Jump to content

darkeyes

Advanced Member
  • Content Count

    307
  • Joined

  • Last visited

Posts posted by darkeyes

  1. Thank you Tom_k and Jacee, Changing my passwords using a secondary email account? How does one do that? Sorry I'm just not quite sure how to do that. Thank you!

     

     

    I think I may have that figured out. When I go into Yahoo to change my PW it will be sending the newer one to a secondary email account that I have listed in my Yahoo account and that is how I will then be using the temporary one they send me to go in and create a new PW. Is this correct? Thank you, so sorry not very good with computers. Thank you again!

  2. Thank you Tomk_ but this is what is making me nervous.

     

     

     

     

    The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.

  3. For those of us who have email accounts with Yahoo, How do we safely change our user and password accounts?

     

    In the 5th paragraph below??? Thank you!

     

     

     

    Yahoo said Thursday that usernames and passwords of its email customers have been stolen and used to access accounts, but the company isn't saying how many accounts have been affected.

     

    Yahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.

     

    Yahoo Inc. said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."

     

    That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

     

    The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.

     

    The breach is the second problem for Yahoo's mail service in two months. In December, the service suffered a multi-day outage that prompted Yahoo CEO Marissa Mayer issue an apology.

     

    Yahoo said it believes the usernames and passwords weren't collected from its own systems, but from a third-party database. It's not clear why a third-party database would have information on Yahoo accounts.

     

    Yahoo said it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks.

     

    The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.

  4. This is what I see on my screen, and in my Documents/Desktop

     

    mbar-1.07 icon

    log-text document

    JRT icon

    ADW Cleaner -Text document

    Eset Scan -Text Document

    Esetsmartin- Installer APP......two of those

    Fixlog-text document

    ADWCleaner -APP

    JRT-text document

    attach-text document

    mbam setup

     

     

    I have never signed in to Google. I downloaded the Google browser and went into settings and set it to open to my yahoo homepage.

    Should I now sign in to Google before I uninstall it and reinstall it? Not even sure I know where I go to sign in. Thank you!

  5. Hi Juliet,

     

    Gosh what a piece of work I am?

     

     

    I went ahead and completed everything you told me to do. When I did the FRST and hit the fix button at very same instant that the update box appeared must of intefered with me hitting the fix button so I went ahead after waiting for something to happen and nothing was happening and I hit the fix button and it did do as it should have. I ran combofix and that went fine, then ran the last thing you asked and my computer was rebooted.

     

    Now should I uninstall and reinstall Google? my computer has acted up again here and there but it is not constantly making that sound.

     

    You really have made me feel really nervous about the fact that WinXP will no longer be supported as of April 6th. Will all of these terrible things really happen to our computers? It is very scary! Thank you so much again!

  6. Juliet

     

    I copied and pasted the quote box to notepad then saved it as fixlist.txt and then opened up the FRST and as I was hitting the fix button a box popped up that the update was complete, does this mean it did what it should have done or do I need to hit the fix button again as no scans appeared? Thank you.

     

     

    Also Avast ran a bell to notify me that a vicious something or other was trying to get in my computer but Avast blocked it and I only had time to write this down before the box disappeared

     

    Win32Evo.gen

     

    At the time of the Avast notice I was trying to print out the above instructions you gave me, now printer won't print.

  7. Juliet,

    Yes, it would happen in IE too, one of the reasons I switched to Chrome, but it only happens when there is something that should not be on my computer. I have gotten into problems with IE many times and have had to come over here for the nice people to help me.

    I run Superantispyware scans daily as well as Spybot and malwarebytes but they never seem to get everything nasty off the computer.

    Thank you again Juliet for all of your help and thank you PCpitstop!!

    I am going to see how things go with this new added on Ad Blocker....right now you can hear a pin drop it is so quiete.

