Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please lead me to thread [Solved]

pc healthcenter

  • This topic is locked This topic is locked
74 replies to this topic

#31 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 05 November 2014 - 05:24 PM

Farbar Recovery Scan Tool (x86) Version: 02-11-2014

Ran by HP_Administrator at 2014-11-05 15:23:24
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Boot Mode: Normal
 
================== Search Registry: "pc health" ===========
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="pc health"
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="pc healthcenter"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"
 
====== End Of Search ======

    Advertisements

Register to Remove


#32 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 05 November 2014 - 05:28 PM

Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by HP_Administrator at 2014-11-05 15:24:35
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Boot Mode: Normal
 
================== Search: "pc health" ===================
 
=== End Of Search ===


#33 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 November 2014 - 05:41 PM

Those are legit, try PC HEALTH KIT



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#34 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 November 2014 - 05:46 PM

Then run this tool

 

Download ComboFix from one of these locations:
 
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  •  
  • Double click on ComboFix.exe & follow the prompts.
  •  
    For Windows XP Users
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
  •  
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #35 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 06:57 PM

    I've got a WARNING from Combo Fix with two loud beeps.

    I'm borrowing a friends laptop to bring you this.

     

    It says:  Combo Fix has detected that Norton internet security is running.  So I went into start menu\Programs and found Norton's folder there but no files inside, it's completely empty. Is it safe to click OK on this warning to proceed?  I had Norton on here about 6 years ago and thought there was no trace of it left after starting with Avast.

     

     

    BTW: The searches I ran for the words  "pc health kit' also came up blank with FRST


    Edited by sleepybear, 05 November 2014 - 07:02 PM.


    #36 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 07:45 PM

    Go ahead and run Combofix, see if you can disable Avast and we can remove Norton when where done

     

    http://www.bleepingc...lware-programs/

     

    You can try this to disable Norton

     

    Go to Start > Run and type in services.msc    , press enter on your keyboard, when it loads   look for Norton and right click on it and set its status as disabled



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #37 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 07:59 PM

    OK many thanks.

    I found Norton there where you said in services. It does show "disabled"

    I'll continue combofix now.



