Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please lead me to thread [Solved]

pc healthcenter

  • This topic is locked This topic is locked
74 replies to this topic

#1 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 23 October 2014 - 10:32 PM

Could someone please lead me to any threads with help on the older "pc healthcenter, helpcenter" virus? 

Thank you


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 October 2014 - 04:58 AM

:welcome:

 

Its not a good practice to do what someone else has done ,all systems are different and what one of our tools can do on one system may damage another, its always best just to post and let one of our helpers help you, for example one of our old tools can damage a system if a fix is run on windows 8

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     

    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 24 October 2014 - 11:51 PM

    Thank you. Will do.



    #4 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 25 October 2014 - 08:39 PM

    aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
    Run date: 2014-10-25 19:23:08
    -----------------------------
    19:23:08.373    OS Version: Windows 5.1.2600 Service Pack 2
    19:23:08.373    Number of processors: 2 586 0x403
    19:23:08.373    ComputerName: YOUR-55E5F9E3D2  UserName: 
    19:23:09.139    Initialize success
    19:23:09.139    VM: initialized successfully
    19:23:09.201    VM: Intel CPU virtualization not supported 
    19:23:09.217    supported disk I/O atapi.sys
    19:23:14.719    AVAST engine defs: 14102501
    19:25:21.114    The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt"
     
     
    On the farbar scan tool download for 64 bit | keep getting "threat has been detected" by avast. and will not download.







     


    #5 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 26 October 2014 - 05:57 AM

    None of our tools are infected but some anti virus programs detected them as bad, disable your antivirus so you can download and run FRST

     

    http://www.bleepingc...lware-programs/

     

     

    If it still wont work than download it from another computer and transfer it by usb flash drive to the infected one

     

     

    Also, your aswMBR log is incomplete


    • sleepybear likes this

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #6 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 26 October 2014 - 11:02 PM

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
    Ran by HP_Administrator at 2014-10-26 21:58:09
    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
    AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
    Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
    Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
    Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
    Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - )
    Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
    CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden
    ccCommon (Version: 103.0.2.10 - Symantec) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
    ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden
    Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version:  - )
    CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
    Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version:  - ) <==== ATTENTION
    Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
    Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
    Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
    HP Diagnostic Assistant (Version: 1.0.0.0 - Hewlett-Packard) Hidden
    HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)
    HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)
    HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)
    HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)
    HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
    HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
    HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)
    HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version:  - )
    InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
    InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
    InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
    InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)
    iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
    iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)
    iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden
    Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
    Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
    Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)
    KBD (HKLM\...\KBD) (Version:  - )
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
    LS_HSI (Version: 1.0.16.2 - Integrator) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
    Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
    muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
    Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
    Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden
    Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden
    Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden
    Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden
    Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden
    OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
    Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version:  - )
    OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
    Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version:  - )
    PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
    PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
    PDF Reader (HKCU\...\PDF Reader) (Version:  - )
    PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
    Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
    PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    PS2 (HKLM\...\PS2) (Version:  - )
    PSPrinters06 (Version: 1.00.0000 - HP) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
    QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden
    Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
    Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    SPBBC (Version: 1.00.0000 - Your Company Name) Hidden
    Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)
    SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
    SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden
    TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
    Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
    Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version:  - )
    Visual J# .NET Redistributable Package (Version: 1.0.4205 - Microsoft Corporation) Hidden
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
    Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version:  - Microsoft Corporation)
    Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
    Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
    Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)
    Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
    Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
    Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
    Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
    Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)
    Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
    YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
     