  8. Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    www.malwarebytes.org

     

    Database version: v2013.10.02.12

     

    Windows XP Service Pack 3 x86 NTFS

    Internet Explorer 8.0.6001.18702

    :: CARLINE [administrator]

     

    1/27/2014 8:09:53 PM

    mbar-log-2014-01-27 (20-09-53).txt

     

    Scan type: Quick scan

    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

    Scan options disabled:

    Objects scanned: 226703

    Time elapsed: 16 minute(s), 20 second(s)

     

    Memory Processes Detected: 0

    (No malicious items detected)

     

    Memory Modules Detected: 0

    (No malicious items detected)

     

    Registry Keys Detected: 0

    (No malicious items detected)

     

    Registry Values Detected: 0

    (No malicious items detected)

     

    Registry Data Items Detected: 0

    (No malicious items detected)

     

    Folders Detected: 0

    (No malicious items detected)

     

    Files Detected: 0

    (No malicious items detected)

     

    Physical Sectors Detected: 0

    (No malicious items detected)

     

    (end)

     

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

     

    © Malwarebytes Corporation 2011-2012

     

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

     

    Account is Administrative

     

    Internet Explorer version: 8.0.6001.18702

     

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

    CPU speed: 3.199000 GHz

    Memory total: 1005957120, free: 147701760

     

    Downloaded database version: v2014.01.28.01

    Cancelled update

    Initializing...

    ======================

    ------------ Kernel report ------------

    01/27/2014 20:09:42

    ------------ Loaded modules -----------

    \WINDOWS\system32\ntkrnlpa.exe

    \WINDOWS\system32\hal.dll

    \WINDOWS\system32\KDCOM.DLL

    \WINDOWS\system32\BOOTVID.dll

    ACPI.sys

    \WINDOWS\system32\DRIVERS\WMILIB.SYS

    pci.sys

    isapnp.sys

    ohci1394.sys

    \WINDOWS\system32\DRIVERS\1394BUS.SYS

    pciide.sys

    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

    viaide.sys

    intelide.sys

    MountMgr.sys

    ftdisk.sys

    dmload.sys

    dmio.sys

    PartMgr.sys

    VolSnap.sys

    atapi.sys

    iaStor.sys

    ftsata2.sys

    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

    disk.sys

    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

    fltmgr.sys

    sr.sys

    bb-run.sys

    PxHelp20.sys

    KSecDD.sys

    Ntfs.sys

    NDIS.sys

    Combo-Fix.sys

    Mup.sys

    gagp30kx.sys

    aswVmm.sys

    aswRvrt.sys

    \SystemRoot\system32\DRIVERS\nic1394.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\ati2mtag.sys

    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

    \SystemRoot\system32\DRIVERS\usbohci.sys

    \SystemRoot\system32\DRIVERS\USBPORT.SYS

    \SystemRoot\system32\DRIVERS\usbehci.sys

    \SystemRoot\system32\DRIVERS\imapi.sys

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\system32\DRIVERS\redbook.sys

    \SystemRoot\system32\DRIVERS\ks.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\fdc.sys

    \SystemRoot\system32\DRIVERS\parport.sys

    \SystemRoot\system32\DRIVERS\i8042prt.sys

    \SystemRoot\system32\DRIVERS\PS2.sys

    \SystemRoot\system32\DRIVERS\kbdclass.sys

    \SystemRoot\system32\DRIVERS\arkbcfltr.sys

    \SystemRoot\system32\DRIVERS\aracpi.sys

    \SystemRoot\system32\DRIVERS\AGRSM.sys

    \SystemRoot\System32\Drivers\Modem.SYS

    \SystemRoot\system32\DRIVERS\Rtlnicxp.sys

    \SystemRoot\system32\DRIVERS\arpolicy.sys

    \SystemRoot\system32\DRIVERS\audstub.sys

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\system32\DRIVERS\psched.sys

    \SystemRoot\system32\DRIVERS\msgpc.sys

    \SystemRoot\system32\DRIVERS\ptilink.sys

    \SystemRoot\system32\DRIVERS\raspti.sys

    \SystemRoot\system32\DRIVERS\rdpdr.sys

    \SystemRoot\system32\DRIVERS\termdd.sys

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\DRIVERS\swenum.sys

    \SystemRoot\system32\DRIVERS\update.sys

    \SystemRoot\system32\DRIVERS\mssmbios.sys

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\DRIVERS\usbhub.sys

    \SystemRoot\system32\DRIVERS\USBD.SYS

    \SystemRoot\system32\drivers\RtkHDAud.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \??\C:\WINDOWS\system32\drivers\aswSP.sys

