Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please lead me to thread [Solved]

pc healthcenter

  • This topic is locked This topic is locked
74 replies to this topic

#46 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 November 2014 - 08:37 PM

Run a new scan with FRST, plus Additions and we can remove it all



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#47 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 07 November 2014 - 09:01 PM

OK,  After reloading App remover and running it.  You get a screen that says "Detecting your installed applications" then about 2 minutes later a new screen appears and says "confirm items for removal"  There were only 3. Malwarebytes, Avast and Super Antispyware.  I deleted Super antispyware. There were no other choices to remove. I now will run FRST again.



#48 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 07 November 2014 - 09:07 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by HP_Administrator at 2014-11-07 19:05:27
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 43.0.213.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 43.0.213.000 - Hewlett-Packard) Hidden
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CameraDrivers (Version: 4.0.0.307 - Hewlett-Packard) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CC_ccProxyExt (Version: 103.0.2.10 - Symantec) Hidden
ccCommon (Version: 103.0.2.10 - Symantec) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
ccPxyCore (Version: 103.0.2.10 - Symantec) Hidden
Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwSharkTaleCards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from HP Media Center (remove only) (HKLM\...\3D61540E-C88C-4358-B6A1-DC26648F2A3D) (Version:  - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 43.0.213.000 - Hewlett-Packard) Hidden
DVDFab 6.0.6.0 (04/09/2009) (HKLM\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fax (Version: 43.0.213.000 - Hewlett-Packard) Hidden
FoxTab Video To MP3 Converter (remove only) (HKLM\...\FX - Video To Mp3) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Image Zone 4.5.3 (HKLM\...\HP Photo & Imaging) (Version: 4.5.3 - HP)
HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.02.001 - Hewlett-Packard Company)
HP Image Zone Plus 4.5.3 (HKLM\...\{D0420D64-8D33-4374-A2B2-9225C7925CA6}) (Version: 4.5.3 - HP)
HP Photosmart Cameras 4.0 (HKLM\...\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}) (Version: 4.0 - HP)
HP PSC & OfficeJet 4.0 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
HP Tunes (HKLM\...\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}) (Version: 1.00.7 - Hewlett-Packard Company)
HPIZplus450 (Version: 45.2.3 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version:  - )
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.681 - InterVideo Inc.)
iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}) (Version: 6.0.4.2 - Apple Computer, Inc.)
iTunes (Version: 6.0.4.2 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java™ 6 Update 19 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.190 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version:  - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LimeWire 5.5.8 (HKLM\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
LS_HSI (Version: 1.0.16.2 - Integrator) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version:  - )
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Norton AntiSpam (Version: 2005.1.0.163 - Symantec Corporation) Hidden
Norton AntiVirus 2005 (Version: 11.0.2 - Symantec Corporation) Hidden
Norton Internet Security (Version: 1.0.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 8.0.0.64 - Symantec Corporation) Hidden
Norton WMI Update (Version: 2005.1.0.111 - Symantec Corporation) Hidden
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Orbital from HP Media Center (remove only) (HKLM\...\24E45CE4-1683-4B71-B8AD-8D7B0A209088) (Version:  - )
OTtBP (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
Overball from HP Media Center (remove only) (HKLM\...\A8B63E91-BB8C-41FF-B530-5BB13C915612) (Version:  - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
QuickTime (Version: 7.0.4 - Apple Computer, Inc.) Hidden
Readme (Version: 43.0.213.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Snagit 9.1.2 (HKLM\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SPBBC (Version: 1.00.0000 - Your Company Name) Hidden
Starry Night Orion Special Edition (HKLM\...\Starry Night Orion Special Edition) (Version: 6.2.3.0 - Imaginova Canada Ltd.)
SymNet (Version: 5.4.2.17 - Symantec Corporation) Hidden
TouchCopy (HKLM\...\{E5603502-8B28-4E47-985E-0EC112553381}) (Version: 4.40 - Wide Angle Software)
TouchCopy 09 (HKLM\...\{B9F9B21A-E8A8-492F-8513-E5E107194232}) (Version: 9.59 - Wide Angle Software)
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
Updates from HP (HKLM\...\BackWeb-309731 Uninstaller) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version:  - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Windows XP Hotfix - KB885354 (HKLM\...\KB885354) (Version: 20040831.122610 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Wix Filters 2009 Catalog (HKLM\...\Wix Filters 2009 Catalog) (Version: 2009 - Wix Filters)
Wix Filters 2013 Catalog (HKLM\...\Wix Filters 2013 Catalog) (Version: 2013 - Wix Filters)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
YouTube Downloader 2.6.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2060318294-1635822940-3861741363-1008_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
 