    #38 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 08:37 PM

    ComboFix 14-10-29.01 - HP_Administrator 11/05/2014  18:06:10.1.2 - x86

    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1015.635 [GMT -8:00]
    Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\inst.exe
    c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\~WRL0003.tmp
    c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\WINDOWS
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\program files\Common Files\ohijymudul.dl
    c:\program files\Shared
    c:\windows\$msi31uninstall_kb893803v2$
    c:\windows\$msi31uninstall_kb893803v2$\msi.dll
    c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
    c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
    c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
    c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
    c:\windows\$msi31uninstall_kb893803v2$\reg00013
    c:\windows\$msi31uninstall_kb893803v2$\reg00014
    c:\windows\$msi31uninstall_kb893803v2$\reg00015
    c:\windows\$msi31uninstall_kb893803v2$\reg00016
    c:\windows\$msi31uninstall_kb893803v2$\reg00017
    c:\windows\$msi31uninstall_kb893803v2$\reg00018
    c:\windows\$msi31uninstall_kb893803v2$\reg00019
    c:\windows\$msi31uninstall_kb893803v2$\reg00020
    c:\windows\$msi31uninstall_kb893803v2$\reg00021
    c:\windows\$msi31uninstall_kb893803v2$\reg00022
    c:\windows\$msi31uninstall_kb893803v2$\reg00023
    c:\windows\$msi31uninstall_kb893803v2$\reg00024
    c:\windows\$msi31uninstall_kb893803v2$\reg00025
    c:\windows\$msi31uninstall_kb893803v2$\reg00026
    c:\windows\$msi31uninstall_kb893803v2$\reg00027
    c:\windows\$msi31uninstall_kb893803v2$\reg00028
    c:\windows\$msi31uninstall_kb893803v2$\reg00029
    c:\windows\$msi31uninstall_kb893803v2$\reg00030
    c:\windows\$msi31uninstall_kb893803v2$\reg00031
    c:\windows\$msi31uninstall_kb893803v2$\reg00032
    c:\windows\$msi31uninstall_kb893803v2$\reg00033
    c:\windows\$msi31uninstall_kb893803v2$\reg00034
    c:\windows\$msi31uninstall_kb893803v2$\reg00035
    c:\windows\$msi31uninstall_kb893803v2$\reg00036
    c:\windows\$msi31uninstall_kb893803v2$\reg00037
    c:\windows\$msi31uninstall_kb893803v2$\reg00038
    c:\windows\$msi31uninstall_kb893803v2$\reg00039
    c:\windows\$msi31uninstall_kb893803v2$\reg00040
    c:\windows\$msi31uninstall_kb893803v2$\reg00041
    c:\windows\$msi31uninstall_kb893803v2$\reg00042
    c:\windows\$msi31uninstall_kb893803v2$\reg00043
    c:\windows\$msi31uninstall_kb893803v2$\reg00044
    c:\windows\$msi31uninstall_kb893803v2$\reg00045
    c:\windows\$msi31uninstall_kb893803v2$\reg00046
    c:\windows\$msi31uninstall_kb893803v2$\reg00047
    c:\windows\$msi31uninstall_kb893803v2$\reg00048
    c:\windows\$msi31uninstall_kb893803v2$\reg00051
    c:\windows\$msi31uninstall_kb893803v2$\reg00052
    c:\windows\$msi31uninstall_kb893803v2$\reg00053
    c:\windows\$msi31uninstall_kb893803v2$\reg00054
    c:\windows\$msi31uninstall_kb893803v2$\reg00055
    c:\windows\$msi31uninstall_kb893803v2$\reg00056
    c:\windows\$msi31uninstall_kb893803v2$\reg00057
    c:\windows\$msi31uninstall_kb893803v2$\reg00058
    c:\windows\$msi31uninstall_kb893803v2$\reg00059
    c:\windows\$msi31uninstall_kb893803v2$\reg00060
    c:\windows\$msi31uninstall_kb893803v2$\reg00061
    c:\windows\$msi31uninstall_kb893803v2$\reg00062
    c:\windows\$msi31uninstall_kb893803v2$\reg00063
    c:\windows\$msi31uninstall_kb893803v2$\reg00064
    c:\windows\$msi31uninstall_kb893803v2$\reg00065
    c:\windows\$msi31uninstall_kb893803v2$\reg00066
    c:\windows\$msi31uninstall_kb893803v2$\reg00067
    c:\windows\$msi31uninstall_kb893803v2$\reg00068
    c:\windows\$msi31uninstall_kb893803v2$\reg00069
    c:\windows\$msi31uninstall_kb893803v2$\reg00070
    c:\windows\$msi31uninstall_kb893803v2$\reg00071
    c:\windows\$msi31uninstall_kb893803v2$\reg00072
    c:\windows\$msi31uninstall_kb893803v2$\reg00073
    c:\windows\$msi31uninstall_kb893803v2$\reg00074
    c:\windows\$msi31uninstall_kb893803v2$\reg00075
    c:\windows\$msi31uninstall_kb893803v2$\reg00076
    c:\windows\$msi31uninstall_kb893803v2$\reg00077
    c:\windows\$msi31uninstall_kb893803v2$\reg00078
    c:\windows\$msi31uninstall_kb893803v2$\reg00079
    c:\windows\$msi31uninstall_kb893803v2$\reg00080
    c:\windows\$msi31uninstall_kb893803v2$\reg00081
    c:\windows\$msi31uninstall_kb893803v2$\reg00082
    c:\windows\$msi31uninstall_kb893803v2$\reg00083
    c:\windows\$msi31uninstall_kb893803v2$\reg00084
    c:\windows\$msi31uninstall_kb893803v2$\reg00085
    c:\windows\$msi31uninstall_kb893803v2$\reg00086
    c:\windows\$msi31uninstall_kb893803v2$\reg00087
    c:\windows\$msi31uninstall_kb893803v2$\reg00088
    c:\windows\$msi31uninstall_kb893803v2$\reg00089
    c:\windows\$msi31uninstall_kb893803v2$\reg00090
    c:\windows\$msi31uninstall_kb893803v2$\reg00091
    c:\windows\$msi31uninstall_kb893803v2$\reg00092
    c:\windows\$msi31uninstall_kb893803v2$\reg00093
    c:\windows\$msi31uninstall_kb893803v2$\reg00094
    c:\windows\$msi31uninstall_kb893803v2$\reg00095
    c:\windows\$msi31uninstall_kb893803v2$\reg00096
    c:\windows\$msi31uninstall_kb893803v2$\reg00097
    c:\windows\$msi31uninstall_kb893803v2$\reg00098
    c:\windows\$msi31uninstall_kb893803v2$\reg00099
    c:\windows\$msi31uninstall_kb893803v2$\reg00100
    c:\windows\$msi31uninstall_kb893803v2$\reg00101
    c:\windows\$msi31uninstall_kb893803v2$\reg00102
    c:\windows\$msi31uninstall_kb893803v2$\reg00103
    c:\windows\$msi31uninstall_kb893803v2$\reg00104
    c:\windows\$msi31uninstall_kb893803v2$\reg00105
    c:\windows\$msi31uninstall_kb893803v2$\reg00106
    c:\windows\$msi31uninstall_kb893803v2$\reg00107
    c:\windows\$msi31uninstall_kb893803v2$\reg00108
    c:\windows\$msi31uninstall_kb893803v2$\reg00109
    c:\windows\$msi31uninstall_kb893803v2$\reg00110
    c:\windows\$msi31uninstall_kb893803v2$\reg00111
    c:\windows\$msi31uninstall_kb893803v2$\reg00112
    c:\windows\$msi31uninstall_kb893803v2$\reg00113
    c:\windows\$msi31uninstall_kb893803v2$\reg00114
    c:\windows\$msi31uninstall_kb893803v2$\reg00115
    c:\windows\$msi31uninstall_kb893803v2$\reg00116
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
    c:\windows\efev.dll
    c:\windows\iqeculu.exe
    c:\windows\iun6002.exe
    c:\windows\msvcr71.dll
    c:\windows\SET4C8.tmp
    c:\windows\system32\_008174_.tmp.dll
    c:\windows\system32\_008175_.tmp.dll
    c:\windows\system32\_008176_.tmp.dll
    c:\windows\system32\_008177_.tmp.dll
    c:\windows\system32\_008184_.tmp.dll
    c:\windows\system32\_008185_.tmp.dll
    c:\windows\system32\_008186_.tmp.dll
    c:\windows\system32\_008187_.tmp.dll
    c:\windows\system32\_008189_.tmp.dll
    c:\windows\system32\_008190_.tmp.dll
    c:\windows\system32\_008193_.tmp.dll
    c:\windows\system32\_008194_.tmp.dll
    c:\windows\system32\_008196_.tmp.dll
    c:\windows\system32\_008197_.tmp.dll
    c:\windows\system32\_008198_.tmp.dll
    c:\windows\system32\_008200_.tmp.dll
    c:\windows\system32\_008203_.tmp.dll
    c:\windows\system32\_008204_.tmp.dll
    c:\windows\system32\_008208_.tmp.dll
    c:\windows\system32\_008209_.tmp.dll
    c:\windows\system32\_008211_.tmp.dll
    c:\windows\system32\_008214_.tmp.dll
    c:\windows\system32\_008216_.tmp.dll
    c:\windows\system32\_008217_.tmp.dll
    c:\windows\system32\_008218_.tmp.dll
    c:\windows\system32\_008219_.tmp.dll
    c:\windows\system32\_008220_.tmp.dll
    c:\windows\system32\_008223_.tmp.dll
    c:\windows\system32\_008224_.tmp.dll
    c:\windows\system32\_008225_.tmp.dll
    c:\windows\system32\_008226_.tmp.dll
    c:\windows\system32\_008227_.tmp.dll