    \SystemRoot\System32\Drivers\Fs_Rec.SYS

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\Drivers\mnmdd.SYS

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\rasacd.sys

    \SystemRoot\system32\DRIVERS\ipsec.sys

    \SystemRoot\system32\DRIVERS\tcpip.sys

    \??\C:\WINDOWS\system32\drivers\aswTdi.sys

    \SystemRoot\system32\DRIVERS\ipnat.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\DRIVERS\netbt.sys

    \SystemRoot\system32\DRIVERS\arp1394.sys

    \??\C:\WINDOWS\system32\drivers\aswRdr.sys

    \SystemRoot\System32\drivers\ws2ifsl.sys

    \SystemRoot\System32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\System32\Drivers\Fips.SYS

    \??\C:\WINDOWS\system32\drivers\aswSnx.sys

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\system32\DRIVERS\arhidfltr.sys

    \SystemRoot\system32\DRIVERS\usbprint.sys

    \SystemRoot\system32\DRIVERS\USBSTOR.SYS

    \SystemRoot\System32\Drivers\Fastfat.SYS

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\system32\DRIVERS\armoucfltr.sys

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_WMILIB.SYS

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\watchdog.sys

    \SystemRoot\System32\drivers\dxg.sys

    \SystemRoot\System32\drivers\dxgthk.sys

    \SystemRoot\System32\ati2dvag.dll

    \SystemRoot\System32\ati2cqag.dll

    \SystemRoot\System32\atikvmag.dll

    \SystemRoot\System32\ati3duag.dll

    \SystemRoot\System32\ativvaxx.dll

    \SystemRoot\System32\ATMFD.DLL

    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\drivers\wdmaud.sys

    \SystemRoot\system32\drivers\sysaudio.sys

    \SystemRoot\system32\DRIVERS\mrxdav.sys

    \SystemRoot\System32\Drivers\HTTP.sys

    \SystemRoot\system32\DRIVERS\srv.sys

    \SystemRoot\System32\Drivers\Cdfs.SYS

    \??\C:\ComboFix\catchme.sys

    \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

    \SystemRoot\system32\drivers\kmixer.sys

    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

    \WINDOWS\system32\ntdll.dll

    ----------- End -----------

    Done!

    <<<1>>>

    Upper Device Name: \Device\Harddisk4\DR6

    Upper Device Object: 0xffffffff859d7ab8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000007c\

    Lower Device Object: 0xffffffff859e4ea0

    Lower Device Driver Name: \Driver\usbstor\

    <<<1>>>

    Upper Device Name: \Device\Harddisk3\DR5

    Upper Device Object: 0xffffffff859b6ab8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000007b\

    Lower Device Object: 0xffffffff85dd9840

    Lower Device Driver Name: \Driver\usbstor\

    <<<1>>>

    Upper Device Name: \Device\Harddisk2\DR4

    Upper Device Object: 0xffffffff859bb478

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000007a\

    Lower Device Object: 0xffffffff85db9ea0

    Lower Device Driver Name: \Driver\usbstor\

    <<<1>>>

    Upper Device Name: \Device\Harddisk1\DR3

    Upper Device Object: 0xffffffff859e06d8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\00000079\

    Lower Device Object: 0xffffffff859d09a0

    Lower Device Driver Name: \Driver\usbstor\

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xffffffff86144ab8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\

    Lower Device Object: 0xffffffff86116d98

    Lower Device Driver Name: \Driver\atapi\

    <<<2>>>

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff86111e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff86116d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: \Driver\atapi\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    Upper DeviceData: 0x0, 0x0, 0x0

    Lower DeviceData: 0x0, 0x0, 0x0

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    <<<2>>>

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

    <<<2>>>

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: B797B797

     

    Partition information:

     

    Partition 0 type is Other (0xc)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63 Numsec = 24659712

     

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 24659775 Numsec = 463716225

    Partition is not bootable

     

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

     

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

     

    Disk Size: 250059350016 bytes

    Sector size: 512 bytes

     

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

    Done!

