.tmp

c:\windows\system32\SET1E6.tmp

c:\windows\system32\SET1E9.tmp

c:\windows\system32\SET1EE.tmp

c:\windows\system32\SET1EF.tmp

c:\windows\system32\SET1F2.tmp

c:\windows\system32\SET1F5.tmp

c:\windows\system32\SET1F6.tmp

c:\windows\system32\SET1FD.tmp

c:\windows\system32\SET1FE.tmp

c:\windows\system32\SET200.tmp

c:\windows\system32\SET204.tmp

c:\windows\system32\SET20D.tmp

c:\windows\system32\SET20E.tmp

c:\windows\system32\SET211.tmp

c:\windows\system32\SET213.tmp

c:\windows\system32\SET214.tmp

c:\windows\system32\SET215.tmp

c:\windows\system32\SET216.tmp

c:\windows\system32\SET217.tmp

c:\windows\system32\SET218.tmp

c:\windows\system32\SET228.tmp

c:\windows\system32\SET22D.tmp

c:\windows\system32\SET22F.tmp

c:\windows\system32\SET231.tmp

c:\windows\system32\SET232.tmp

c:\windows\system32\SET233.tmp

c:\windows\system32\SET234.tmp

c:\windows\system32\SET236.tmp

c:\windows\system32\SET237.tmp

c:\windows\system32\SET23B.tmp

c:\windows\system32\SET23C.tmp

c:\windows\system32\SET23F.tmp

c:\windows\system32\SET240.tmp

c:\windows\system32\SET241.tmp

c:\windows\system32\SET247.tmp

c:\windows\system32\SET248.tmp

c:\windows\system32\SET249.tmp

c:\windows\system32\SET251.tmp

c:\windows\system32\SET257.tmp

c:\windows\system32\SET258.tmp

c:\windows\system32\SET259.tmp

c:\windows\system32\SET25A.tmp

c:\windows\system32\SET25C.tmp

c:\windows\system32\SET261.tmp

c:\windows\system32\SET262.tmp

c:\windows\system32\SET26E.tmp

c:\windows\system32\SET270.tmp

c:\windows\system32\SET272.tmp

c:\windows\system32\SET273.tmp

c:\windows\system32\SET274.tmp

c:\windows\system32\SET277.tmp

c:\windows\system32\SET27F.tmp

c:\windows\system32\SET281.tmp

c:\windows\system32\SET282.tmp

c:\windows\system32\SET285.tmp

c:\windows\system32\SET287.tmp

c:\windows\system32\SET28B.tmp

c:\windows\system32\SET290.tmp

c:\windows\system32\SET293.tmp

c:\windows\system32\SET294.tmp

c:\windows\system32\SET29D.tmp

c:\windows\system32\SET29E.tmp

c:\windows\system32\SET2A5.tmp

c:\windows\system32\SET2A6.tmp

c:\windows\system32\SET2A9.tmp

c:\windows\system32\SET2AA.tmp

c:\windows\system32\SET2AB.tmp

c:\windows\system32\SET2AC.tmp

c:\windows\system32\SET2AD.tmp

c:\windows\system32\SET2AF.tmp

c:\windows\system32\SET2B0.tmp

c:\windows\system32\SET2B1.tmp

c:\windows\system32\SET2B3.tmp

c:\windows\system32\SET2B4.tmp

c:\windows\system32\SET2B5.tmp

c:\windows\system32\SET2B8.tmp

c:\windows\system32\SET2BB.tmp

c:\windows\system32\SET2C0.tmp

c:\windows\system32\SET2C1.tmp

c:\windows\system32\SET2C2.tmp

c:\windows\system32\SET2C7.tmp

c:\windows\system32\SET2C8.tmp

c:\windows\system32\SET2C9.tmp

c:\windows\system32\SET2CB.tmp

c:\windows\system32\SET2CE.tmp

c:\windows\system32\SET2D0.tmp

c:\windows\system32\SET2D1.tmp

c:\windows\system32\SET2D4.tmp

c:\windows\system32\SET2D5.tmp

c:\windows\system32\SET2D8.tmp

c:\windows\system32\SET2DB.tmp

c:\windows\system32\SET2DC.tmp

c:\windows\system32\SET2E3.tmp

c:\windows\system32\SET2E9.tmp

c:\windows\system32\SET2EF.tmp

c:\windows\system32\SET2F0.tmp

c:\windows\system32\SET2F1.tmp

c:\windows\system32\SET2F3.tmp

c:\windows\system32\SET2F4.tmp

c:\windows\system32\SET300.tmp

c:\windows\system32\SET302.tmp

c:\windows\system32\SET304.tmp

c:\windows\system32\SET305.tmp

c:\windows\system32\SET30A.tmp

c:\windows\system32\SET310.tmp

c:\windows\system32\SET311.tmp

c:\windows\system32\SET312.tmp

c:\windows\system32\SET313.tmp

c:\windows\system32\SET314.tmp

c:\windows\system32\SET315.tmp

c:\windows\system32\SET317.tmp

c:\windows\system32\SET319.tmp

c:\windows\system32\SET31D.tmp

c:\windows\system32\SET321.tmp

c:\windows\system32\SET32B.tmp

c:\windows\system32\SET32D.tmp

c:\windows\system32\SET32F.tmp

c:\windows\system32\SET330.tmp

c:\windows\system32\SET331.tmp

c:\windows\system32\SET333.tmp

c:\windows\system32\SET334.tmp

c:\windows\system32\SET339.tmp

c:\windows\system32\SET33B.tmp