==================== Restore Points  =========================
 
10-08-2014 18:32:31 System Checkpoint
12-08-2014 02:29:17 System Checkpoint
13-08-2014 23:13:49 System Checkpoint
16-08-2014 00:29:05 System Checkpoint
20-08-2014 22:18:28 System Checkpoint
22-08-2014 01:44:00 System Checkpoint
23-08-2014 22:38:37 System Checkpoint
25-08-2014 18:56:24 System Checkpoint
28-08-2014 17:52:56 System Checkpoint
30-08-2014 03:52:59 System Checkpoint
02-09-2014 17:28:30 System Checkpoint
05-09-2014 00:14:25 System Checkpoint
09-09-2014 00:34:39 System Checkpoint
10-09-2014 19:12:36 System Checkpoint
12-09-2014 16:46:04 System Checkpoint
15-09-2014 16:07:11 System Checkpoint
17-09-2014 02:25:03 System Checkpoint
18-09-2014 20:44:17 System Checkpoint
20-09-2014 04:11:10 System Checkpoint
26-09-2014 00:37:40 System Checkpoint
28-09-2014 06:07:59 System Checkpoint
29-09-2014 19:59:37 System Checkpoint
02-10-2014 19:37:02 System Checkpoint
04-10-2014 17:48:38 System Checkpoint
06-10-2014 20:50:54 System Checkpoint
10-10-2014 04:23:48 System Checkpoint
15-10-2014 19:58:30 Restore Operation
16-10-2014 04:05:15 avast! antivirus system restore point
18-10-2014 16:57:09 System Checkpoint
19-10-2014 21:45:24 Restore Operation
19-10-2014 21:51:35 Restore Operation
20-10-2014 01:54:17 Removed Sonic Express Labeler
20-10-2014 01:54:45 Removed Sonic RecordNow!
21-10-2014 03:19:04 System Checkpoint
24-10-2014 01:34:27 System Checkpoint
26-10-2014 03:44:50 System Checkpoint
29-10-2014 18:44:29 System Checkpoint
01-11-2014 01:36:28 System Checkpoint
02-11-2014 20:55:52 System Checkpoint
04-11-2014 03:12:54 System Checkpoint
05-11-2014 19:24:32 System Checkpoint
06-11-2014 19:26:59 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 10:00 - 2014-11-05 18:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-26 18:11 - 2014-10-15 20:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-07 18:41 - 2014-11-07 18:41 - 02900480 _____ () C:\Program Files\AVAST Software\Avast\defs\14110700\algo.dll
2006-09-07 09:18 - 2006-09-07 09:18 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2006-09-07 09:19 - 2006-09-07 09:19 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-10-15 20:07 - 2014-10-15 20:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-09 11:35 - 2010-04-05 11:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2004-09-23 16:30 - 2004-09-23 16:30 - 00038912 _____ () c:\Program Files\Common Files\LightScribe\LSSrvc.exe
2004-08-10 04:00 - 2004-08-10 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 04:00 - 2004-08-10 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-10-29 10:49 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 10:49 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2060318294-1635822940-3861741363-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2060318294-1635822940-3861741363-1009 - Limited - Enabled)
Guest (S-1-5-21-2060318294-1635822940-3861741363-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2060318294-1635822940-3861741363-1007 - Limited - Disabled)
HP_Administrator (S-1-5-21-2060318294-1635822940-3861741363-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
SUPPORT_388945a0 (S-1-5-21-2060318294-1635822940-3861741363-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2060318294-1635822940-3861741363-1006 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2014 10:49:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/19/2014 08:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (10/19/2014 04:50:11 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 137941937.
 
Error: (10/19/2014 04:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RecordNow.exe, version 7.2.29.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/16/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/19/2014 09:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/15/2014 06:38:49 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket -1328525754.
 
Error: (09/15/2014 06:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/10/2014 07:51:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/15/2014 08:19:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (11/07/2014 06:56:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error: 
%%1079
 
Error: (11/07/2014 06:56:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (11/07/2014 06:56:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error: 
%%126
 
Error: (11/07/2014 06:51:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error: 
%%1079
 
Error: (11/07/2014 06:51:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (11/07/2014 06:51:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error: 
%%126
 
Error: (11/07/2014 06:48:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error: 
%%183
 
Error: (11/07/2014 06:40:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Upload Manager service failed to start due to the following error: 
%%1079
 
Error: (11/07/2014 06:40:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (11/07/2014 06:40:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 55%
Total physical RAM: 1015.29 MB
Available physical RAM: 451.78 MB
Total Pagefile: 2442.8 MB
Available Pagefile: 1896.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.06 MB
 