    Physical Sector Size: 0

    Drive: 1, DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff85a52b88, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff859d09a0, DeviceName: \Device\00000079\, DriverName: \Driver\usbstor\

    ------------ End ----------

    Physical Sector Size: 0

    Drive: 2, DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff859b9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff85db9ea0, DeviceName: \Device\0000007a\, DriverName: \Driver\usbstor\

    ------------ End ----------

    Physical Sector Size: 0

    Drive: 3, DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff859b9818, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff85dd9840, DeviceName: \Device\0000007b\, DriverName: \Driver\usbstor\

    ------------ End ----------

    Physical Sector Size: 0

    Drive: 4, DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff859e7870, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff859e4ea0, DeviceName: \Device\0000007c\, DriverName: \Driver\usbstor\

    ------------ End ----------

    Read File: File "C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

    Scan finished

    =======================================

     

     

    Removal queue found; removal started

    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-24659775-i.mbam...

    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

    Removal finished

  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014 02

    Ran by HP_Administrator at 2014-01-27 19:45:11 Run:3

    Running from C:\Documents and Settings\HP_Administrator\Desktop

    Boot Mode: Normal

     

    ==============================================

     

    Content of fixlist:

    *****************

    start

    Replace: c:\windows\ServicePackFiles\i386\rpcss.dll | C:\WINDOWS\system32\rpcss.dll

    end

    *****************

     

    Could not find c:\windows\ServicePackFiles\i386\rpcss.dll |

     

    ==== End of Fixlog ====

  10. Sorry about that Juliet

     

     

     

     

     

    SystemLook 30.07.11 by jpshortstuff

    Log created at 19:08 on 27/01/2014 by HP_Administrator

    Administrator - Elevation successful

     

    ========== filefind ==========

     

    Searching for "rpcss.dll"

    C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll --a--c- 398336 bytes [01:07 21/12/2011] [04:20 26/07/2005] C369DF215D352B6F3A0B8C3469AA34F8

    C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:01 09/02/2009] 24B5D53B9ACCC1E2EDCF0A878D6659D4

    C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

    C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:56 09/02/2009] 9222562D44021B988B9F9F62207FB6F2

    C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll -----c- 399360 bytes [05:01 21/12/2011] [10:20 09/02/2009] 01095FEBF33BEEA00C2A0730B9B3EC28

    C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll --a--c- 395776 bytes [01:07 21/12/2011] [05:00 10/08/2004] 5C83A4408604F737717AB96371201680

    C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll -----c- 399360 bytes [05:16 21/12/2011] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509

    C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll -----c- 397824 bytes [04:39 21/12/2011] [04:39 26/07/2005] CE94A2BD25E3E9F4D46A7373FF455C6D

    C:\WINDOWS\erdnt\cache\rpcss.dll --a---- 401408 bytes [19:04 27/01/2014] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

    C:\WINDOWS\ServicePackFiles\i386\rpcss.dll -----c- 399360 bytes [00:12 14/04/2008] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509

    C:\WINDOWS\system32\rpcss.dll --a---- 401408 bytes [20:09 20/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

    C:\WINDOWS\system32\dllcache\rpcss.dll -----c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

     

    -= EOF =-

  11.  

    Here it is again

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02

    Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:56:05

    Running from C:\Documents and Settings\HP_Administrator\Desktop

    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

    Internet Explorer Version 8

    Boot Mode: Normal

     

    The only official download link for FRST:

    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    Download link from any site other than Bleeping Computer is unpermitted or outdated.

    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

     

    ==================== Processes (Whitelisted) ===================

     

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    (Microsoft) C:\WINDOWS\arservice.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

    (Microsoft) C:\WINDOWS\arpwrmsg.exe

    (Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

    (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    (SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    (Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

    (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe

    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

    HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

    HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

    HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

    HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

    HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

    HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

    HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

    HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)

    HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

    HKLM\...\Policies\Explorer: [NoCDBurning] 0

    HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

    HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

    ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

    Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

     

    ==================== Internet (Whitelisted) ====================

     

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

    Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

     

    Chrome:

    =======

    CHR HomePage: hxxp://www.yahoo.com/

    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

    CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

    CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

    CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

    CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

    CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

    CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

     

    ========================== Services (Whitelisted) =================

     

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

    R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)

    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

    S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

    S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]

     

    ==================== Drivers (Whitelisted) ====================

     

    R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

    R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

    R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

    R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

    R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software)

    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software)

    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software)

    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software)

    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software)

    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] ()

    R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

    R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

    R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

    S2 ASPI32; No ImagePath

    S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

    R3 catchme; \??\C:\ComboFix\catchme.sys [x]

    S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

    S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

    U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

     

