Jump to content

darkeyes

Advanced Member
  • Content Count

    307
  • Joined

  • Last visited

Everything posted by darkeyes

  1. Thank you Tom_k and Jacee, Changing my passwords using a secondary email account? How does one do that? Sorry I'm just not quite sure how to do that. Thank you! I think I may have that figured out. When I go into Yahoo to change my PW it will be sending the newer one to a secondary email account that I have listed in my Yahoo account and that is how I will then be using the temporary one they send me to go in and create a new PW. Is this correct? Thank you, so sorry not very good with computers. Thank you again!
  2. Thank you Tomk_ but this is what is making me nervous. The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.
  3. For those of us who have email accounts with Yahoo, How do we safely change our user and password accounts? In the 5th paragraph below??? Thank you! Yahoo said Thursday that usernames and passwords of its email customers have been stolen and used to access accounts, but the company isn't saying how many accounts have been affected. Yahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S. Yahoo Inc. said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails." That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients. The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email. The breach is the second problem for Yahoo's mail service in two months. In December, the service suffered a multi-day outage that prompted Yahoo CEO Marissa Mayer issue an apology. Yahoo said it believes the usernames and passwords weren't collected from its own systems, but from a third-party database. It's not clear why a third-party database would have information on Yahoo accounts. Yahoo said it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks. The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.
  4. Juliet Avast is up to date, could not find where to view quarantined log or where to restore them from. Will try uninstall printer and reinstalling later on. I am going to give Firefox a try after uninstalling Google. thank you.
  5. Thank you so much Juliet for your time patience and help. I am having issues with my printer since the pop up from Avast saying it blocked a malicious Win32Evo.gen. I would like to print out your latest post to me. Any idea for fixing this? Thank you!
  6. This is what I see on my screen, and in my Documents/Desktop mbar-1.07 icon log-text document JRT icon ADW Cleaner -Text document Eset Scan -Text Document Esetsmartin- Installer APP......two of those Fixlog-text document ADWCleaner -APP JRT-text document attach-text document mbam setup I have never signed in to Google. I downloaded the Google browser and went into settings and set it to open to my yahoo homepage. Should I now sign in to Google before I uninstall it and reinstall it? Not even sure I know where I go to sign in. Thank you!
  7. Hi Juliet, Gosh what a piece of work I am? I went ahead and completed everything you told me to do. When I did the FRST and hit the fix button at very same instant that the update box appeared must of intefered with me hitting the fix button so I went ahead after waiting for something to happen and nothing was happening and I hit the fix button and it did do as it should have. I ran combofix and that went fine, then ran the last thing you asked and my computer was rebooted. Now should I uninstall and reinstall Google? my computer has acted up again here and there but it is not constantly making that sound. You really have made me feel really nervous about the fact that WinXP will no longer be supported as of April 6th. Will all of these terrible things really happen to our computers? It is very scary! Thank you so much again!
  8. Juliet I copied and pasted the quote box to notepad then saved it as fixlist.txt and then opened up the FRST and as I was hitting the fix button a box popped up that the update was complete, does this mean it did what it should have done or do I need to hit the fix button again as no scans appeared? Thank you. Also Avast ran a bell to notify me that a vicious something or other was trying to get in my computer but Avast blocked it and I only had time to write this down before the box disappeared Win32Evo.gen At the time of the Avast notice I was trying to print out the above instructions you gave me, now printer won't print.
  9. I am just back now and will start doing what you posted to me earlier today. You suggested to maybe uninstall Google then reinstall it, will that make a big difference? I have no experience with using the Firefox browse. Thank you!
  10. Thank you again Juliet. I have to be somewhere this afternoon so will give my computer a workout later on and see if it starts acting up again. Thanks for all of your help! I will also be checking back with you about getting all of these scanners and scans off my computer. I love XP!
  11. Juliet, Yes, it would happen in IE too, one of the reasons I switched to Chrome, but it only happens when there is something that should not be on my computer. I have gotten into problems with IE many times and have had to come over here for the nice people to help me. I run Superantispyware scans daily as well as Spybot and malwarebytes but they never seem to get everything nasty off the computer. Thank you again Juliet for all of your help and thank you PCpitstop!! I am going to see how things go with this new added on Ad Blocker....right now you can hear a pin drop it is so quiete.