    ==================== Restore Points  =========================
     
    23-07-2014 01:46:56 System Checkpoint
    29-07-2014 19:23:54 System Checkpoint
    31-07-2014 00:51:04 System Checkpoint
    04-08-2014 18:42:35 System Checkpoint
    06-08-2014 04:44:37 System Checkpoint
    10-08-2014 18:32:31 System Checkpoint
    12-08-2014 02:29:17 System Checkpoint
    13-08-2014 23:13:49 System Checkpoint
    16-08-2014 00:29:05 System Checkpoint
    20-08-2014 22:18:28 System Checkpoint
    22-08-2014 01:44:00 System Checkpoint
    23-08-2014 22:38:37 System Checkpoint
    25-08-2014 18:56:24 System Checkpoint
    28-08-2014 17:52:56 System Checkpoint
    30-08-2014 03:52:59 System Checkpoint
    02-09-2014 17:28:30 System Checkpoint
    05-09-2014 00:14:25 System Checkpoint
    09-09-2014 00:34:39 System Checkpoint
    10-09-2014 19:12:36 System Checkpoint
    12-09-2014 16:46:04 System Checkpoint
    15-09-2014 16:07:11 System Checkpoint
    17-09-2014 02:25:03 System Checkpoint
    18-09-2014 20:44:17 System Checkpoint
    20-09-2014 04:11:10 System Checkpoint
    26-09-2014 00:37:40 System Checkpoint
    28-09-2014 06:07:59 System Checkpoint
    29-09-2014 19:59:37 System Checkpoint
    02-10-2014 19:37:02 System Checkpoint
    04-10-2014 17:48:38 System Checkpoint
    06-10-2014 20:50:54 System Checkpoint
    10-10-2014 04:23:48 System Checkpoint
    15-10-2014 19:58:30 Restore Operation
    16-10-2014 04:05:15 avast! antivirus system restore point
    18-10-2014 16:57:09 System Checkpoint
    19-10-2014 21:45:24 Restore Operation
    19-10-2014 21:51:35 Restore Operation
    20-10-2014 01:54:17 Removed Sonic Express Labeler
    20-10-2014 01:54:45 Removed Sonic RecordNow!
    21-10-2014 03:19:04 System Checkpoint
    24-10-2014 01:34:27 System Checkpoint
    26-10-2014 03:44:50 System Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2004-08-10 11:00 - 2004-08-10 11:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-01-26 19:11 - 2014-10-15 21:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-10-25 19:06 - 2014-10-25 19:06 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll
    2014-10-26 21:52 - 2014-10-26 21:52 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll
    2006-09-07 10:18 - 2006-09-07 10:18 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
    2006-09-07 10:19 - 2006-09-07 10:19 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
    2014-10-15 21:07 - 2014-10-15 21:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2010-12-09 12:35 - 2010-04-05 12:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2004-09-23 17:30 - 2004-09-23 17:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2004-08-10 05:00 - 2004-08-10 05:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 05:00 - 2004-08-10 05:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-10-15 22:33 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
    2014-10-15 22:33 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: MSConfig => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)
    Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)
    HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
    SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/20/2014 11:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/19/2014 09:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [!ws!]
     
    Error: (10/19/2014 05:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 137941937.
     
    Error: (10/19/2014 05:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/16/2014 00:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/19/2014 10:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/15/2014 07:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket -1328525754.
     
    Error: (09/15/2014 07:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/10/2014 08:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (08/15/2014 09:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (10/25/2014 07:07:08 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
    Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
     
    Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.00GHz
    Percentage of memory in use: 74%
    Total physical RAM: 1015.29 MB
    Available physical RAM: 257.43 MB
    Total Pagefile: 2442.8 MB
    Available Pagefile: 1655.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1946.14 MB
     
    ==================== Drives ================================
     
    Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:24.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
    Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    Edited by sleepybear, 27 October 2014 - 12:08 AM.


    #7 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 26 October 2014 - 11:09 PM

    aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
    Run date: 2014-10-26 22:04:51
    -----------------------------
    22:04:51.037    OS Version: Windows 5.1.2600 Service Pack 2
    22:04:51.037    Number of processors: 2 586 0x403
    22:04:51.037    ComputerName: YOUR-55E5F9E3D2  UserName: 
    22:04:51.505    Initialize success
    22:04:51.505    VM: initialized successfully
    22:04:51.568    VM: Intel CPU virtualization not supported 
    22:04:51.584    supported disk I/O atapi.sys
    22:04:56.897    AVAST engine defs: 14102601
    22:05:07.134    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    22:05:07.134    Disk 0 Vendor: WDC_WD2000JD-22HBB0 08.02D08 Size: 190782MB BusType: 3
    22:05:07.368    Disk 0 MBR read successfully I/O
    22:05:07.368    Disk 0 MBR scan
    22:05:07.509    Disk 0 unknown MBR code
    22:05:07.509    Disk 0 Partition 1 00     0C    FAT32 LBA RECOVERY     7139 MB offset 63
    22:05:07.524    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       183632 MB offset 14621040
    22:05:07.524    Disk 0 unknown boot code
    22:05:07.540    Disk 0 statistics 263/16/0 @ 0.51 MB/s
    22:05:07.540    Scan finished successfully
    22:05:14.776    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\MBR.dat"
    22:05:14.776    The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\aswMBR.txt"


    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 October 2014 - 05:52 AM

    Good Morning,

     

    You posted the additions log for FRST but I need to see the main FRST log also, this is the most important one

     

     

    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    You have two AVs installed, Microsoft recommends only one, with AV software more is not better, more than one will and can hamper system performance and also produce false positives. Your call but you need to uninstall one.
     
