Could someone please lead me to any threads with help on the older "pc healthcenter, helpcenter" virus?
Thank you
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
-
This topic is locked
74 replies to this topic
Register to Remove
#2
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 24 October 2014 - 04:58 AM
Its not a good practice to do what someone else has done ,all systems are different and what one of our tools can do on one system may damage another, its always best just to post and let one of our helpers help you, for example one of our old tools can damage a system if a fix is run on windows 8
Please download aswMBR to your desktop.- Double click the aswMBR icon to run it.
I just want to see the report....Please Do Not Fix Anything
============================================================================
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
*List BCD
*Drivers MD5
*Shortcut txt
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#3
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 24 October 2014 - 11:51 PM
Thank you. Will do.
#4
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 25 October 2014 - 08:39 PM
aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-25 19:23:08
-----------------------------
19:23:08.373 OS Version: Windows 5.1.2600 Service Pack 2
19:23:08.373 Number of processors: 2 586 0x403
19:23:08.373 ComputerName: YOUR-55E5F9E3D2 UserName:
19:23:09.139 Initialize success
19:23:09.139 VM: initialized successfully
19:23:09.201 VM: Intel CPU virtualization not supported
19:23:09.217 supported disk I/O atapi.sys
19:23:14.719 AVAST engine defs: 14102501
19:25:21.114 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt"
On the farbar scan tool download for 64 bit | keep getting "threat has been detected" by avast. and will not download.
#5
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 26 October 2014 - 05:57 AM
None of our tools are infected but some anti virus programs detected them as bad, disable your antivirus so you can download and run FRST
http://www.bleepingc...lware-programs/
If it still wont work than download it from another computer and transfer it by usb flash drive to the infected one
Also, your aswMBR log is incomplete
- sleepybear likes this
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#6
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 26 October 2014 - 11:02 PM
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by HP_Administrator at 2014-10-26 21:58:09
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version: - )
Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden
ccCommon (Version: 103.0.2.10 - Symantec) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden
Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version: - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden
FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version: - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version: - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Diagnostic Assistant (Version: 1.0.0.0 - Hewlett-Packard) Hidden
HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)
HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)
HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)
HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)
HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version: - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)
HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version: - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version: - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)
iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)
iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version: - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
LS_HSI (Version: 1.0.16.2 - Integrator) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version: - )
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden
Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden
Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden
Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version: - )
OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version: - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PDF Reader (HKCU\...\PDF Reader) (Version: - )
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version: - )
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version: - )
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden
Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SPBBC (Version: 1.00.0000 - Your Company Name) Hidden
Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version: - Microsoft Corporation)
Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version: - )
Visual J# .NET Redistributable Package (Version: 1.0.4205 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version: - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)
Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
==================== Restore Points =========================
23-07-2014 01:46:56 System Checkpoint
29-07-2014 19:23:54 System Checkpoint
31-07-2014 00:51:04 System Checkpoint
04-08-2014 18:42:35 System Checkpoint
06-08-2014 04:44:37 System Checkpoint
10-08-2014 18:32:31 System Checkpoint
12-08-2014 02:29:17 System Checkpoint
13-08-2014 23:13:49 System Checkpoint
16-08-2014 00:29:05 System Checkpoint
20-08-2014 22:18:28 System Checkpoint
22-08-2014 01:44:00 System Checkpoint
23-08-2014 22:38:37 System Checkpoint
25-08-2014 18:56:24 System Checkpoint
28-08-2014 17:52:56 System Checkpoint
30-08-2014 03:52:59 System Checkpoint
02-09-2014 17:28:30 System Checkpoint
05-09-2014 00:14:25 System Checkpoint
09-09-2014 00:34:39 System Checkpoint
10-09-2014 19:12:36 System Checkpoint
12-09-2014 16:46:04 System Checkpoint
15-09-2014 16:07:11 System Checkpoint
17-09-2014 02:25:03 System Checkpoint
18-09-2014 20:44:17 System Checkpoint
20-09-2014 04:11:10 System Checkpoint
26-09-2014 00:37:40 System Checkpoint
28-09-2014 06:07:59 System Checkpoint
29-09-2014 19:59:37 System Checkpoint
02-10-2014 19:37:02 System Checkpoint
04-10-2014 17:48:38 System Checkpoint
06-10-2014 20:50:54 System Checkpoint
10-10-2014 04:23:48 System Checkpoint
15-10-2014 19:58:30 Restore Operation
16-10-2014 04:05:15 avast! antivirus system restore point
18-10-2014 16:57:09 System Checkpoint
19-10-2014 21:45:24 Restore Operation
19-10-2014 21:51:35 Restore Operation
20-10-2014 01:54:17 Removed Sonic Express Labeler
20-10-2014 01:54:45 Removed Sonic RecordNow!