    c:\windows\system32\_008232_.tmp.dll
    c:\windows\system32\_008234_.tmp.dll
    c:\windows\system32\_008235_.tmp.dll
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\ps2.bat
    c:\windows\system32\SET18F.tmp
    c:\windows\system32\SET190.tmp
    c:\windows\system32\SET192.tmp
    c:\windows\system32\SET194.tmp
    c:\windows\system32\SET195.tmp
    c:\windows\system32\SET196.tmp
    c:\windows\system32\SET19D.tmp
    c:\windows\system32\SET19E.tmp
    c:\windows\system32\SET1A1.tmp
    c:\windows\system32\SET1A2.tmp
    c:\windows\system32\SET1A3.tmp
    c:\windows\system32\SET1AA.tmp
    c:\windows\system32\SET1AB.tmp
    c:\windows\system32\SET1AC.tmp
    c:\windows\system32\SET1AE.tmp
    c:\windows\system32\SET1AF.tmp
    c:\windows\system32\SET1B0.tmp
    c:\windows\system32\SET1B1.tmp
    c:\windows\system32\SET1B2.tmp
    c:\windows\system32\SET1B4.tmp
    c:\windows\system32\SET1B5.tmp
    c:\windows\system32\SET1B6.tmp
    c:\windows\system32\SET1B7.tmp
    c:\windows\system32\SET1BA.tmp
    c:\windows\system32\SET1C1.tmp
    c:\windows\system32\SET1C2.tmp
    c:\windows\system32\SET1C3.tmp
    c:\windows\system32\SET1C4.tmp
    c:\windows\system32\SET1C7.tmp
    c:\windows\system32\SET1C9.tmp
    c:\windows\system32\SET1CB.tmp
    c:\windows\system32\SET1D2.tmp
    c:\windows\system32\SET1D4.tmp
    c:\windows\system32\SET1D5.tmp
    c:\windows\system32\SET1D6.tmp
    c:\windows\system32\SET1D8.tmp
    c:\windows\system32\SET1D9.tmp
    c:\windows\system32\SET1DA.tmp
    c:\windows\system32\SET1DF.tmp
    c:\windows\system32\SET1E0.tmp
    c:\windows\system32\SET1E1.tmp
    c:\windows\system32\SET1E2.tmp
    c:\windows\system32\SET1E3.tmp
    c:\windows\system32\SET1E6.tmp
    c:\windows\system32\SET1E9.tmp
    c:\windows\system32\SET1EE.tmp
    c:\windows\system32\SET1EF.tmp
    c:\windows\system32\SET1F2.tmp
    c:\windows\system32\SET1F5.tmp
    c:\windows\system32\SET1F6.tmp
    c:\windows\system32\SET1FD.tmp
    c:\windows\system32\SET1FE.tmp
    c:\windows\system32\SET200.tmp
    c:\windows\system32\SET204.tmp
    c:\windows\system32\SET20D.tmp
    c:\windows\system32\SET20E.tmp
    c:\windows\system32\SET211.tmp
    c:\windows\system32\SET213.tmp
    c:\windows\system32\SET214.tmp
    c:\windows\system32\SET215.tmp
    c:\windows\system32\SET216.tmp
    c:\windows\system32\SET217.tmp
    c:\windows\system32\SET218.tmp
    c:\windows\system32\SET228.tmp
    c:\windows\system32\SET22D.tmp
    c:\windows\system32\SET22F.tmp
    c:\windows\system32\SET231.tmp
    c:\windows\system32\SET232.tmp
    c:\windows\system32\SET233.tmp
    c:\windows\system32\SET234.tmp
    c:\windows\system32\SET236.tmp
    c:\windows\system32\SET237.tmp
    c:\windows\system32\SET23B.tmp
    c:\windows\system32\SET23C.tmp
    c:\windows\system32\SET23F.tmp
    c:\windows\system32\SET240.tmp
    c:\windows\system32\SET241.tmp
    c:\windows\system32\SET247.tmp
    c:\windows\system32\SET248.tmp
    c:\windows\system32\SET249.tmp
    c:\windows\system32\SET251.tmp
    c:\windows\system32\SET257.tmp
    c:\windows\system32\SET258.tmp
    c:\windows\system32\SET259.tmp
    c:\windows\system32\SET25A.tmp
    c:\windows\system32\SET25C.tmp
    c:\windows\system32\SET261.tmp
    c:\windows\system32\SET262.tmp
    c:\windows\system32\SET26E.tmp
    c:\windows\system32\SET270.tmp
    c:\windows\system32\SET272.tmp
    c:\windows\system32\SET273.tmp
    c:\windows\system32\SET274.tmp
    c:\windows\system32\SET277.tmp
    c:\windows\system32\SET27F.tmp
    c:\windows\system32\SET281.tmp
    c:\windows\system32\SET282.tmp
    c:\windows\system32\SET285.tmp
    c:\windows\system32\SET287.tmp
    c:\windows\system32\SET28B.tmp
    c:\windows\system32\SET290.tmp
    c:\windows\system32\SET293.tmp
    c:\windows\system32\SET294.tmp
    c:\windows\system32\SET29D.tmp
    c:\windows\system32\SET29E.tmp
    c:\windows\system32\SET2A5.tmp
    c:\windows\system32\SET2A6.tmp
    c:\windows\system32\SET2A9.tmp
    c:\windows\system32\SET2AA.tmp
    c:\windows\system32\SET2AB.tmp
    c:\windows\system32\SET2AC.tmp
    c:\windows\system32\SET2AD.tmp
    c:\windows\system32\SET2AF.tmp
    c:\windows\system32\SET2B0.tmp
    c:\windows\system32\SET2B1.tmp
    c:\windows\system32\SET2B3.tmp
    c:\windows\system32\SET2B4.tmp
    c:\windows\system32\SET2B5.tmp
    c:\windows\system32\SET2B8.tmp
    c:\windows\system32\SET2BB.tmp
    c:\windows\system32\SET2C0.tmp
    c:\windows\system32\SET2C1.tmp
    c:\windows\system32\SET2C2.tmp
    c:\windows\system32\SET2C7.tmp
    c:\windows\system32\SET2C8.tmp
    c:\windows\system32\SET2C9.tmp
    c:\windows\system32\SET2CB.tmp
    c:\windows\system32\SET2CE.tmp
    c:\windows\system32\SET2D0.tmp
    c:\windows\system32\SET2D1.tmp
    c:\windows\system32\SET2D4.tmp
    c:\windows\system32\SET2D5.tmp
    c:\windows\system32\SET2D8.tmp
    c:\windows\system32\SET2DB.tmp
    c:\windows\system32\SET2DC.tmp
    c:\windows\system32\SET2E3.tmp
    c:\windows\system32\SET2E9.tmp
    c:\windows\system32\SET2EF.tmp
    c:\windows\system32\SET2F0.tmp
    c:\windows\system32\SET2F1.tmp
    c:\windows\system32\SET2F3.tmp
    c:\windows\system32\SET2F4.tmp
    c:\windows\system32\SET300.tmp
    c:\windows\system32\SET302.tmp
    c:\windows\system32\SET304.tmp
    c:\windows\system32\SET305.tmp
    c:\windows\system32\SET30A.tmp
    c:\windows\system32\SET310.tmp
    c:\windows\system32\SET311.tmp
    c:\windows\system32\SET312.tmp
    c:\windows\system32\SET313.tmp
    c:\windows\system32\SET314.tmp
    c:\windows\system32\SET315.tmp
    c:\windows\system32\SET317.tmp
    c:\windows\system32\SET319.tmp
    c:\windows\system32\SET31D.tmp
    c:\windows\system32\SET321.tmp
    c:\windows\system32\SET32B.tmp
    c:\windows\system32\SET32D.tmp
    c:\windows\system32\SET32F.tmp
    c:\windows\system32\SET330.tmp
    c:\windows\system32\SET331.tmp
    c:\windows\system32\SET333.tmp
    c:\windows\system32\SET334.tmp
    c:\windows\system32\SET339.tmp
    c:\windows\system32\SET33B.tmp
    c:\windows\system32\SET33C.tmp
    c:\windows\system32\SET342.tmp
    c:\windows\system32\SET34D.tmp
    c:\windows\system32\SET350.tmp
    c:\windows\system32\SET351.tmp
    c:\windows\system32\SET352.tmp
    c:\windows\system32\SET353.tmp
    c:\windows\system32\SET356.tmp
    c:\windows\system32\SET35E.tmp
    c:\windows\system32\SET362.tmp
    c:\windows\system32\SET365.tmp
    c:\windows\system32\SET367.tmp
    c:\windows\system32\SET36B.tmp
    c:\windows\system32\SET36C.tmp
    c:\windows\system32\SET36D.tmp
    c:\windows\system32\SET36E.tmp
    c:\windows\system32\SET36F.tmp
    c:\windows\system32\SET370.tmp
    c:\windows\system32\SET372.tmp
    c:\windows\system32\SET386.tmp
    c:\windows\system32\SET38A.tmp
    c:\windows\system32\SET38C.tmp
    c:\windows\system32\SET38E.tmp
    c:\windows\system32\SET395.tmp
    c:\windows\system32\SET39A.tmp
    c:\windows\system32\SET3B0.tmp
    c:\windows\system32\SET3B6.tmp
    c:\windows\system32\SET3B8.tmp
    c:\windows\system32\SET3B9.tmp
    c:\windows\system32\SET3BA.tmp
    c:\windows\system32\SET3BC.tmp
    c:\windows\system32\SET3C0.tmp
    c:\windows\system32\SET3C4.tmp
    c:\windows\system32\SET3CB.tmp
    c:\windows\system32\SET3CE.tmp
    c:\windows\system32\SET3D0.tmp
    c:\windows\system32\SET3D6.tmp
    c:\windows\system32\SET3E4.tmp
    c:\windows\system32\SET3E6.tmp
    c:\windows\system32\SET3E7.tmp
    c:\windows\system32\SET3E8.tmp
    c:\windows\system32\SET3F6.tmp
    c:\windows\system32\SET3FB.tmp
    c:\windows\system32\SET401.tmp
    c:\windows\system32\SET411.tmp
    c:\windows\system32\SET412.tmp
    c:\windows\system32\SET417.tmp
    c:\windows\system32\SET421.tmp
    c:\windows\system32\SET431.tmp