==================== Drives ================================
 
Drive c: (HP_PAVILION) (Fixed) (Total:179.33 GB) (Free:20.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:0.81 GB) FAT32 ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#49 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 07 November 2014 - 09:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by HP_Administrator (administrator) on YOUR-55E5F9E3D2 on 07-11-2014 19:03:43
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-17] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [HPHUPD06] => c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2742272 2004-10-13] (RealTek Semicoductor Corp.)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2006-09-07] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2004-08-10] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: ""
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.1879 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1939 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.872 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-26]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2006-02-23] (Apple Computer, Inc.) [File not signed]
S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-21] (Sun Microsystems, Inc.)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S2 uploadmgr; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-15] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-11-11] (Conexant Systems, Inc.)
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-11-11] (Conexant Systems, Inc.)
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-11-11] (Conexant Systems, Inc.)
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31360 2004-11-11] (Conexant Systems, Inc.)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46208 2004-08-10] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2004-08-03] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)
R3 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [70016 2008-12-16] (Windows ® 2000 DDK provider)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-03] (VSO Software) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-03-15] (Sonic Solutions) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 MCSTRM; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-10] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-05 19:11 - 2014-11-05 19:11 - 00028898 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Addition.txt
2014-11-05 18:28 - 2014-11-05 18:28 - 00031352 _____ () C:\ComboFix.txt
2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-05 18:28 - 2014-11-05 18:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-05 18:21 - 2014-11-07 19:04 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\temp
2014-11-05 18:21 - 2014-11-05 18:21 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-05 18:02 - 2011-06-25 22:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-05 18:02 - 2010-11-07 09:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-05 18:02 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-05 16:45 - 2014-11-05 18:28 - 00000000 ____D () C:\Qoobox
2014-11-05 16:44 - 2014-11-05 18:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-05 16:34 - 2014-11-05 16:35 - 05591672 ____R (Swearware) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
2014-11-05 13:19 - 2014-11-05 16:31 - 00000302 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Search.txt
2014-11-04 22:12 - 2014-11-04 22:12 - 00000600 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.txt
2014-11-04 19:53 - 2014-11-04 19:53 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\esetsmartinstaller_enu.exe
2014-11-04 19:53 - 2014-11-04 19:53 - 00000000 ____D () C:\Program Files\ESET
2014-11-03 22:32 - 2014-11-03 22:32 - 00001077 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\malwarescan.txt
2014-11-03 17:57 - 2014-11-03 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-03 17:54 - 2014-11-03 17:55 - 01706359 _____ (Thisisu) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.exe
2014-11-03 17:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-03 17:36 - 2014-11-03 17:47 - 00000000 ____D () C:\AdwCleaner
2014-11-03 17:32 - 2014-11-03 17:32 - 01375089 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AdwCleaner.exe
2014-11-02 18:27 - 2014-11-07 19:04 - 00017434 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.txt
2014-11-02 18:22 - 2014-11-02 18:22 - 01106432 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.exe
2014-11-01 20:10 - 2014-11-01 20:10 - 11906416 _____ (OPSWAT, Inc.) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AppRemover.exe
2014-10-26 20:51 - 2014-11-07 19:03 - 00000000 ____D () C:\FRST
2014-10-25 18:41 - 2014-10-25 18:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
2014-10-25 18:25 - 2014-10-25 18:32 - 00001352 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt
2014-10-23 23:04 - 2014-11-05 18:23 - 00000000 ____D () C:\WINDOWS\pchealth
2014-10-22 14:07 - 2014-10-22 14:07 - 00000142 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\SEARCH.url
2014-10-19 22:11 - 2014-11-03 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 22:11 - 2014-10-19 22:11 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 22:11 - 2014-10-01 10:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-19 22:11 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-19 16:18 - 2014-10-23 22:16 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-10-19 16:18 - 2014-10-19 16:18 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 046.lnk
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 045.lnk
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 042.lnk
2014-10-15 21:39 - 2014-10-15 21:39 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
2014-10-15 21:33 - 2014-10-29 10:49 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-15 21:31 - 2014-11-07 18:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 21:31 - 2014-11-07 18:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 20:15 - 2014-10-15 20:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
2014-10-15 20:08 - 2014-10-15 20:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-15 20:07 - 2014-10-15 20:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-10-15 20:04 - 2014-10-15 20:07 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-15 20:04 - 2014-10-15 20:07 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-15 20:04 - 2014-10-15 20:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-15 20:04 - 2014-10-15 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 18:57 - 2005-01-28 01:55 - 01439226 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-07 18:56 - 2012-07-12 13:56 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-07 18:56 - 2005-04-30 14:53 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2014-11-07 18:56 - 2005-01-28 01:55 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-07 18:56 - 2005-01-28 01:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-07 18:56 - 2005-01-27 17:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-07 18:56 - 2005-01-27 17:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-07 18:54 - 2010-01-14 10:58 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\ntuser.ini
2014-11-07 18:49 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
2014-11-07 18:48 - 2010-01-29 20:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-07 18:48 - 2010-01-29 20:58 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-11-07 18:44 - 2005-05-14 20:30 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-11-06 20:42 - 2010-01-19 12:03 - 00009244 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
2014-11-06 20:40 - 2005-03-15 17:46 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-05 21:08 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-05 18:24 - 2005-01-27 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-05 18:22 - 2005-01-28 01:55 - 37224448 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 07077888 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-05 18:20 - 2005-01-27 17:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-03 17:47 - 2012-08-23 16:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-03 16:17 - 2005-03-15 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-02 19:05 - 2005-09-14 19:28 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec
2014-11-02 19:05 - 2005-03-15 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2014-11-02 18:35 - 2005-01-27 13:38 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-11-02 11:33 - 2005-01-28 01:47 - 00441626 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 13:07 - 2010-12-09 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-10-31 16:33 - 2005-01-28 01:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-25 18:41 - 2006-06-23 12:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-19 22:11 - 2008-12-02 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-19 20:19 - 2005-01-27 11:10 - 00000000 ____D () C:\WINDOWS\I386
2014-10-19 17:58 - 2005-01-28 01:41 - 00000653 _____ () C:\WINDOWS\win.ini
2014-10-19 17:58 - 2005-01-27 20:58 - 00000279 __RSH () C:\boot.ini
2014-10-19 17:11 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
2014-10-19 13:49 - 2005-10-27 11:02 - 00000000 ____D () C:\Program Files\Google
2014-10-16 15:32 - 2013-08-01 08:18 - 00002515 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Microsoft Office Word 2007.lnk
2014-10-15 20:15 - 2012-01-26 18:11 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-10-15 20:08 - 2012-01-26 18:11 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-10-15 20:07 - 2012-01-26 18:11 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-15 20:07 - 2012-01-26 18:11 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-10-15 20:07 - 2012-01-26 18:11 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-10-15 20:07 - 2012-01-26 18:11 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-10-15 20:04 - 2005-01-28 01:41 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-10-15 12:01 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-15 12:00 - 2005-01-27 18:16 - 00000000 ____D () C:\WINDOWS\Registration
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\CmdLineExtInstallerExe.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\drm_dyndata_7360012.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\res271.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#50 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 07 November 2014 - 09:14 PM