c:\windows\system32\SET33C.tmp

c:\windows\system32\SET342.tmp

c:\windows\system32\SET34D.tmp

c:\windows\system32\SET350.tmp

c:\windows\system32\SET351.tmp

c:\windows\system32\SET352.tmp

c:\windows\system32\SET353.tmp

c:\windows\system32\SET356.tmp

c:\windows\system32\SET35E.tmp

c:\windows\system32\SET362.tmp

c:\windows\system32\SET365.tmp

c:\windows\system32\SET367.tmp

c:\windows\system32\SET36B.tmp

c:\windows\system32\SET36C.tmp

c:\windows\system32\SET36D.tmp

c:\windows\system32\SET36E.tmp

c:\windows\system32\SET36F.tmp

c:\windows\system32\SET370.tmp

c:\windows\system32\SET372.tmp

c:\windows\system32\SET386.tmp

c:\windows\system32\SET38A.tmp

c:\windows\system32\SET38C.tmp

c:\windows\system32\SET38E.tmp

c:\windows\system32\SET395.tmp

c:\windows\system32\SET39A.tmp

c:\windows\system32\SET3B0.tmp

c:\windows\system32\SET3B6.tmp

c:\windows\system32\SET3B8.tmp

c:\windows\system32\SET3B9.tmp

c:\windows\system32\SET3BA.tmp

c:\windows\system32\SET3BC.tmp

c:\windows\system32\SET3C0.tmp

c:\windows\system32\SET3C4.tmp

c:\windows\system32\SET3CB.tmp

c:\windows\system32\SET3CE.tmp

c:\windows\system32\SET3D0.tmp

c:\windows\system32\SET3D6.tmp

c:\windows\system32\SET3E4.tmp

c:\windows\system32\SET3E6.tmp

c:\windows\system32\SET3E7.tmp

c:\windows\system32\SET3E8.tmp

c:\windows\system32\SET3F6.tmp

c:\windows\system32\SET3FB.tmp

c:\windows\system32\SET401.tmp

c:\windows\system32\SET411.tmp

c:\windows\system32\SET412.tmp

c:\windows\system32\SET417.tmp

c:\windows\system32\SET421.tmp

c:\windows\system32\SET431.tmp

c:\windows\system32\SET43C.tmp

c:\windows\system32\SET43E.tmp

c:\windows\system32\SET445.tmp

c:\windows\system32\SET446.tmp

c:\windows\system32\SET447.tmp

c:\windows\system32\SET449.tmp

c:\windows\system32\SET44A.tmp

c:\windows\system32\SET44B.tmp

c:\windows\system32\SET44E.tmp

c:\windows\system32\SET450.tmp

c:\windows\system32\SET451.tmp

c:\windows\system32\SET453.tmp

c:\windows\system32\SET456.tmp

c:\windows\system32\SET458.tmp

c:\windows\system32\SET45D.tmp

c:\windows\system32\SET45E.tmp

c:\windows\system32\SET466.tmp

c:\windows\system32\SET46D.tmp

c:\windows\system32\SET472.tmp

c:\windows\system32\SET475.tmp

c:\windows\system32\SET478.tmp

c:\windows\system32\SET47A.tmp

c:\windows\system32\SET47E.tmp

c:\windows\system32\SET480.tmp

c:\windows\system32\SET481.tmp

c:\windows\system32\SET485.tmp

c:\windows\system32\SET486.tmp

c:\windows\system32\SET48A.tmp

c:\windows\system32\SET48B.tmp

c:\windows\system32\SET494.tmp

c:\windows\system32\SET497.tmp

c:\windows\system32\SET499.tmp

c:\windows\system32\SET49C.tmp

c:\windows\system32\SET49F.tmp

c:\windows\system32\SET4A1.tmp

c:\windows\system32\SET63D.tmp

c:\windows\system32\SET641.tmp

c:\windows\system32\SET646.tmp

c:\windows\system32\SET64B.tmp

c:\windows\system32\SET660.tmp

c:\windows\system32\SET6A9.tmp

c:\windows\system32\sp

c:\windows\wasixuwyba.exe

D:\Autorun.inf

((((((((((((((((((((((((( Files Created from 2014-10-06 to 2014-11-06 )))))))))))))))))))))))))))))))

2014-11-05 03:53 . 2014-11-05 03:53 -------- d-----w- c:\program files\ESET

2014-11-04 01:57 . 2014-11-04 01:57 -------- d-----w- c:\windows\ERUNT

2014-11-04 01:37 . 2010-08-30 16:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-11-04 01:36 . 2014-11-04 01:47 -------- d-----w- C:\AdwCleaner

2014-10-27 04:51 . 2014-11-06 00:31 -------- d-----w- C:\FRST

2014-10-24 07:04 . 2014-11-06 02:23 -------- d-----w- c:\windows\pchealth

2014-10-20 06:11 . 2014-11-04 06:05 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-20 06:11 . 2014-10-01 18:11 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-20 06:11 . 2014-10-20 06:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-10-20 06:11 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-20 00:18 . 2014-10-20 00:18 1409 ----a-w- c:\windows\QTFont.for

2014-10-19 21:49 . 2014-10-19 21:49 -------- d-----w- c:\windows\jumpshot.com