    c:\windows\system32\SET43C.tmp
    c:\windows\system32\SET43E.tmp
    c:\windows\system32\SET445.tmp
    c:\windows\system32\SET446.tmp
    c:\windows\system32\SET447.tmp
    c:\windows\system32\SET449.tmp
    c:\windows\system32\SET44A.tmp
    c:\windows\system32\SET44B.tmp
    c:\windows\system32\SET44E.tmp
    c:\windows\system32\SET450.tmp
    c:\windows\system32\SET451.tmp
    c:\windows\system32\SET453.tmp
    c:\windows\system32\SET456.tmp
    c:\windows\system32\SET458.tmp
    c:\windows\system32\SET45D.tmp
    c:\windows\system32\SET45E.tmp
    c:\windows\system32\SET466.tmp
    c:\windows\system32\SET46D.tmp
    c:\windows\system32\SET472.tmp
    c:\windows\system32\SET475.tmp
    c:\windows\system32\SET478.tmp
    c:\windows\system32\SET47A.tmp
    c:\windows\system32\SET47E.tmp
    c:\windows\system32\SET480.tmp
    c:\windows\system32\SET481.tmp
    c:\windows\system32\SET485.tmp
    c:\windows\system32\SET486.tmp
    c:\windows\system32\SET48A.tmp
    c:\windows\system32\SET48B.tmp
    c:\windows\system32\SET494.tmp
    c:\windows\system32\SET497.tmp
    c:\windows\system32\SET499.tmp
    c:\windows\system32\SET49C.tmp
    c:\windows\system32\SET49F.tmp
    c:\windows\system32\SET4A1.tmp
    c:\windows\system32\SET63D.tmp
    c:\windows\system32\SET641.tmp
    c:\windows\system32\SET646.tmp
    c:\windows\system32\SET64B.tmp
    c:\windows\system32\SET660.tmp
    c:\windows\system32\SET6A9.tmp
    c:\windows\system32\sp
    c:\windows\wasixuwyba.exe
    D:\Autorun.inf
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-10-06 to 2014-11-06  )))))))))))))))))))))))))))))))
    .
    .
    2014-11-05 03:53 . 2014-11-05 03:53 -------- d-----w- c:\program files\ESET
    2014-11-04 01:57 . 2014-11-04 01:57 -------- d-----w- c:\windows\ERUNT
    2014-11-04 01:37 . 2010-08-30 16:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-11-04 01:36 . 2014-11-04 01:47 -------- d-----w- C:\AdwCleaner
    2014-10-27 04:51 . 2014-11-06 00:31 -------- d-----w- C:\FRST
    2014-10-24 07:04 . 2014-11-06 02:23 -------- d-----w- c:\windows\pchealth
    2014-10-20 06:11 . 2014-11-04 06:05 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-20 06:11 . 2014-10-01 18:11 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-20 06:11 . 2014-10-20 06:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-10-20 06:11 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-20 00:18 . 2014-10-20 00:18 1409 ----a-w- c:\windows\QTFont.for
    2014-10-19 21:49 . 2014-10-19 21:49 -------- d-----w- c:\windows\jumpshot.com
    2014-10-16 05:39 . 2014-10-16 05:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
    2014-10-16 04:15 . 2014-10-16 04:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
    2014-10-16 04:08 . 2014-10-16 04:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-10-16 04:07 . 2014-10-16 04:07 43152 ----a-w- c:\windows\avastSS.scr
    2014-10-16 04:04 . 2014-10-16 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2014-10-16 04:04 . 2014-10-16 04:07 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-10-16 04:04 . 2014-10-16 04:07 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-10-16 04:04 . 2014-10-16 04:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-10-15 20:00 . 2014-10-15 20:00 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-16 04:15 . 2012-01-27 02:11 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-10-16 04:07 . 2012-01-27 02:11 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-10-16 04:07 . 2012-01-27 02:11 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-10-16 04:07 . 2012-01-27 02:11 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-10-16 04:07 . 2012-01-27 02:11 276432 ----a-w- c:\windows\system32\aswBoot.exe
    2009-10-01 04:09 . 2009-10-01 04:09 11841 ----a-w- c:\program files\Common Files\apiseseb.reg
    2009-10-01 04:09 . 2009-10-01 04:09 19313 ----a-w- c:\program files\Common Files\icezose.bat
    2009-09-30 22:09 . 2009-09-30 22:09 16820 ----a-w- c:\program files\Common Files\rupolope.dll
    2009-09-30 22:09 . 2009-09-30 22:09 11586 ----a-w- c:\program files\Common Files\agygy.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-10-16 04:07 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
    "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 33936]
    "SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
    "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
    "SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
    "AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-16 4085896]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
    backup=c:\windows\pss\Updates from HP.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-02-23 22:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 15:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-06-29 00:22 155648 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-05-15 00:33 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "navapsvc"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "YahooAUService"=2 (0x2)
    "iPodService"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/15/2014 8:04 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/15/2014 8:04 PM 192352]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 6:11 PM 779536]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/26/2012 6:11 PM 414520]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 68168]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/15/2014 8:08 PM 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/15/2014 8:04 PM 67824]
    R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]
    R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2010 6:43 PM 47360]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-29 18:48 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-16 04:07]
    .
    2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]
    .
    2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-dimsntfy - (no file)
    MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    MSConfigStartUp-MSConfig - c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe
    AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-11-05 18:24
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ... 
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithList]
    @Class="Shell"
    "a"="NOTEPAD.EXE"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithProgids]
    "Ç=8_auto_file"=hex(0):
    .
    [HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\SecuROM\License information*]
    "datasecu"=hex:fb,20,08,b5,1f,0b,a3,9d,20,02,b9,5f,6e,64,2a,cf,17,d9,68,0c,b9,
       b2,7d,31,7c,26,c7,10,c9,01,24,ca,3c,fc,0f,e4,bb,24,4d,ca,fa,3a,01,ec,55,98,\
    "rkeysecu"=hex:bd,47,83,32,2f,8a,32,ff,78,e0,de,39,57,df,50,ce
    .
    [HKEY_LOCAL_MACHINE\software\Classes\.*Ç*a""]
    @="Ç=8_auto_file"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Ç*a"©_*a*u*t*o*_*f*i*l*e*\shell\open\command]
    @=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
    @=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\open\command]
    @=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(648)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    - - - - - - - > 'explorer.exe'(2100)
    c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\AGRSMMSG.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\ALCWZRD.EXE
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-05  18:28:30 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-11-06 02:28
    .
    Pre-Run: 22,753,816,576 bytes free
    Post-Run: 22,671,310,848 bytes free
    .
    - - End Of File - - F7DE511B6C37BCEABD8C545E5B73464B
    0AC6D996BCE152AED9600E6D6B797E2E