  12. Yes I use Chrome, I find it faster than IE. I will add the AdBlock for Chrome. Knock on wood my computer has been very quite for a couple of hours now....knock knock. Off to download the blocker. Thank you!
  13. Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2013.10.02.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: CARLINE [administrator] 1/27/2014 8:09:53 PM mbar-log-2014-01-27 (20-09-53).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 226703 Time elapsed: 16 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.199000 GHz Memory total: 1005957120, free: 147701760 Downloaded database version: v2014.01.28.01 Cancelled update Initializing... ====================== ------------ Kernel report ------------ 01/27/2014 20:09:42 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS viaide.sys intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys ftsata2.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys bb-run.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Combo-Fix.sys Mup.sys gagp30kx.sys aswVmm.sys aswRvrt.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\PS2.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\arkbcfltr.sys \SystemRoot\system32\DRIVERS\aracpi.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\Rtlnicxp.sys \SystemRoot\system32\DRIVERS\arpolicy.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \??\C:\WINDOWS\system32\drivers\aswSP.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \??\C:\WINDOWS\system32\drivers\aswTdi.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\WINDOWS\system32\drivers\aswRdr.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\WINDOWS\system32\drivers\aswSnx.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\arhidfltr.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\armoucfltr.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\Cdfs.SYS \??\C:\ComboFix\catchme.sys \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff859d7ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff859e4ea0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff859b6ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xffffffff85dd9840 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff859bb478 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff85db9ea0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff859e06d8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff859d09a0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86144ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\ Lower Device Object: 0xffffffff86116d98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86111e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86116d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B797B797 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 24659712 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24659775 Numsec = 463716225 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85a52b88, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff859d09a0, DeviceName: \Device\00000079\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859b9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85db9ea0, DeviceName: \Device\0000007a\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859b9818, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85dd9840, DeviceName: \Device\0000007b\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859e7870, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff859e4ea0, DeviceName: \Device\0000007c\, DriverName: \Driver\usbstor\ ------------ End ---------- Read File: File "C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-24659775-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  14. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014 02 Ran by HP_Administrator at 2014-01-27 19:45:11 Run:3 Running from C:\Documents and Settings\HP_Administrator\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start Replace: c:\windows\ServicePackFiles\i386\rpcss.dll | C:\WINDOWS\system32\rpcss.dll end ***************** Could not find c:\windows\ServicePackFiles\i386\rpcss.dll | ==== End of Fixlog ====
  15. Sorry about that Juliet SystemLook 30.07.11 by jpshortstuff Log created at 19:08 on 27/01/2014 by HP_Administrator Administrator - Elevation successful ========== filefind ========== Searching for "rpcss.dll" C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll --a--c- 398336 bytes [01:07 21/12/2011] [04:20 26/07/2005] C369DF215D352B6F3A0B8C3469AA34F8 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:01 09/02/2009] 24B5D53B9ACCC1E2EDCF0A878D6659D4 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:56 09/02/2009] 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll -----c- 399360 bytes [05:01 21/12/2011] [10:20 09/02/2009] 01095FEBF33BEEA00C2A0730B9B3EC28 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll --a--c- 395776 bytes [01:07 21/12/2011] [05:00 10/08/2004] 5C83A4408604F737717AB96371201680 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll -----c- 399360 bytes [05:16 21/12/2011] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509 C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll -----c- 397824 bytes [04:39 21/12/2011] [04:39 26/07/2005] CE94A2BD25E3E9F4D46A7373FF455C6D C:\WINDOWS\erdnt\cache\rpcss.dll --a---- 401408 bytes [19:04 27/01/2014] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C C:\WINDOWS\ServicePackFiles\i386\rpcss.dll -----c- 399360 bytes [00:12 14/04/2008] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509 C:\WINDOWS\system32\rpcss.dll --a---- 401408 bytes [20:09 20/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C C:\WINDOWS\system32\dllcache\rpcss.dll -----c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C -= EOF =-
  16. Juliet when you say press the fix button once and then wait, am I suppose to to hit the scan button too? I did hit the scan button after I hit the fix button.