Through Uninstall I have found a program called LIVE REG version 3.0. In parenthesis it says "Symantec".  Is that the bugger?



#51 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 November 2014 - 09:28 PM

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
2014-11-03 16:17 - 2005-03-15 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-02 19:05 - 2005-09-14 19:28 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec
2014-11-02 19:05 - 2005-03-15 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
c:\Program Files\Norton Internet Security
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#52 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 07 November 2014 - 09:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by HP_Administrator at 2014-11-07 19:43:43 Run:2
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\...\Run: [IS CfgWiz] => c:\Program Files\Norton Internet Security\cfgwiz.exe [132248 2004-08-17] (Symantec Corporation)
HKLM\...\Run: [URLLSTCK.exe] => c:\Program Files\Norton Internet Security\UrlLstCk.exe [33936 2004-08-30] (Symantec Corporation)
HKLM\...\Run: [SSC_UserPrompt] => c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [218240 2004-08-05] (Symantec Corporation)
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
S4 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197752 2004-08-27] (Symantec Corporation)
S4 ccProxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [234616 2004-08-27] (Symantec Corporation)
S4 ccPwdSvc; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [78968 2004-08-27] (Symantec Corporation)
S4 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [164984 2004-08-27] (Symantec Corporation)
S4 navapsvc; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [176768 2004-08-30] (Symantec Corporation)
S3 SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [197864 2004-07-23] (Symantec Corporation)
S4 SNDSrvc; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206048 2004-08-27] (Symantec Corporation)
S4 SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160 2004-07-21] (Symantec Corporation)
S3 ISSVC; c:\Program Files\Norton Internet Security\ISSVC.exe [78992 2004-08-30] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS [72712 2004-11-17] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS [629544 2004-11-17] (Symantec Corporation)
S3 SAVRT; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [335504 2004-07-23] (Symantec Corporation)
R2 SAVRTPEL; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [49808 2004-07-23] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [341096 2004-07-21] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [104144 2004-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-08-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266464 2004-08-27] (Symantec Corporation)
2014-11-03 16:17 - 2005-03-15 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-02 19:05 - 2005-09-14 19:28 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec
2014-11-02 19:05 - 2005-03-15 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
c:\Program Files\Norton Internet Security
EmptyTemp:
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IS CfgWiz => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\URLLSTCK.exe => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SSC_UserPrompt => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}" => Key deleted successfully.
"HKCR\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key deleted successfully.
ccEvtMgr => Service deleted successfully.
ccProxy => Service deleted successfully.
ccPwdSvc => Service deleted successfully.
ccSetMgr => Service deleted successfully.
navapsvc => Service deleted successfully.
SAVScan => Service deleted successfully.
SNDSrvc => Service deleted successfully.
SPBBCSvc => Service deleted successfully.
ISSVC => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
SAVRT => Service deleted successfully.
SAVRTPEL => Service stopped successfully.
SAVRTPEL => Service deleted successfully.
SPBBCDrv => Service deleted successfully.
SymEvent => Unable to stop service
SymEvent => Service deleted successfully.
SYMREDRV => Service deleted successfully.
SYMTDI => Unable to stop service
SYMTDI => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec => Moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security => Moved successfully.
c:\Program Files\Norton Internet Security => Moved successfully.
EmptyTemp: => Removed 36.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#53 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 November 2014 - 06:27 AM