    You can use this program to uninstall the one you want to remove
     

     
    Run AppRemover  
     
    Vista , Win 7 users, right click on the icon and select "run as administrator"
     
    Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
  • Follow the last step and reboot if asked to do so.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 28 October 2014 - 12:45 AM

    Thanks, will do.  



    #10 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 29 October 2014 - 10:20 PM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014
    Ran by HP_Administrator (administrator) on YOUR-55E5F9E3D2 on 29-10-2014 21:15:34
    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads
    Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 6
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Agere Systems) C:\WINDOWS\AGRSMMSG.exe
    (Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
    (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
    (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
    (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    () C:\Program Files\Unlocker\UnlockerAssistant.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    () C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\FRST (1).exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
    HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
    HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
    HKLM\...\Run: [HPHUPD06] => c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
    HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
    HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
    HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
    HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
    HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
    HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
    HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-10-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2742272 2004-10-13] (RealTek Semicoductor Corp.)
    HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2004-10-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
    HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2006-09-07] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2004-08-10] (Microsoft Corporation)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoCDBurning] 1
    HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoLogOff] 0
    Lsa: [Notification Packages] :\WINDOW
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
    URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
    Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF Plugin: @real.com/nppl3260;version=6.0.11.1879 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.1939 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.872 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-21]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-26]
     
    Chrome: 
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
    S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
    S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
    S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
    S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
    S4 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2006-02-23] (Apple Computer, Inc.) [File not signed]
    S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-21] (Sun Microsystems, Inc.)
    R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] () [File not signed]
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
    S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
    S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
    S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
    S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
    S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
    S2 uploadmgr; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-15] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-15] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-15] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-15] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-15] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-15] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-15] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-15] ()
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
    R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-11-11] (Conexant Systems, Inc.)
    R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-11-11] (Conexant Systems, Inc.)
    R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-11-11] (Conexant Systems, Inc.)
    R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31360 2004-11-11] (Conexant Systems, Inc.)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
    S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
    R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46208 2004-08-10] (Microsoft Corporation)
    R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
    R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2004-08-04] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
    R3 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)
    R3 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [70016 2008-12-16] (Windows ® 2000 DDK provider)
    R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-03] (VSO Software) [File not signed]
    R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-03-15] (Sonic Solutions) [File not signed]
    R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [68168 2010-05-14] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
    R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
    S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
    S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
    R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
    S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
    R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
    S2 MCSTRM; No ImagePath
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-10] (Microsoft Corporation)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
    U1 WS2IFSL; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-26 21:51 - 2014-10-29 21:15 - 00000000 ____D () C:\FRST
    2014-10-25 19:41 - 2014-10-25 19:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
    2014-10-25 19:25 - 2014-10-25 19:32 - 00001352 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt
    2014-10-24 00:04 - 2014-10-24 00:04 - 00000000 ____D () C:\WINDOWS\pchealth
    2014-10-22 15:07 - 2014-10-22 15:07 - 00000142 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\SEARCH.url
    2014-10-19 23:11 - 2014-10-20 18:00 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-19 23:11 - 2014-10-19 23:11 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-19 23:11 - 2014-10-19 23:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-10-19 23:11 - 2014-10-19 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-19 23:11 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-19 23:11 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-10-19 17:18 - 2014-10-23 23:16 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
    2014-10-19 17:18 - 2014-10-19 17:18 - 00001409 _____ () C:\WINDOWS\QTFont.for
    2014-10-19 14:49 - 2014-10-19 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-10-19 14:49 - 2014-10-19 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 046.lnk
    2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 045.lnk
    2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 042.lnk
    2014-10-15 22:39 - 2014-10-15 22:39 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
    2014-10-15 22:33 - 2014-10-29 11:49 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-10-15 22:31 - 2014-10-29 20:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-15 22:31 - 2014-10-29 15:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-15 21:15 - 2014-10-15 21:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
    2014-10-15 21:08 - 2014-10-15 21:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-10-15 21:07 - 2014-10-15 21:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-10-15 21:04 - 2014-10-15 21:07 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-10-15 21:04 - 2014-10-15 21:07 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-10-15 21:04 - 2014-10-15 21:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-10-15 21:04 - 2014-10-15 21:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-29 21:16 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp
    2014-10-29 21:08 - 2012-07-12 14:56 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-10-29 21:00 - 2010-01-10 14:29 - 00000296 _____ () C:\WINDOWS\Tasks\ijmcbczm.job
    2014-10-29 20:54 - 2005-01-28 02:55 - 01213292 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-29 10:52 - 2005-04-30 15:53 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
    2014-10-29 10:52 - 2005-01-27 18:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-10-29 10:52 - 2005-01-27 18:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-10-29 10:51 - 2005-01-28 02:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-29 10:51 - 2005-01-28 02:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-10-26 22:15 - 2005-01-28 02:55 - 00032014 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-10-26 22:14 - 2010-01-14 11:58 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\ntuser.ini
    2014-10-26 22:05 - 2005-05-14 21:30 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
    2014-10-25 19:41 - 2006-06-23 13:59 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-10-24 00:07 - 2005-03-15 18:46 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2014-10-23 23:54 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
    2014-10-19 23:31 - 2010-01-16 22:19 - 00000000 __HDC () C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2014-10-19 23:30 - 2009-09-23 12:15 - 00000000 ____D () C:\Program Files\Shared
    2014-10-19 23:11 - 2008-12-02 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-10-19 21:19 - 2005-01-27 12:10 - 00000000 ____D () C:\WINDOWS\I386
    2014-10-19 18:58 - 2005-01-28 02:41 - 00000653 _____ () C:\WINDOWS\win.ini
    2014-10-19 18:58 - 2005-01-27 21:58 - 00000279 __RSH () C:\boot.ini
    2014-10-19 18:58 - 2005-01-27 18:30 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-10-19 18:11 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
    2014-10-19 14:49 - 2005-10-27 12:02 - 00000000 ____D () C:\Program Files\Google
    2014-10-16 16:32 - 2013-08-01 09:18 - 00002515 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Microsoft Office Word 2007.lnk
    2014-10-16 11:05 - 2010-01-19 13:03 - 00009244 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
    2014-10-15 21:15 - 2012-01-26 19:11 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-10-15 21:08 - 2012-01-26 19:11 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-10-15 21:07 - 2012-01-26 19:11 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-10-15 21:07 - 2012-01-26 19:11 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-10-15 21:07 - 2012-01-26 19:11 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-10-15 21:07 - 2012-01-26 19:11 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-10-15 21:04 - 2005-01-28 02:41 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
    2014-10-15 13:01 - 2005-03-15 18:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-10-15 13:01 - 2005-03-15 18:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-10-15 13:01 - 2005-01-27 18:44 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-10-15 13:00 - 2005-01-27 19:16 - 00000000 ____D () C:\WINDOWS\Registration
    2014-10-04 11:02 - 2010-12-09 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CmdLineExtInstallerExe.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drm_dyndata_7360012.dll
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\res271.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================