  17. Here it is again Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02 Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:56:05 Running from C:\Documents and Settings\HP_Administrator\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Microsoft) C:\WINDOWS\arservice.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Microsoft) C:\WINDOWS\arpwrmsg.exe (Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft) HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard) HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation) HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.) HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard) Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: ======= CHR HomePage: hxxp://www.yahoo.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02] CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com) R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation) R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation) R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation) R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation) R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] () R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.) R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.) R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation) S2 ASPI32; No ImagePath S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x] R3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x] U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt 2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion 2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe 2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt 2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons 2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe 2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox 2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe 2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt 2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET 2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe 2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe 2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt 2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe 2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt 2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe 2014-01-26 13:53 - 2014-01-27 18:56 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt 2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe 2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST 2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt 2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt 2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime 2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log 2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software 2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay ==================== One Month Modified Files and Folders ======= 2014-01-27 18:56 - 2014-01-26 13:53 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt 2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt 2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion 2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe 2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST 2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe 2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job 2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT 2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang 2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt 2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox 2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration 2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log 2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini 2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator 2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons 2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini 2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe 2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log 2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job 2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe 2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator 2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt 2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET 2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe 2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe 2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt 2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe 2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt 2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner 2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe 2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt 2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt 2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate 2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP 2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini 2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime 2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log 2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log 2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log 2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk 2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software 2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT 2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay Some content of TEMP: ==================== C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  18. Juliet TDDSKILLER showed no threats ....Thank you!
  19. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02 Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:40:48 Running from C:\Documents and Settings\HP_Administrator\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Microsoft) C:\WINDOWS\arservice.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Microsoft) C:\WINDOWS\arpwrmsg.exe (Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft) HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard) HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation) HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.) HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard) Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: ======= CHR HomePage: hxxp://www.yahoo.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02] CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com) R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation) R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation) R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation) R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation) R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] () R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.) R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.) R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation) S2 ASPI32; No ImagePath S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x] R3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x] U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion 2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt 2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe 2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt 2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons 2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe 2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe 2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox 2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe 2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt 2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET 2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe 2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe 2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt 2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe 2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt 2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe 2014-01-26 13:53 - 2014-01-27 18:41 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt 2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe 2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST 2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt 2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt 2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime 2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log 2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software 2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay ==================== One Month Modified Files and Folders ======= 2014-01-27 18:41 - 2014-01-26 13:53 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt 2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion 2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe 2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST 2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt 2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe 2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job 2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT 2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang 2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt 2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox 2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration 2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log 2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini 2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator 2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons 2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini 2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe 2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log 2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job 2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe 2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator 2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt 2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET 2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe 2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe 2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt 2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe 2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt 2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner 2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe 2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job 2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt 2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt 2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate 2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP 2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini 2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime 2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log 2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log 2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log 2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log 2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log 2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk 2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software 2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT 2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay Some content of TEMP: ==================== C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  20. Juliet I have a question, how do I get to the edit box on the FRST? Thanks!