21-10-2014 03:19:04 System Checkpoint
24-10-2014 01:34:27 System Checkpoint
26-10-2014 03:44:50 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 11:00 - 2004-08-10 11:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
==================== Loaded Modules (whitelisted) =============
2012-01-26 19:11 - 2014-10-15 21:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 19:06 - 2014-10-25 19:06 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll
2014-10-26 21:52 - 2014-10-26 21:52 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll
2006-09-07 10:18 - 2006-09-07 10:18 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2006-09-07 10:19 - 2006-09-07 10:19 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-10-15 21:07 - 2014-10-15 21:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-09 12:35 - 2010-04-05 12:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2004-09-23 17:30 - 2004-09-23 17:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe
2004-08-10 05:00 - 2004-08-10 05:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 05:00 - 2004-08-10 05:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-10-15 22:33 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 22:33 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSConfig => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)
Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)
HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2014 11:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (10/19/2014 09:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
Error: (10/19/2014 05:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 137941937.
Error: (10/19/2014 05:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (10/16/2014 00:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/19/2014 10:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/15/2014 07:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket -1328525754.
Error: (09/15/2014 07:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/10/2014 08:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/15/2014 09:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079
Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (10/26/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126
Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079
Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (10/25/2014 07:41:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126
Error: (10/25/2014 07:07:08 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079
Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (10/25/2014 07:06:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 74%
Total physical RAM: 1015.29 MB
Available physical RAM: 257.43 MB
Total Pagefile: 2442.8 MB
Available Pagefile: 1655.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.14 MB
==================== Drives ================================
Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:24.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Edited by sleepybear, 27 October 2014 - 12:08 AM.
#7
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 26 October 2014 - 11:09 PM
aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-26 22:04:51
-----------------------------
22:04:51.037 OS Version: Windows 5.1.2600 Service Pack 2
22:04:51.037 Number of processors: 2 586 0x403
22:04:51.037 ComputerName: YOUR-55E5F9E3D2 UserName:
22:04:51.505 Initialize success
22:04:51.505 VM: initialized successfully
22:04:51.568 VM: Intel CPU virtualization not supported
22:04:51.584 supported disk I/O atapi.sys
22:04:56.897 AVAST engine defs: 14102601
22:05:07.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
22:05:07.134 Disk 0 Vendor: WDC_WD2000JD-22HBB0 08.02D08 Size: 190782MB BusType: 3
22:05:07.368 Disk 0 MBR read successfully I/O
22:05:07.368 Disk 0 MBR scan
22:05:07.509 Disk 0 unknown MBR code
22:05:07.509 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 7139 MB offset 63
22:05:07.524 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183632 MB offset 14621040
22:05:07.524 Disk 0 unknown boot code
22:05:07.540 Disk 0 statistics 263/16/0 @ 0.51 MB/s
22:05:07.540 Scan finished successfully
22:05:14.776 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\MBR.dat"
22:05:14.776 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\aswMBR.txt"
#8
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 27 October 2014 - 05:52 AM
Good Morning,
You posted the additions log for FRST but I need to see the main FRST log also, this is the most important one
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
You have two AVs installed, Microsoft recommends only one, with AV software more is not better, more than one will and can hamper system performance and also produce false positives. Your call but you need to uninstall one.