    ==================== One Month Created Files and Folders ========

     

    2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

    2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

    2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

    2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

    2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

    2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

    2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

    2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

    2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox

    2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt

    2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

    2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

    2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

    2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

    2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

    2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

    2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

    2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

    2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

    2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

    2014-01-26 13:53 - 2014-01-27 18:56 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

    2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

    2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST

    2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

    2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

    2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

    2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

    2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

    2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

    2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

    2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

    2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

    2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

     

    ==================== One Month Modified Files and Folders =======

     

    2014-01-27 18:56 - 2014-01-26 13:53 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

    2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

    2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

    2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

    2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

    2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

    2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

    2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

    2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

    2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log

    2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

    2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

    2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

    2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox

    2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt

    2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini

    2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

    2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

    2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

    2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

    2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

    2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

    2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

    2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini

    2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt

    2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

    2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log

    2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

    2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

    2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

    2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

    2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator

    2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

    2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

    2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

    2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

    2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

    2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

    2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

    2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

    2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

    2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

    2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

    2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

    2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner

    2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox

    2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

    2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

    2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

    2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

    2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

    2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

    2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

    2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

    2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

    2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

    2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

    2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

    2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

    2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

    2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

    2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

    2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

    2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

    2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

    2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

    2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

    2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

    2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

    2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

    2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

    2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

     

    Some content of TEMP:

    ====================

    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

     

     

    ==================== Bamital & volsnap Check =================

     

    C:\WINDOWS\explorer.exe => MD5 is legit

    C:\WINDOWS\system32\winlogon.exe => MD5 is legit

    C:\WINDOWS\system32\svchost.exe => MD5 is legit

    C:\WINDOWS\system32\services.exe => MD5 is legit

    C:\WINDOWS\system32\User32.dll => MD5 is legit

    C:\WINDOWS\system32\userinit.exe => MD5 is legit

    C:\WINDOWS\system32\rpcss.dll => MD5 is legit

    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

     

    ==================== End Of Log ============================

  12. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02

    Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:40:48

    Running from C:\Documents and Settings\HP_Administrator\Desktop

    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

    Internet Explorer Version 8

    Boot Mode: Normal

     

    The only official download link for FRST:

    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    Download link from any site other than Bleeping Computer is unpermitted or outdated.

    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

     

    ==================== Processes (Whitelisted) ===================

     

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    (Microsoft) C:\WINDOWS\arservice.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

    (Microsoft) C:\WINDOWS\arpwrmsg.exe

    (Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

    (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    (SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    (Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

    (Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe

    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

    HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

    HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

    HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

    HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

    HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

    HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

    HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

    HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)

    HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

    HKLM\...\Policies\Explorer: [NoCDBurning] 0

    HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

    HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

    ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

    Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

     

    ==================== Internet (Whitelisted) ====================

     

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

    Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

     

    Chrome:

    =======

    CHR HomePage: hxxp://www.yahoo.com/

    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

    CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

    CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

    CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

    CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

    CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

    CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

     

    ========================== Services (Whitelisted) =================

     

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

    R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)

    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

    S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

    S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]

     

    ==================== Drivers (Whitelisted) ====================

     

    R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

    R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

    R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

    R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

    R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software)

    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software)

    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software)

    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software)

    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software)

    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] ()

    R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

    R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

    R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

    S2 ASPI32; No ImagePath

    S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

    R3 catchme; \??\C:\ComboFix\catchme.sys [x]

    S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

    S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

    U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

     

    ==================== One Month Created Files and Folders ========

     

    2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

    2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt

    2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

    2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

    2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

    2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

    2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

    2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

    2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

    2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox

    2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt

    2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

    2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

    2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

    2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

    2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

    2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

    2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

    2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

    2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

    2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

    2014-01-26 13:53 - 2014-01-27 18:41 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

    2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

    2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST

    2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

    2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

    2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

    2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

    2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

    2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

    2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

    2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

    2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

    2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

     

    ==================== One Month Modified Files and Folders =======

     

    2014-01-27 18:41 - 2014-01-26 13:53 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