2014-10-16 05:39 . 2014-10-16 05:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp

2014-10-16 04:15 . 2014-10-16 04:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software

2014-10-16 04:08 . 2014-10-16 04:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-10-16 04:07 . 2014-10-16 04:07 43152 ----a-w- c:\windows\avastSS.scr

2014-10-16 04:04 . 2014-10-16 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2014-10-16 04:04 . 2014-10-16 04:07 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-16 04:04 . 2014-10-16 04:07 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-10-16 04:04 . 2014-10-16 04:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-15 20:00 . 2014-10-15 20:00 -------- d-----w- c:\windows\system32\wbem\Repository

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-10-16 04:15 . 2012-01-27 02:11 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-10-16 04:07 . 2012-01-27 02:11 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2014-10-16 04:07 . 2012-01-27 02:11 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2014-10-16 04:07 . 2012-01-27 02:11 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-10-16 04:07 . 2012-01-27 02:11 276432 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-01 04:09 . 2009-10-01 04:09 11841 ----a-w- c:\program files\Common Files\apiseseb.reg

2009-10-01 04:09 . 2009-10-01 04:09 19313 ----a-w- c:\program files\Common Files\icezose.bat

2009-09-30 22:09 . 2009-09-30 22:09 16820 ----a-w- c:\program files\Common Files\rupolope.dll

2009-09-30 22:09 . 2009-09-30 22:09 11586 ----a-w- c:\program files\Common Files\agygy.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-16 04:07 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]

"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]

"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 33936]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]

"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-16 4085896]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-02-23 22:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 15:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-06-29 00:22 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-05-15 00:33 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SymWSC"=2 (0x2)

"SPBBCSvc"=3 (0x3)

"SNDSrvc"=3 (0x3)

"navapsvc"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"YahooAUService"=2 (0x2)

"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/15/2014 8:04 PM 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/15/2014 8:04 PM 192352]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 6:11 PM 779536]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/26/2012 6:11 PM 414520]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 68168]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/15/2014 8:08 PM 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/15/2014 8:04 PM 67824]

R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]

R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2010 6:43 PM 47360]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-29 18:48 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-11-06 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-16 04:07]

2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]

2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]

------- Supplementary Scan -------

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: DhcpNameServer = 192.168.1.254

- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

MSConfigStartUp-MSConfig - c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe

AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-11-05 18:24

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithList]

@Class="Shell"

"a"="NOTEPAD.EXE"

"MRUList"="a"

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithProgids]

"Ç=8_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\SecuROM\License information*]