Looks like your good to go, how is everything running now ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#54 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 08 November 2014 - 07:16 PM

Well the virus is still active.  I thought Norton was gone also but ComboFix just gave me the same message as before while running:

"The above real time scanners are still active"  "Norton Antivirus Security".  Could it be possible it infected this old Norton file?  Since everything else was deleted long ago.

Many of the keyboard keys are still infected and "msconfig" through the RUN line is not found.

When I first found this virus or malware the first thing we noticed was when you pressed the left shift key it gave us a message of saying "you have not yet configured this button" Instead of making a capital letter, and when I traced it or actually printed it out it came back to this file:C:hp\KBD\STATIC\EN\

buttonconfig.htm  Which I assume is a legit file.


Edited by sleepybear, 08 November 2014 - 07:50 PM.


#55 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 November 2014 - 09:05 PM

Go ahead and run a new scan with FRST, I dont need Additions so uncheck it, also, take the checkmark out of SERVICES  and lets see whats still running related to Norton

 

Because your keyboard is acting funny doesn't mean its infected it could be just warn out and you maybe ready for a new one



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#56 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 08 November 2014 - 09:29 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by HP_Administrator (administrator) on YOUR-55E5F9E3D2 on 08-11-2014 19:27:49
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-17] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [HPHUPD06] => c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2742272 2004-10-13] (RealTek Semicoductor Corp.)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2006-09-07] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2060318294-1635822940-3861741363-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.1879 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1939 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.872 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-26]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
 