    #39 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 09:01 PM

    Good, go ahead and run a new scan with FRST, checkmark Additions and post both logs

     

    Things any better ??


    • sleepybear likes this

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #40 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 09:09 PM

    WOW that was quite the fix!!!  Yes seems to be running faster. I will run that scan and search the keyboard errors.


      Advertisements

    Register to Remove


    #41 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 09:15 PM

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
    Ran by HP_Administrator at 2014-11-05 19:11:30
    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
    AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
    Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
    Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
    Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
    Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - )
    Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
    CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden
    ccCommon (Version: 103.0.2.10 - Symantec) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
    ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden
    Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version:  - )
    CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    DVDFab 6.0.6.0 (04/09/2009) (HKLM\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
    Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version:  - ) <==== ATTENTION
    Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
    Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
    HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)
    HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)
    HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)
    HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)
    HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
    HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
    HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)
    HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version:  - )
    InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
    InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
    InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
    InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)
    iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
    iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)
    iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden
    Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
    Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)
    KBD (HKLM\...\KBD) (Version:  - )
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LimeWire 5.5.8 (HKLM\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
    LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
    LS_HSI (Version: 1.0.16.2 - Integrator) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
    Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
    muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
    Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
    Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden
    Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden
    Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden
    Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden
    Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden
    OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
    Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version:  - )
    OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
    Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version:  - )
    PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
    PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
    PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
    Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
    PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    PS2 (HKLM\...\PS2) (Version:  - )
    PSPrinters06 (Version: 1.00.0000 - HP) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
    QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden
    Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
    Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    SPBBC (Version: 1.00.0000 - Your Company Name) Hidden
    Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)
    SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
    SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden
    TouchCopy (HKLM\...\{E5603502-8B28-4E47-985E-0EC112553381}) (Version: 4.40 - Wide Angle Software)
    TouchCopy 09 (HKLM\...\{B9F9B21A-E8A8-492F-8513-E5E107194232}) (Version: 9.59 - Wide Angle Software)
    TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
    Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
    Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
    Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version:  - Microsoft Corporation)
    Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
    Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
    Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)
    Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
    Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
    Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
    Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
    Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)
    Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
    YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
     