      Advertisements

    Register to Remove


    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 30 October 2014 - 05:48 AM

    Your system is very outdated and insecure

     

    Microsoft Windows XP Professional Service Pack 2 
    Internet Explorer Version 6
     
    Read this please
     
    You should have the latest service pack 3 but I dont think that your windows updates will work any longer leaving your system very vulnerable to infection
     
    Internet Explorer 6 is a very insecure browser , one of the most insecure in the Internet Explorer line
     
    I would strongly suggest to upgrading this system to Windows 7 or think about getting a new computer, if you decide to keep this one I would be very hesitant about doing any online banking or purchases with a credit card
     
     
     
     
     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
    C:\WINDOWS\system32\jebufijo.dll
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 31 October 2014 - 10:42 PM

    thank you very much for your help. could you tell me how to save a notepad file to either a directory or desktop. on this version of notepad all i have is new, open, save, and save as.



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 04:07 AM

    All our tools and scanners work more efficiently from the desktop, thats what the instructions state when downloading FRST, but this is where you saved it and are running it from

     

    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads <--Go into your downloads folder and look for FRST, when you find it right click on it and select CUT, then come back to the desktop and right click on a blank area and select PASTE

     

    Then save the Fixlog to your desktop , use your mouse to move it close to FRST, either below or above it but not right on it and open FRST and click on FIX


    • sleepybear likes this

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 01 November 2014 - 10:04 PM

    I am getting the message ' no fixlist.txt found' yet it is on there. I have it on the desktop right next to FRST as well as under documents/downloads. Could this problem of not finding this file have something to do with Farbar updating recently? It automatically made a new folder in my documents just now saying 'FRST older version'.   I will copy the fixlist.txt below if it helps you.
     


    Edited by sleepybear, 01 November 2014 - 10:30 PM.


    #15 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 01 November 2014 - 10:30 PM

    Start
    CloseProcesses:
    Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
    C:\WINDOWS\system32\jebufijo.dll
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users