==================== Services (All) ========================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2004-08-10] (Microsoft Corporation)
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2004-08-10] (Microsoft Corporation)
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2004-08-10] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2004-08-10] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [382464 2004-08-10] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\System32\browser.dll [77312 2004-08-10] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2004-08-10] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2004-08-10] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2004-08-10] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [60416 2004-08-10] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [111104 2004-08-10] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2004-08-10] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2004-08-10] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2004-08-10] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2004-08-10] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-10] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [267776 2004-08-10] (Microsoft Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2014-10-15] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2014-10-15] (Google Inc.)
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2004-08-10] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150016 2004-08-10] (Microsoft Corporation)
S4 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2006-02-23] (Apple Computer, Inc.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-21] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [96768 2004-08-10] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] () [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2004-08-10] (Microsoft Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2003-06-20] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2004-08-10] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2004-08-10] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2004-08-10] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2005-05-04] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2004-08-10] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2004-08-10] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2004-08-10] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2004-08-10] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2004-08-10] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2004-08-10] (Microsoft Corporation)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2004-08-10] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2004-08-10] (Microsoft Corporation)
S4 RasAuto; C:\WINDOWS\System32\rasauto.dll [89088 2004-08-10] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [174080 2004-08-10] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [140800 2004-08-10] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [49152 2004-08-10] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2004-08-10] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2004-08-10] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-10] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2004-08-10] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2004-08-10] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [190976 2004-08-10] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2004-08-10] (Microsoft Corporation)
R2 SENS; C:\WINDOWS\system32\sens.dll [38912 2004-08-10] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2004-08-10] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-10] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2004-08-10] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [170496 2004-08-10] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2004-08-10] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333312 2004-08-10] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2004-08-10] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2004-08-10] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [246272 2004-08-10] (Microsoft Corporation)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2004-08-10] (Microsoft Corporation)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-10] (Microsoft Corporation)
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2004-08-10] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90624 2004-08-10] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-08-10] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185344 2004-08-10] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2004-08-10] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2004-08-10] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [174592 2004-08-10] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [67584 2004-08-10] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2004-08-10] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2004-08-10] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [616960 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2004-08-10] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [81408 2004-08-10] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2004-08-10] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [359936 2004-08-10] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129536 2004-08-10] (Microsoft Corporation)
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S2 uploadmgr; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-15] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-11-11] (Conexant Systems, Inc.)
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-11-11] (Conexant Systems, Inc.)
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-11-11] (Conexant Systems, Inc.)
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31360 2004-11-11] (Conexant Systems, Inc.)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46208 2004-08-10] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2004-08-03] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)
R3 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [70016 2008-12-16] (Windows ® 2000 DDK provider)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-03] (VSO Software) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-03-15] (Sonic Solutions) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
R3 catchme; \??\C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\catchme.sys [X]
S2 MCSTRM; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-10] (Microsoft Corporation)
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-08 19:27 - 2014-11-08 19:27 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST-OlderVersion
2014-11-08 14:53 - 2014-11-08 14:53 - 00013148 _____ () C:\ComboFix.txt
2014-11-08 14:53 - 2014-11-08 14:53 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-08 14:53 - 2014-11-08 14:53 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-08 14:53 - 2014-11-08 14:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-05 19:11 - 2014-11-07 19:05 - 00028290 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Addition.txt
2014-11-05 18:21 - 2014-11-08 19:28 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\temp
2014-11-05 18:21 - 2014-11-05 18:21 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-05 18:21 - 2014-11-05 18:21 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-05 18:02 - 2011-06-25 22:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-05 18:02 - 2010-11-07 09:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-05 18:02 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-05 18:02 - 2000-08-30 16:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-05 16:45 - 2014-11-08 14:53 - 00000000 ____D () C:\Qoobox