    ==================== Restore Points  =========================
     
    10-08-2014 18:32:31 System Checkpoint
    12-08-2014 02:29:17 System Checkpoint
    13-08-2014 23:13:49 System Checkpoint
    16-08-2014 00:29:05 System Checkpoint
    20-08-2014 22:18:28 System Checkpoint
    22-08-2014 01:44:00 System Checkpoint
    23-08-2014 22:38:37 System Checkpoint
    25-08-2014 18:56:24 System Checkpoint
    28-08-2014 17:52:56 System Checkpoint
    30-08-2014 03:52:59 System Checkpoint
    02-09-2014 17:28:30 System Checkpoint
    05-09-2014 00:14:25 System Checkpoint
    09-09-2014 00:34:39 System Checkpoint
    10-09-2014 19:12:36 System Checkpoint
    12-09-2014 16:46:04 System Checkpoint
    15-09-2014 16:07:11 System Checkpoint
    17-09-2014 02:25:03 System Checkpoint
    18-09-2014 20:44:17 System Checkpoint
    20-09-2014 04:11:10 System Checkpoint
    26-09-2014 00:37:40 System Checkpoint
    28-09-2014 06:07:59 System Checkpoint
    29-09-2014 19:59:37 System Checkpoint
    02-10-2014 19:37:02 System Checkpoint
    04-10-2014 17:48:38 System Checkpoint
    06-10-2014 20:50:54 System Checkpoint
    10-10-2014 04:23:48 System Checkpoint
    15-10-2014 19:58:30 Restore Operation
    16-10-2014 04:05:15 avast! antivirus system restore point
    18-10-2014 16:57:09 System Checkpoint
    19-10-2014 21:45:24 Restore Operation
    19-10-2014 21:51:35 Restore Operation
    20-10-2014 01:54:17 Removed Sonic Express Labeler
    20-10-2014 01:54:45 Removed Sonic RecordNow!
    21-10-2014 03:19:04 System Checkpoint
    24-10-2014 01:34:27 System Checkpoint
    26-10-2014 03:44:50 System Checkpoint
    29-10-2014 18:44:29 System Checkpoint
    01-11-2014 01:36:28 System Checkpoint
    02-11-2014 20:55:52 System Checkpoint
    04-11-2014 03:12:54 System Checkpoint
    05-11-2014 19:24:32 System Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2004-08-10 10:00 - 2014-11-05 18:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-01-26 18:11 - 2014-10-15 20:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-11-05 13:23 - 2014-11-05 13:23 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110501\algo.dll
    2010-12-09 11:35 - 2010-04-05 11:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2004-09-23 16:30 - 2004-09-23 16:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2004-09-23 16:30 - 2004-09-23 16:30 - 00122880 ____C () C:\Program Files\Common Files\lightscribe\LSCapi.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00022016 ____C () C:\Program Files\Common Files\lightscribe\LSLog.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00192512 ____C () C:\Program Files\Common Files\lightscribe\LSPrtEn.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00061440 ____C () C:\Program Files\Common Files\lightscribe\LSDrComm.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00033792 ____C () C:\Program Files\Common Files\lightscribe\LSSProxy.dll
    2014-10-15 20:07 - 2014-10-15 20:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2004-08-10 04:00 - 2004-08-10 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 04:00 - 2004-08-10 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-10-29 10:49 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-29 10:49 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)
    Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)
    HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
    SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/20/2014 10:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/19/2014 08:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [!ws!]
     
    Error: (10/19/2014 04:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 137941937.
     
    Error: (10/19/2014 04:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/16/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/19/2014 09:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/15/2014 06:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket -1328525754.
     
    Error: (09/15/2014 06:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/10/2014 07:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (08/15/2014 08:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (11/05/2014 06:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/05/2014 06:23:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (11/05/2014 06:23:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (11/05/2014 06:21:19 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
    Description: The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (11/04/2014 04:34:37 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
    Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
     
    Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.00GHz
    Percentage of memory in use: 60%
    Total physical RAM: 1015.29 MB
    Available physical RAM: 401.39 MB
    Total Pagefile: 2442.72 MB
    Available Pagefile: 1828.78 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1951.09 MB
     
    ==================== Drives ================================
     
    Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:21.15 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
    Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
    Ran by HP_Administrator at 2014-11-05 19:11:30
    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
    AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
    Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
    Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
    Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
    Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - )
    Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
    CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden
    ccCommon (Version: 103.0.2.10 - Symantec) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
    ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden
    Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version:  - )
    CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    DVDFab 6.0.6.0 (04/09/2009) (HKLM\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
    Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version:  - ) <==== ATTENTION
    Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
    Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
    HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)
    HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)
    HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)
    HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)
    HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
    HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
    HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)
    HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version:  - )
    InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
    InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
    InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
    InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)
    iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
    iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)
    iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden
    Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
    Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)
    KBD (HKLM\...\KBD) (Version:  - )
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LimeWire 5.5.8 (HKLM\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
    LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
    LS_HSI (Version: 1.0.16.2 - Integrator) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
    Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
    muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
    Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
    Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden
    Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden
    Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden
    Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden
    Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden
    OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
    Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version:  - )
    OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
    Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version:  - )
    PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
    PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
    PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
    Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
    PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    PS2 (HKLM\...\PS2) (Version:  - )
    PSPrinters06 (Version: 1.00.0000 - HP) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
    QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden
    Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
    Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    SPBBC (Version: 1.00.0000 - Your Company Name) Hidden
    Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)
    SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
    SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden
    TouchCopy (HKLM\...\{E5603502-8B28-4E47-985E-0EC112553381}) (Version: 4.40 - Wide Angle Software)
    TouchCopy 09 (HKLM\...\{B9F9B21A-E8A8-492F-8513-E5E107194232}) (Version: 9.59 - Wide Angle Software)
    TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
    Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
    Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
    Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version:  - Microsoft Corporation)
    Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
    Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
    Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)
    Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
    Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
    Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
    Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
    Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)
    Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
    YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
    CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
     