  21. Juliet please tell something has been found and we can get it off my computer. Thank you again! ComboFix 14-01-27.02 - HP_Administrator 01/27/2014 13:43:04.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.394 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\WINDOWS c:\windows\system32\Cache c:\windows\system32\Cache\081abff8e8ad405f.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\2cbc76d442dff50d.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\53546bca5aa52b3a.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6aec4b1ef991e653.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\a8ac613b3acde6ae.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\cd6ac642ef0376d6.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\ps2.bat D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-12-27 to 2014-01-27 ))))))))))))))))))))))))))))))) . . 2014-01-26 22:08 . 2014-01-26 22:08 -------- d-----w- c:\program files\ESET 2014-01-26 20:09 . 2014-01-26 20:09 -------- d-----w- c:\windows\ERUNT 2014-01-25 18:28 . 2014-01-25 18:28 -------- d-----w- C:\FRST 2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2014-01-16 19:47 . 2014-01-16 19:48 -------- d-----w- c:\program files\QuickTime 2014-01-16 19:47 . 2014-01-16 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2014-01-05 02:59 . 2014-01-05 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVAST Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-27 02:02 . 2012-05-10 05:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-27 02:02 . 2011-12-22 08:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-26 20:53 . 2012-10-15 01:54 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-01-26 20:53 . 2012-10-15 01:54 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-01-26 20:53 . 2012-10-15 01:54 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-01-26 20:53 . 2013-03-21 19:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-01-26 20:53 . 2012-10-15 01:54 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-01-26 20:53 . 2012-10-15 01:53 43152 ----a-w- c:\windows\avastSS.scr 2014-01-26 20:53 . 2012-10-15 01:53 270240 ----a-w- c:\windows\system32\aswBoot.exe 2014-01-16 19:39 . 2014-01-16 19:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-16 19:39 . 2013-03-07 23:24 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-05 02:55 . 2013-03-21 19:56 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-01-05 02:55 . 2013-03-21 19:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-27 20:21 . 2011-12-20 20:08 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-13 02:59 . 2004-08-10 19:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2011-12-20 20:09 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:03 . 2011-12-21 03:51 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:26 . 2011-12-20 20:12 1879040 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-26 20:53 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 5625624] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-10-17 295512] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] . c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe -startup [2011-12-20 36903] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat [2005-11-13 27136] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/21/2013 2:56 PM 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/21/2013 2:56 PM 180248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/14/2012 8:54 PM 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/14/2012 8:54 PM 410784] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/21/2013 2:56 PM 67824] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 02:02] . 2014-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2014-01-27 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-15 20:53] . 2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22] . 2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22] . 2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13] . 2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13] . 2014-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13] . 2014-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-27 13:57 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(788) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1328) c:\windows\system32\WININET.dll c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\Ati2evxx.exe c:\windows\arservice.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\ehome\mcrdsvc.exe c:\windows\ARPWRMSG.EXE c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe c:\program files\Updates from HP\9972322\Program\Updates from HP.exe c:\program files\DISC\DiscStreamHub.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wscntfy.exe c:\hp\KBD\KBD.EXE . ************************************************************************** . Completion time: 2014-01-27 14:05:26 - machine was rebooted ComboFix-quarantined-files.txt 2014-01-27 19:05 . Pre-Run: 204,659,134,464 bytes free Post-Run: 204,703,301,632 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - CC4AC80BAEF29A1C90C4997AAE129AAA 0AC6D996BCE152AED9600E6D6B797E2E
  22. Thanks Juliet, when I went in to link you provided for how to do an emergency backup, my computer went haywire and a video popped up about spaceships and blah blah while I was trying to read the instructions. There is defenetely something hiding in my computer. So I am going to get going with the new instructions you gave me. Thanks again!
  23. I don't think it is the fan, because normally the computer is quiet. I have had a few strange things happen while browsing, a couple of times music started to play, another time a rather large picture popped up in front of my screen, I was able to X out of the picture. Are these what you would consider Malware? It is really hard for me to explain, but this sound my computer makes only seems to happen when something has gotten into my computer and no matter how many times I run the usual scans if the scans don't find the problems and remove them then the computer will continue to act up. It is not constant but always when I am using my browser. So I came here again because all the scans I ran did not correct the issue. So now I am hoping what you suggested will help. At the moment it is very quiete, not whining at all. Should I do any other scans to make sure all is well? Can't thank you enough Juliet for your help and I am so thankful for the PcPitstop. Everytime I get into a mess I always come here. Thank you so much!! oops! another question.....what do I do with all of the above scans I have on my Desktop....keep....delete?
  24. I hope I pasted the results of the right one and not the one from the first scan ealier....thank you! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-01-2014 03 Ran by HP_Administrator at 2014-01-26 19:56:43 Run:2 Running from C:\Documents and Settings\HP_Administrator\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip C:\Program Files\PDFCreator\message.exe end ***************** C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip => Moved successfully. C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip => Moved successfully. C:\Program Files\PDFCreator\message.exe => Moved successfully. ==== End of Fixlog ====
×
×
  • Create New...