"datasecu"=hex:fb,20,08,b5,1f,0b,a3,9d,20,02,b9,5f,6e,64,2a,cf,17,d9,68,0c,b9,

b2,7d,31,7c,26,c7,10,c9,01,24,ca,3c,fc,0f,e4,bb,24,4d,ca,fa,3a,01,ec,55,98,\

"rkeysecu"=hex:bd,47,83,32,2f,8a,32,ff,78,e0,de,39,57,df,50,ce

[HKEY_LOCAL_MACHINE\software\Classes\.*Ç*a""]

@="Ç=8_auto_file"

[HKEY_LOCAL_MACHINE\software\Classes\Ç*a"©_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\edit\command]

@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2100)

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

------------------------ Other Running Processes ------------------------

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\AGRSMMSG.exe

c:\windows\SOUNDMAN.EXE

c:\windows\ALCWZRD.EXE

c:\windows\system32\wbem\unsecapp.exe

**************************************************************************

Completion time: 2014-11-05 18:28:30 - machine was rebooted

ComboFix-quarantined-files.txt 2014-11-06 02:28

Pre-Run: 22,753,816,576 bytes free

Post-Run: 22,671,310,848 bytes free

- - End Of File - - F7DE511B6C37BCEABD8C545E5B73464B

0AC6D996BCE152AED9600E6D6B797E2E

#39 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 November 2014 - 09:01 PM

Good, go ahead and run a new scan with FRST, checkmark Additions and post both logs

Things any better ??

sleepybear likes this

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#40 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 09:09 PM

WOW that was quite the fix!!! Yes seems to be running faster. I will run that scan and search the keyboard errors.

Advertisements

Register to Remove

#41 sleepybear

Authentic Member

Authentic Member
61 posts

Posted 05 November 2014 - 09:15 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014

Ran by HP_Administrator at 2014-11-05 19:11:30

Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)

Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)

Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )

AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden

AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden

ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )

avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)

AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)

AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.)

AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)

BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden

CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )

Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )

Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )

Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version: - )

Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version: - )

Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )

CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden

ccCommon (Version: 103.0.2.10 - Symantec) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)

ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden

Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden

CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden

cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden

cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden

cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden

cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden

CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden

CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden

CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version: - )

CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden

DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden

DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden

DVDFab 6.0.6.0 (04/09/2009) (HKLM\...\DVDFab 6_is1) (Version: - Fengtao Software Inc.)

Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )

Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden

FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version: - ) <==== ATTENTION

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

Help and Support Additions (HKLM\...\Help and Support Additions) (Version: - )

High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)

HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)

HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)

HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)

HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)

HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)

HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version: - HP)

HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)

HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)

HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden

HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden

InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )

IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )

InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version: - )

InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)

InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version: - )

InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)

iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)

iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden

iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)

iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden

Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)

Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)

KBD (HKLM\...\KBD) (Version: - )

Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)

LimeWire 5.5.8 (HKLM\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)

LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)

LS_HSI (Version: 1.0.16.2 - Integrator) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )

Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)

Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)

Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )

Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)

MSN (HKLM\...\MSNINST) (Version: - )

MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)

muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)

muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)

Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )

Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden

Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden

Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden

Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden

Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden

OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)

Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version: - )

OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden

Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )

Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version: - )

PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden

PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)

PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden

PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)

Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version: - )

PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden

PS2 (HKLM\...\PS2) (Version: - )

PSPrinters06 (Version: 1.00.0000 - HP) Hidden

Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )

Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)

QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden

QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)

QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden

Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden

RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - )

Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden

SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)

Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)

SPBBC (Version: 1.00.0000 - Your Company Name) Hidden

Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)

SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)

SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden

TouchCopy (HKLM\...\{E5603502-8B28-4E47-985E-0EC112553381}) (Version: 4.40 - Wide Angle Software)

TouchCopy 09 (HKLM\...\{B9F9B21A-E8A8-492F-8513-E5E107194232}) (Version: 9.59 - Wide Angle Software)

TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Unload (Version: 4.5.0 - Hewlett-Packard) Hidden

Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version: - Microsoft Corporation)

Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version: - )

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)

Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version: - Microsoft Corporation)

Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)

Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)

Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)

Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)

Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)

Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)

Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version: - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)

Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)

Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)

XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)

CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)

CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)

CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)