2014-11-05 16:44 - 2014-11-05 18:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-05 16:34 - 2014-11-05 16:35 - 05591672 ____R (Swearware) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
2014-11-05 13:19 - 2014-11-05 16:31 - 00000302 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Search.txt
2014-11-04 22:12 - 2014-11-04 22:12 - 00000600 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.txt
2014-11-04 19:53 - 2014-11-04 19:53 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\esetsmartinstaller_enu.exe
2014-11-04 19:53 - 2014-11-04 19:53 - 00000000 ____D () C:\Program Files\ESET
2014-11-03 22:32 - 2014-11-03 22:32 - 00001077 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\malwarescan.txt
2014-11-03 17:57 - 2014-11-03 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-03 17:54 - 2014-11-03 17:55 - 01706359 _____ (Thisisu) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\JRT.exe
2014-11-03 17:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-03 17:36 - 2014-11-03 17:47 - 00000000 ____D () C:\AdwCleaner
2014-11-03 17:32 - 2014-11-03 17:32 - 01375089 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AdwCleaner.exe
2014-11-02 18:27 - 2014-11-08 19:28 - 00022386 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.txt
2014-11-02 18:22 - 2014-11-08 19:27 - 01107968 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\FRST.exe
2014-11-01 20:10 - 2014-11-01 20:10 - 11906416 _____ (OPSWAT, Inc.) C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AppRemover.exe
2014-10-26 20:51 - 2014-11-08 19:27 - 00000000 ____D () C:\FRST
2014-10-25 18:41 - 2014-10-25 18:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
2014-10-25 18:25 - 2014-10-25 18:32 - 00001352 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\aswMBR.txt
2014-10-23 23:04 - 2014-11-05 18:23 - 00000000 ____D () C:\WINDOWS\pchealth
2014-10-22 14:07 - 2014-10-22 14:07 - 00000142 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\SEARCH.url
2014-10-19 22:11 - 2014-11-03 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 22:11 - 2014-10-19 22:11 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 22:11 - 2014-10-19 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 22:11 - 2014-10-01 10:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-19 22:11 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-19 16:18 - 2014-10-23 22:16 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-10-19 16:18 - 2014-10-19 16:18 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-10-19 13:49 - 2014-10-19 13:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 046.lnk
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 045.lnk
2014-10-18 22:26 - 2014-10-18 22:26 - 00000845 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Shortcut to 2014 Summer 042.lnk
2014-10-15 21:39 - 2014-10-15 21:39 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
2014-10-15 21:33 - 2014-10-29 10:49 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-15 21:31 - 2014-11-08 18:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 21:31 - 2014-11-08 15:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 20:15 - 2014-10-15 20:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
2014-10-15 20:08 - 2014-10-15 20:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-15 20:07 - 2014-10-15 20:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-10-15 20:04 - 2014-10-15 20:07 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-15 20:04 - 2014-10-15 20:07 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-15 20:04 - 2014-10-15 20:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-15 20:04 - 2014-10-15 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-08 18:08 - 2005-01-27 17:33 - 00000282 _____ () C:\WINDOWS\wiadebug.log
2014-11-08 16:23 - 2005-01-28 01:55 - 01473837 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-08 14:53 - 2005-01-28 01:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-08 14:50 - 2005-01-27 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-08 14:33 - 2005-01-28 01:55 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-08 11:26 - 2012-07-12 13:56 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-08 11:21 - 2005-04-30 14:53 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2014-11-08 11:21 - 2005-01-27 17:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-07 20:39 - 2010-01-14 10:58 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\ntuser.ini
2014-11-07 19:55 - 2013-08-01 08:18 - 00002515 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Microsoft Office Word 2007.lnk
2014-11-07 19:55 - 2005-03-15 17:46 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-07 19:39 - 2005-05-14 20:30 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-11-07 18:49 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
2014-11-07 18:48 - 2010-01-29 20:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-07 18:48 - 2010-01-29 20:58 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-11-06 20:42 - 2010-01-19 12:03 - 00009244 _____ () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
2014-11-05 21:08 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-05 18:22 - 2005-01-28 01:55 - 37224448 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 07077888 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-05 18:22 - 2005-01-28 01:55 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-05 18:20 - 2005-01-27 17:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-03 17:47 - 2012-08-23 16:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-02 18:35 - 2005-01-27 13:38 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-11-02 11:33 - 2005-01-28 01:47 - 00441626 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 13:07 - 2010-12-09 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-10-31 16:33 - 2005-01-28 01:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-25 18:41 - 2006-06-23 12:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-19 22:11 - 2008-12-02 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-19 20:19 - 2005-01-27 11:10 - 00000000 ____D () C:\WINDOWS\I386
2014-10-19 17:58 - 2005-01-28 01:41 - 00000653 _____ () C:\WINDOWS\win.ini
2014-10-19 17:58 - 2005-01-27 20:58 - 00000279 __RSH () C:\boot.ini
2014-10-19 17:11 - 2010-01-14 10:58 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
2014-10-19 13:49 - 2005-10-27 11:02 - 00000000 ____D () C:\Program Files\Google
2014-10-15 20:15 - 2012-01-26 18:11 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-10-15 20:08 - 2012-01-26 18:11 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-10-15 20:07 - 2012-01-26 18:11 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-15 20:07 - 2012-01-26 18:11 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-10-15 20:07 - 2012-01-26 18:11 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-10-15 20:07 - 2012-01-26 18:11 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-10-15 20:04 - 2005-01-28 01:41 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-10-15 12:01 - 2005-03-15 17:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-15 12:00 - 2005-01-27 18:16 - 00000000 ____D () C:\WINDOWS\Registration
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\CmdLineExtInstallerExe.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\drm_dyndata_7360012.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\res271.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#57 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 08 November 2014 - 09:32 PM