You can use this program to uninstall the one you want to remove
Run AppRemover
Vista , Win 7 users, right click on the icon and select "run as administrator"
Please download AppRemover and save it to your desktop.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#9
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 28 October 2014 - 12:45 AM
Thanks, will do.
#10
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 29 October 2014 - 10:20 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014
Ran by HP_Administrator (administrator) on YOUR-55E5F9E3D2 on 29-10-2014 21:15:34
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [HPHUPD06] => c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2742272 2004-10-13] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2004-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2006-09-07] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2004-08-10] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Notification Packages] :\WINDOW
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.1879 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1939 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.872 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-26]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2006-02-23] (Apple Computer, Inc.) [File not signed]
S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-21] (Sun Microsystems, Inc.)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S2 uploadmgr; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-15] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-11-11] (Conexant Systems, Inc.)
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-11-11] (Conexant Systems, Inc.)
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-11-11] (Conexant Systems, Inc.)
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31360 2004-11-11] (Conexant Systems, Inc.)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46208 2004-08-10] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2004-08-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)
R3 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [70016 2008-12-16] (Windows ® 2000 DDK provider)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-03] (VSO Software) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-03-15] (Sonic Solutions) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [68168 2010-05-14] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
S2 MCSTRM; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-10] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 21:51 - 2014-10-29 21:15 - 00000000 ____D () C:\FRST
2014-10-25 19:41 - 2014-10-25 19:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
2014-10-25 19:25 - 2014-10-25 19:32 - 00001352 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt
2014-10-24 00:04 - 2014-10-24 00:04 - 00000000 ____D () C:\WINDOWS\pchealth
2014-10-22 15:07 - 2014-10-22 15:07 - 00000142 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\SEARCH.url
2014-10-19 23:11 - 2014-10-20 18:00 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 23:11 - 2014-10-19 23:11 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 23:11 - 2014-10-19 23:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 23:11 - 2014-10-19 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 23:11 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-19 23:11 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-19 17:18 - 2014-10-23 23:16 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-10-19 17:18 - 2014-10-19 17:18 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-10-19 14:49 - 2014-10-19 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-10-19 14:49 - 2014-10-19 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 046.lnk
2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 045.lnk
2014-10-18 23:26 - 2014-10-18 23:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 042.lnk
2014-10-15 22:39 - 2014-10-15 22:39 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
2014-10-15 22:33 - 2014-10-29 11:49 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-15 22:31 - 2014-10-29 20:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 22:31 - 2014-10-29 15:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 21:15 - 2014-10-15 21:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
2014-10-15 21:08 - 2014-10-15 21:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-15 21:07 - 2014-10-15 21:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-10-15 21:04 - 2014-10-15 21:07 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-15 21:04 - 2014-10-15 21:07 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-15 21:04 - 2014-10-15 21:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-15 21:04 - 2014-10-15 21:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-29 21:16 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp
2014-10-29 21:08 - 2012-07-12 14:56 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-29 21:00 - 2010-01-10 14:29 - 00000296 _____ () C:\WINDOWS\Tasks\ijmcbczm.job
2014-10-29 20:54 - 2005-01-28 02:55 - 01213292 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-29 10:52 - 2005-04-30 15:53 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2014-10-29 10:52 - 2005-01-27 18:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-29 10:52 - 2005-01-27 18:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-29 10:51 - 2005-01-28 02:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-29 10:51 - 2005-01-28 02:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-26 22:15 - 2005-01-28 02:55 - 00032014 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-26 22:14 - 2010-01-14 11:58 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\ntuser.ini