==================== Restore Points =========================

10-08-2014 18:32:31 System Checkpoint

12-08-2014 02:29:17 System Checkpoint

13-08-2014 23:13:49 System Checkpoint

16-08-2014 00:29:05 System Checkpoint

20-08-2014 22:18:28 System Checkpoint

22-08-2014 01:44:00 System Checkpoint

23-08-2014 22:38:37 System Checkpoint

25-08-2014 18:56:24 System Checkpoint

28-08-2014 17:52:56 System Checkpoint

30-08-2014 03:52:59 System Checkpoint

02-09-2014 17:28:30 System Checkpoint

05-09-2014 00:14:25 System Checkpoint

09-09-2014 00:34:39 System Checkpoint

10-09-2014 19:12:36 System Checkpoint

12-09-2014 16:46:04 System Checkpoint

15-09-2014 16:07:11 System Checkpoint

17-09-2014 02:25:03 System Checkpoint

18-09-2014 20:44:17 System Checkpoint

20-09-2014 04:11:10 System Checkpoint

26-09-2014 00:37:40 System Checkpoint

28-09-2014 06:07:59 System Checkpoint

29-09-2014 19:59:37 System Checkpoint

02-10-2014 19:37:02 System Checkpoint

04-10-2014 17:48:38 System Checkpoint

06-10-2014 20:50:54 System Checkpoint

10-10-2014 04:23:48 System Checkpoint

15-10-2014 19:58:30 Restore Operation

16-10-2014 04:05:15 avast! antivirus system restore point

18-10-2014 16:57:09 System Checkpoint

19-10-2014 21:45:24 Restore Operation

19-10-2014 21:51:35 Restore Operation

20-10-2014 01:54:17 Removed Sonic Express Labeler

20-10-2014 01:54:45 Removed Sonic RecordNow!

21-10-2014 03:19:04 System Checkpoint

24-10-2014 01:34:27 System Checkpoint

26-10-2014 03:44:50 System Checkpoint

29-10-2014 18:44:29 System Checkpoint

01-11-2014 01:36:28 System Checkpoint

02-11-2014 20:55:52 System Checkpoint

04-11-2014 03:12:54 System Checkpoint

05-11-2014 19:24:32 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 10:00 - 2014-11-05 18:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-26 18:11 - 2014-10-15 20:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-11-05 13:23 - 2014-11-05 13:23 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110501\algo.dll

2010-12-09 11:35 - 2010-04-05 11:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

2004-09-23 16:30 - 2004-09-23 16:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe

2004-09-23 16:30 - 2004-09-23 16:30 - 00122880 ____C () C:\Program Files\Common Files\lightscribe\LSCapi.dll

2004-09-23 16:30 - 2004-09-23 16:30 - 00022016 ____C () C:\Program Files\Common Files\lightscribe\LSLog.dll

2004-09-23 16:30 - 2004-09-23 16:30 - 00192512 ____C () C:\Program Files\Common Files\lightscribe\LSPrtEn.dll

2004-09-23 16:30 - 2004-09-23 16:30 - 00061440 ____C () C:\Program Files\Common Files\lightscribe\LSDrComm.dll

2004-09-23 16:30 - 2004-09-23 16:30 - 00033792 ____C () C:\Program Files\Common Files\lightscribe\LSSProxy.dll

2014-10-15 20:07 - 2014-10-15 20:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2004-08-10 04:00 - 2004-08-10 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-10 04:00 - 2004-08-10 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2014-10-29 10:49 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-29 10:49 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background

MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)

Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)

HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2

SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)

SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/20/2014 10:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/19/2014 08:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [!ws!]

Error: (10/19/2014 04:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )

Description: Fault bucket 137941937.

Error: (10/19/2014 04:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/16/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/19/2014 09:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/15/2014 06:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )

Description: Fault bucket -1328525754.

Error: (09/15/2014 06:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/10/2014 07:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/15/2014 08:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:

=============

Error: (11/05/2014 06:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Upload Manager service failed to start due to the following error:

%%1079

Error: (11/05/2014 06:23:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

Error: (11/05/2014 06:23:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Help and Support service terminated with the following error:

%%126

Error: (11/05/2014 06:21:19 PM) (Source: PlugPlayManager) (EventID: 11) (User: )

Description: The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.

Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Upload Manager service failed to start due to the following error:

%%1079

Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Help and Support service terminated with the following error:

%%126

Error: (11/04/2014 04:34:37 PM) (Source: Windows Update Agent) (EventID: 16) (User: )

Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Upload Manager service failed to start due to the following error:

%%1079

Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz

Percentage of memory in use: 60%

Total physical RAM: 1015.29 MB

Available physical RAM: 401.39 MB

Total Pagefile: 2442.72 MB

Available Pagefile: 1828.78 MB

Total Virtual: 2047.88 MB

Available Virtual: 1951.09 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:21.15 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)

Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================