And Here is the ComboFix log I ran just before that:

 

 

ComboFix 14-10-29.01 - HP_Administrator 11/08/2014  14:36:35.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1015.53 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-08 to 2014-11-08  )))))))))))))))))))))))))))))))
.
.
2014-11-05 03:53 . 2014-11-05 03:53 -------- d-----w- c:\program files\ESET
2014-11-04 01:57 . 2014-11-04 01:57 -------- d-----w- c:\windows\ERUNT
2014-11-04 01:37 . 2010-08-30 16:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-04 01:36 . 2014-11-04 01:47 -------- d-----w- C:\AdwCleaner
2014-10-27 04:51 . 2014-11-08 03:44 -------- d-----w- C:\FRST
2014-10-24 07:04 . 2014-11-06 02:23 -------- d-----w- c:\windows\pchealth
2014-10-20 06:11 . 2014-11-04 06:05 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-20 06:11 . 2014-10-01 18:11 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-20 06:11 . 2014-10-20 06:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-20 06:11 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-20 00:18 . 2014-10-20 00:18 1409 ----a-w- c:\windows\QTFont.for
2014-10-19 21:49 . 2014-10-19 21:49 -------- d-----w- c:\windows\jumpshot.com
2014-10-16 05:39 . 2014-10-16 05:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
2014-10-16 04:15 . 2014-10-16 04:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AVAST Software
2014-10-16 04:08 . 2014-10-16 04:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-16 04:07 . 2014-10-16 04:07 43152 ----a-w- c:\windows\avastSS.scr
2014-10-16 04:04 . 2014-10-16 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-10-16 04:04 . 2014-10-16 04:07 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-16 04:04 . 2014-10-16 04:07 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-16 04:04 . 2014-10-16 04:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-15 20:00 . 2014-10-15 20:00 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 04:15 . 2012-01-27 02:11 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-16 04:07 . 2012-01-27 02:11 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-16 04:07 . 2012-01-27 02:11 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-16 04:07 . 2012-01-27 02:11 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-16 04:07 . 2012-01-27 02:11 276432 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-01 04:09 . 2009-10-01 04:09 11841 ----a-w- c:\program files\Common Files\apiseseb.reg
2009-10-01 04:09 . 2009-10-01 04:09 19313 ----a-w- c:\program files\Common Files\icezose.bat
2009-09-30 22:09 . 2009-09-30 22:09 16820 ----a-w- c:\program files\Common Files\rupolope.dll
2009-09-30 22:09 . 2009-09-30 22:09 11586 ----a-w- c:\program files\Common Files\agygy.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-16 04:07 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-16 4085896]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 22:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 15:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-29 00:22 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"YahooAUService"=2 (0x2)
"iPodService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/15/2014 8:04 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/15/2014 8:04 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 6:11 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/26/2012 6:11 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/15/2014 8:08 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/15/2014 8:04 PM 67824]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2010 6:43 PM 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 18:48 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-16 04:07]
.
2014-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]
.
2014-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-16 05:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-08 14:50
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ç*a""\OpenWithProgids]
"Ç=8_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2060318294-1635822940-3861741363-1008\Software\SecuROM\License information*]
"datasecu"=hex:fb,20,08,b5,1f,0b,a3,9d,20,02,b9,5f,6e,64,2a,cf,17,d9,68,0c,b9,
   b2,7d,31,7c,26,c7,10,c9,01,24,ca,3c,fc,0f,e4,bb,24,4d,ca,fa,3a,01,ec,55,98,\
"rkeysecu"=hex:bd,47,83,32,2f,8a,32,ff,78,e0,de,39,57,df,50,ce
.
[HKEY_LOCAL_MACHINE\software\Classes\.*Ç*a""]
@="Ç=8_auto_file"
.
[HKEY_LOCAL_MACHINE\software\Classes\Ç*a"©_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Ç*a""_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1864)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\msi.dll
.
Completion time: 2014-11-08  14:53:09
ComboFix-quarantined-files.txt  2014-11-08 22:53
ComboFix2.txt  2014-11-06 02:28
.
Pre-Run: 22,847,434,752 bytes free
Post-Run: 22,834,417,664 bytes free
.
- - End Of File - - 90CBFB93FF3C9A98E2DE908B33E4FA67
0AC6D996BCE152AED9600E6D6B797E2E


#58 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 November 2014 - 06:37 AM

Backup the Registry:
 
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
 
  •  
  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup"  When Install Completes is selected >> Next >  >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
 
TCRB-1.jpg
 
  •  
  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
 
TBRB-2.jpg
 
  •  
  • Close Tweaking.com - Registry Backup
 
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
 
A tutorial for Registry Backup explaining the various features be viewed HERE
 
 
 
 
=========================================================================================
 
 
 

 
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above File::
 
 
File::
c:\program files\Common Files\apiseseb.reg
c:\program files\Common Files\icezose.bat
c:\program files\Common Files\rupolope.dll
c:\program files\Common Files\agygy.exe
 
 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=-
"SPBBCSvc"=-
"SNDSrvc"=-
"navapsvc"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
 
Save this as CFScript to your desktop.
 
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
 
CFScriptB-4.gif
 
 
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#59 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 09 November 2014 - 03:46 PM

OK,  Sorry to say I've run into a dead end on this one.  The first link just keeps loading "Error Archive integrity check failed"  And 2nd link through Tweaking LLC Registry backup 1.10.0 (hoping I chose the right file), loads "Technology required Runtime files, Microsoft visual basic 6.0 needed'  

 

If this is a basic registry backup, I do have Piriform C Cleaner and I believe it does registry backups or it always asks you if you'd like to backup registry when you clean space up.


Edited by sleepybear, 09 November 2014 - 03:54 PM.


#60 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 November 2014 - 04:28 PM

Go for it



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users