2014-10-26 22:05 - 2005-05-14 21:30 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-25 19:41 - 2006-06-23 13:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-24 00:07 - 2005-03-15 18:46 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-10-23 23:54 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
2014-10-19 23:31 - 2010-01-16 22:19 - 00000000 __HDC () C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2014-10-19 23:30 - 2009-09-23 12:15 - 00000000 ____D () C:\Program Files\Shared
2014-10-19 23:11 - 2008-12-02 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-19 21:19 - 2005-01-27 12:10 - 00000000 ____D () C:\WINDOWS\I386
2014-10-19 18:58 - 2005-01-28 02:41 - 00000653 _____ () C:\WINDOWS\win.ini
2014-10-19 18:58 - 2005-01-27 21:58 - 00000279 __RSH () C:\boot.ini
2014-10-19 18:58 - 2005-01-27 18:30 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-19 18:11 - 2010-01-14 11:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
2014-10-19 14:49 - 2005-10-27 12:02 - 00000000 ____D () C:\Program Files\Google
2014-10-16 16:32 - 2013-08-01 09:18 - 00002515 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Microsoft Office Word 2007.lnk
2014-10-16 11:05 - 2010-01-19 13:03 - 00009244 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
2014-10-15 21:15 - 2012-01-26 19:11 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-10-15 21:08 - 2012-01-26 19:11 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-10-15 21:07 - 2012-01-26 19:11 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-15 21:07 - 2012-01-26 19:11 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-10-15 21:07 - 2012-01-26 19:11 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-10-15 21:07 - 2012-01-26 19:11 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-10-15 21:04 - 2005-01-28 02:41 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-10-15 13:01 - 2005-03-15 18:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-15 13:01 - 2005-03-15 18:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-15 13:01 - 2005-01-27 18:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-15 13:00 - 2005-01-27 19:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-04 11:02 - 2010-12-09 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CmdLineExtInstallerExe.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drm_dyndata_7360012.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\res271.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Register to Remove
#11
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 30 October 2014 - 05:48 AM
Your system is very outdated and insecure
Microsoft Windows XP Professional Service Pack 2
Internet Explorer Version 6
Read this please
You should have the latest service pack 3 but I dont think that your windows updates will work any longer leaving your system very vulnerable to infection
Internet Explorer 6 is a very insecure browser , one of the most insecure in the Internet Explorer line
I would strongly suggest to upgrading this system to Windows 7 or think about getting a new computer, if you decide to keep this one I would be very hesitant about doing any online banking or purchases with a credit card
Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
Start
CloseProcesses:
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
C:\WINDOWS\system32\jebufijo.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#12
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 31 October 2014 - 10:42 PM
thank you very much for your help. could you tell me how to save a notepad file to either a directory or desktop. on this version of notepad all i have is new, open, save, and save as.
#13
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 01 November 2014 - 04:07 AM
All our tools and scanners work more efficiently from the desktop, thats what the instructions state when downloading FRST, but this is where you saved it and are running it from
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads <--Go into your downloads folder and look for FRST, when you find it right click on it and select CUT, then come back to the desktop and right click on a blank area and select PASTE
Then save the Fixlog to your desktop , use your mouse to move it close to FRST, either below or above it but not right on it and open FRST and click on FIX
- sleepybear likes this
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#14
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 01 November 2014 - 10:04 PM
I am getting the message ' no fixlist.txt found' yet it is on there. I have it on the desktop right next to FRST as well as under documents/downloads. Could this problem of not finding this file have something to do with Farbar updating recently? It automatically made a new folder in my documents just now saying 'FRST older version'. I will copy the fixlist.txt below if it helps you.
Edited by sleepybear, 01 November 2014 - 10:30 PM.
#15
sleepybear
-
- Authentic Member
-
- 61 posts
Authentic Member
Posted 01 November 2014 - 10:30 PM
Start
CloseProcesses:
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
C:\WINDOWS\system32\jebufijo.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