    ==================== Restore Points  =========================
     
    10-08-2014 18:32:31 System Checkpoint
    12-08-2014 02:29:17 System Checkpoint
    13-08-2014 23:13:49 System Checkpoint
    16-08-2014 00:29:05 System Checkpoint
    20-08-2014 22:18:28 System Checkpoint
    22-08-2014 01:44:00 System Checkpoint
    23-08-2014 22:38:37 System Checkpoint
    25-08-2014 18:56:24 System Checkpoint
    28-08-2014 17:52:56 System Checkpoint
    30-08-2014 03:52:59 System Checkpoint
    02-09-2014 17:28:30 System Checkpoint
    05-09-2014 00:14:25 System Checkpoint
    09-09-2014 00:34:39 System Checkpoint
    10-09-2014 19:12:36 System Checkpoint
    12-09-2014 16:46:04 System Checkpoint
    15-09-2014 16:07:11 System Checkpoint
    17-09-2014 02:25:03 System Checkpoint
    18-09-2014 20:44:17 System Checkpoint
    20-09-2014 04:11:10 System Checkpoint
    26-09-2014 00:37:40 System Checkpoint
    28-09-2014 06:07:59 System Checkpoint
    29-09-2014 19:59:37 System Checkpoint
    02-10-2014 19:37:02 System Checkpoint
    04-10-2014 17:48:38 System Checkpoint
    06-10-2014 20:50:54 System Checkpoint
    10-10-2014 04:23:48 System Checkpoint
    15-10-2014 19:58:30 Restore Operation
    16-10-2014 04:05:15 avast! antivirus system restore point
    18-10-2014 16:57:09 System Checkpoint
    19-10-2014 21:45:24 Restore Operation
    19-10-2014 21:51:35 Restore Operation
    20-10-2014 01:54:17 Removed Sonic Express Labeler
    20-10-2014 01:54:45 Removed Sonic RecordNow!
    21-10-2014 03:19:04 System Checkpoint
    24-10-2014 01:34:27 System Checkpoint
    26-10-2014 03:44:50 System Checkpoint
    29-10-2014 18:44:29 System Checkpoint
    01-11-2014 01:36:28 System Checkpoint
    02-11-2014 20:55:52 System Checkpoint
    04-11-2014 03:12:54 System Checkpoint
    05-11-2014 19:24:32 System Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2004-08-10 10:00 - 2014-11-05 18:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-01-26 18:11 - 2014-10-15 20:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-11-05 13:23 - 2014-11-05 13:23 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110501\algo.dll
    2010-12-09 11:35 - 2010-04-05 11:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2004-09-23 16:30 - 2004-09-23 16:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2004-09-23 16:30 - 2004-09-23 16:30 - 00122880 ____C () C:\Program Files\Common Files\lightscribe\LSCapi.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00022016 ____C () C:\Program Files\Common Files\lightscribe\LSLog.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00192512 ____C () C:\Program Files\Common Files\lightscribe\LSPrtEn.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00061440 ____C () C:\Program Files\Common Files\lightscribe\LSDrComm.dll
    2004-09-23 16:30 - 2004-09-23 16:30 - 00033792 ____C () C:\Program Files\Common Files\lightscribe\LSSProxy.dll
    2014-10-15 20:07 - 2014-10-15 20:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2004-08-10 04:00 - 2004-08-10 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 04:00 - 2004-08-10 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-10-29 10:49 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-29 10:49 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)
    Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)
    HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
    SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/20/2014 10:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/19/2014 08:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [!ws!]
     
    Error: (10/19/2014 04:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 137941937.
     
    Error: (10/19/2014 04:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (10/16/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/19/2014 09:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/15/2014 06:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket -1328525754.
     
    Error: (09/15/2014 06:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (09/10/2014 07:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (08/15/2014 08:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (11/05/2014 06:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/05/2014 06:23:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (11/05/2014 06:23:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (11/05/2014 06:21:19 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
    Description: The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
    Error: (11/05/2014 09:21:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Help and Support service terminated with the following error: 
    %%126
     
    Error: (11/04/2014 04:34:37 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
    Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
     
    Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Upload Manager service failed to start due to the following error: 
    %%1079
     
    Error: (11/04/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error: 
    %%2
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.00GHz
    Percentage of memory in use: 60%
    Total physical RAM: 1015.29 MB
    Available physical RAM: 401.39 MB
    Total Pagefile: 2442.72 MB
    Available Pagefile: 1828.78 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1951.09 MB
     
    ==================== Drives ================================
     
    Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:21.15 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
    Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #42 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 09:19 PM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
    Ran by HP_Administrator (administrator) on YOUR-55E5F9E3D2 on 05-11-2014 19:10:06
    Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
    Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 6
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    () C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Agere Systems) C:\WINDOWS\AGRSMMSG.exe
    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
    (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
    (Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
    (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
    HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
    HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-17] (Windows ® Server 2003 DDK provider)
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
    HKLM\...\Run: [HPHUPD06] => c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
    HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
    HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
    HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
    HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
    HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
    HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
    HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-10-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2742272 2004-10-13] (RealTek Semicoductor Corp.)
    HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
    HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2006-09-07] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
    HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2004-08-10] (Microsoft Corporation)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoCDBurning] 1
    HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: ""
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF Plugin: @real.com/nppl3260;version=6.0.11.1879 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.1939 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.872 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-21]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-26]
     
    Chrome: 
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
    S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
    S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
    S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
    S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
    S4 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2006-02-23] (Apple Computer, Inc.) [File not signed]
    S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-21] (Sun Microsystems, Inc.)
    R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] () [File not signed]
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
    S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
    S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
    S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
    S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
    S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
    S2 uploadmgr; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-15] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-15] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-15] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-15] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-15] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-15] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-15] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-15] ()
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
    R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-11-11] (Conexant Systems, Inc.)
    R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-11-11] (Conexant Systems, Inc.)
    R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-11-11] (Conexant Systems, Inc.)
    R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31360 2004-11-11] (Conexant Systems, Inc.)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
    S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider)
    R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46208 2004-08-10] (Microsoft Corporation)
    R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
    R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2004-08-03] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
    R3 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)
    R3 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [70016 2008-12-16] (Windows ® 2000 DDK provider)
    R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-03] (VSO Software) [File not signed]
    R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-03-15] (Sonic Solutions) [File not signed]
    R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [68168 2010-05-14] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
    R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
    S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
    S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
    R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
    S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
    R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
    R3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 MCSTRM; No ImagePath
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-10] (Microsoft Corporation)
    U3 mbr; \??\C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\mbr.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-05 18:28 - 2014-11-05 18:28 - 00031352 _____ () C:\ComboFix.txt
    2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
    2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
    2014-11-05 18:21 - 2014-11-05 19:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\temp
    2014-11-05 18:21 - 2014-11-05 18:21 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
    2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
    2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
    2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
    2014-11-05 18:02 - 2011-06-25 22:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-11-05 18:02 - 2010-11-07 09:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-11-05 18:02 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-11-05 18:02 - 2000-08-30 16:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-11-05 16:45 - 2014-11-05 18:28 - 00000000 ____D () C:\Qoobox
    2014-11-05 16:44 - 2014-11-05 18:27 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-11-05 16:34 - 2014-11-05 16:35 - 05591672 ____R (Swearware) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
    2014-11-05 13:19 - 2014-11-05 16:31 - 00000302 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Search.txt
    2014-11-04 22:12 - 2014-11-04 22:12 - 00000600 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.txt
    2014-11-04 19:53 - 2014-11-04 19:53 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\esetsmartinstaller_enu.exe
    2014-11-04 19:53 - 2014-11-04 19:53 - 00000000 ____D () C:\Program Files\ESET
    2014-11-03 22:32 - 2014-11-03 22:32 - 00001077 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\malwarescan.txt
    2014-11-03 17:57 - 2014-11-03 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-11-03 17:54 - 2014-11-03 17:55 - 01706359 _____ (Thisisu) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.exe
    2014-11-03 17:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
    2014-11-03 17:36 - 2014-11-03 17:47 - 00000000 ____D () C:\AdwCleaner
    2014-11-03 17:32 - 2014-11-03 17:32 - 01375089 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AdwCleaner.exe
    2014-11-02 18:27 - 2014-11-05 19:10 - 00018118 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.txt
    2014-11-02 18:22 - 2014-11-02 18:22 - 01106432 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.exe
    2014-10-26 20:51 - 2014-11-05 19:10 - 00000000 ____D () C:\FRST
    2014-10-25 18:41 - 2014-10-25 18:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
    2014-10-25 18:25 - 2014-10-25 18:32 - 00001352 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt
    2014-10-23 23:04 - 2014-11-05 18:23 - 00000000 ____D () C:\WINDOWS\pchealth
    2014-10-22 14:07 - 2014-10-22 14:07 - 00000142 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\SEARCH.url
    2014-10-19 22:11 - 2014-11-03 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-19 22:11 - 2014-10-19 22:11 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-19 22:11 - 2014-10-01 10:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-19 22:11 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-10-19 16:18 - 2014-10-23 22:16 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
    2014-10-19 16:18 - 2014-10-19 16:18 - 00001409 _____ () C:\WINDOWS\QTFont.for
    2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 046.lnk
    2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 045.lnk
    2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 042.lnk
    2014-10-15 21:39 - 2014-10-15 21:39 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
    2014-10-15 21:33 - 2014-10-29 10:49 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-10-15 21:31 - 2014-11-05 18:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-15 21:31 - 2014-11-05 18:23 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-15 20:15 - 2014-10-15 20:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
    2014-10-15 20:08 - 2014-10-15 20:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-10-15 20:07 - 2014-10-15 20:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-10-15 20:04 - 2014-10-15 20:07 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-10-15 20:04 - 2014-10-15 20:07 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-10-15 20:04 - 2014-10-15 20:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-10-15 20:04 - 2014-10-15 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-05 18:28 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-11-05 18:24 - 2005-01-28 01:55 - 01360236 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-05 18:24 - 2005-01-27 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-11-05 18:23 - 2012-07-12 13:56 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-11-05 18:23 - 2005-04-30 14:53 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
    2014-11-05 18:23 - 2005-01-28 01:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-05 18:23 - 2005-01-27 17:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-05 18:23 - 2005-01-27 17:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-11-05 18:22 - 2010-01-14 10:58 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\ntuser.ini
    2014-11-05 18:22 - 2005-01-28 01:55 - 37224448 _____ () C:\WINDOWS\system32\config\software.bak
    2014-11-05 18:22 - 2005-01-28 01:55 - 07077888 _____ () C:\WINDOWS\system32\config\system.bak
    2014-11-05 18:22 - 2005-01-28 01:55 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
    2014-11-05 18:22 - 2005-01-28 01:55 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak
    2014-11-05 18:22 - 2005-01-28 01:55 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
    2014-11-05 18:20 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
    2014-11-05 18:20 - 2005-01-27 17:44 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-11-05 18:02 - 2005-01-28 01:55 - 00032282 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-05 16:35 - 2005-05-14 20:30 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
    2014-11-03 17:47 - 2012-08-23 16:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-03 16:17 - 2005-03-15 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
    2014-11-02 19:05 - 2005-09-14 19:28 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec
    2014-11-02 19:05 - 2005-03-15 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
    2014-11-02 18:35 - 2005-01-27 13:38 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
    2014-11-02 11:33 - 2005-01-28 01:47 - 00441626 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-01 13:07 - 2010-12-09 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2014-10-31 16:33 - 2005-01-28 01:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-10-25 18:41 - 2006-06-23 12:59 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-10-23 23:07 - 2005-03-15 17:46 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2014-10-19 22:11 - 2008-12-02 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-10-19 20:19 - 2005-01-27 11:10 - 00000000 ____D () C:\WINDOWS\I386
    2014-10-19 17:58 - 2005-01-28 01:41 - 00000653 _____ () C:\WINDOWS\win.ini
    2014-10-19 17:58 - 2005-01-27 20:58 - 00000279 __RSH () C:\boot.ini
    2014-10-19 17:11 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
    2014-10-19 13:49 - 2005-10-27 11:02 - 00000000 ____D () C:\Program Files\Google
    2014-10-16 15:32 - 2013-08-01 08:18 - 00002515 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Microsoft Office Word 2007.lnk
    2014-10-16 10:05 - 2010-01-19 12:03 - 00009244 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
    2014-10-15 20:15 - 2012-01-26 18:11 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-10-15 20:08 - 2012-01-26 18:11 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-10-15 20:07 - 2012-01-26 18:11 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-10-15 20:07 - 2012-01-26 18:11 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-10-15 20:07 - 2012-01-26 18:11 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-10-15 20:07 - 2012-01-26 18:11 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-10-15 20:04 - 2005-01-28 01:41 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
    2014-10-15 12:01 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-10-15 12:00 - 2005-01-27 18:16 - 00000000 ____D () C:\WINDOWS\Registration
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\HP_Administrator\Local Settings\temp\CmdLineExtInstallerExe.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\temp\drm_dyndata_7360012.dll
    C:\Documents and Settings\HP_Administrator\Local Settings\temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\temp\res271.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================


    #43 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 09:45 PM

    I've tested the keyboard.  It has eliminated about half the bad keys. The most important SHIFT key is no longer infected. 

    I will continue looking through the system search for pc healthcenter helpcenter and kit.

    Thank you very much Ken for all your help!

     

    UPDATED:

    Under C:Windows\PCHealth  there are 2 files left.   Labeled  "helpctr" and "uploadlib" are these legitimate or virus?  The reason I ask is because there were more than 20 virus files in this same location earlier.


    Edited by sleepybear, 06 November 2014 - 12:16 AM.


    #44 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 November 2014 - 05:26 AM

    Those two files are fine because there is a legit program on your computer called PC Health

     

    Did you ever uninstall Norton like I posted earlier ? As I see many entries on your logs related to it

     

    Here it is again , if Norton shows up uninstall it, let me know what you did and then we can remove the leftovers using FRST

     

     

     
    Run AppRemover  
     
    Vista , Win 7 users, right click on the icon and select "run as administrator"
     
    Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
  • Follow the last step and reboot if asked to do so.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #45 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 07 November 2014 - 08:29 PM

    Thanks,  Yes I did but it was not on there to take off.  But I know what you mean it does still show on the log.  I will go through the search again.


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users