    2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

    2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

    2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

    2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt

    2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

    2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

    2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

    2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

    2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log

    2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

    2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

    2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

    2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox

    2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt

    2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini

    2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

    2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

    2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

    2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

    2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

    2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

    2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

    2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini

    2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt

    2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

    2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log

    2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

    2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

    2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

    2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

    2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator

    2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

    2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

    2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

    2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

    2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

    2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

    2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

    2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

    2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

    2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

    2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

    2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

    2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

    2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner

    2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox

    2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

    2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

    2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

    2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

    2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

    2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

    2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

    2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

    2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

    2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

    2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

    2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

    2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

    2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

    2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

    2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

    2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

    2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

    2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

    2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

    2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

    2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

    2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

    2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

    2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

    2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

    2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

    2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

    2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

    2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

     

    Some content of TEMP:

    ====================

    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

     

     

    ==================== Bamital & volsnap Check =================

     

    C:\WINDOWS\explorer.exe => MD5 is legit

    C:\WINDOWS\system32\winlogon.exe => MD5 is legit

    C:\WINDOWS\system32\svchost.exe => MD5 is legit

    C:\WINDOWS\system32\services.exe => MD5 is legit

    C:\WINDOWS\system32\User32.dll => MD5 is legit

    C:\WINDOWS\system32\userinit.exe => MD5 is legit

    C:\WINDOWS\system32\rpcss.dll => MD5 is legit

    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

     

    ==================== End Of Log ============================

  13.  

    Juliet please tell something has been found and we can get it off my computer. Thank you again!

     

     

     

     

     

    ComboFix 14-01-27.02 - HP_Administrator 01/27/2014 13:43:04.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.394 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

    c:\documents and settings\Administrator\WINDOWS

    c:\documents and settings\Default User\WINDOWS

    c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

    c:\documents and settings\HP_Administrator\WINDOWS

    c:\windows\system32\Cache

    c:\windows\system32\Cache\081abff8e8ad405f.fb

    c:\windows\system32\Cache\272512937d9e61a4.fb

    c:\windows\system32\Cache\287204568329e189.fb

    c:\windows\system32\Cache\28bc8f716fd76a47.fb

    c:\windows\system32\Cache\2c53092c95605355.fb

    c:\windows\system32\Cache\2cbc76d442dff50d.fb

    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

    c:\windows\system32\Cache\32c84fe32bb74d60.fb

    c:\windows\system32\Cache\3917078cb68ec657.fb

    c:\windows\system32\Cache\53546bca5aa52b3a.fb

    c:\windows\system32\Cache\590ba23ce359fd0c.fb

    c:\windows\system32\Cache\610289e025a3ee9a.fb

    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

    c:\windows\system32\Cache\6aec4b1ef991e653.fb

    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

    c:\windows\system32\Cache\6d03dad1035885d3.fb

    c:\windows\system32\Cache\a8556537add6dfc5.fb

    c:\windows\system32\Cache\a8ac613b3acde6ae.fb

    c:\windows\system32\Cache\ad10a52aff5e038d.fb

    c:\windows\system32\Cache\c1fa887b03019701.fb

    c:\windows\system32\Cache\c4d28dca2e7648be.fb

    c:\windows\system32\Cache\cd6ac642ef0376d6.fb

    c:\windows\system32\Cache\d201ef9910cd39de.fb

    c:\windows\system32\Cache\d2e94710a5708128.fb

    c:\windows\system32\Cache\d79b9dfe81484ec4.fb

    c:\windows\system32\Cache\e0de16f883bea794.fb

    c:\windows\system32\Cache\f998975c9cc711ee.fb

    c:\windows\system32\config\systemprofile\WINDOWS

    c:\windows\system32\ps2.bat

    D:\Autorun.inf

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-12-27 to 2014-01-27 )))))))))))))))))))))))))))))))

    .

    .

    2014-01-26 22:08 . 2014-01-26 22:08 -------- d-----w- c:\program files\ESET

    2014-01-26 20:09 . 2014-01-26 20:09 -------- d-----w- c:\windows\ERUNT

    2014-01-25 18:28 . 2014-01-25 18:28 -------- d-----w- C:\FRST

    2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

    2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

    2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

    2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

    2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

    2014-01-16 19:47 . 2014-01-16 19:48 -------- d-----w- c:\program files\QuickTime

    2014-01-16 19:47 . 2014-01-16 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    2014-01-05 02:59 . 2014-01-05 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVAST Software

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-01-27 02:02 . 2012-05-10 05:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2014-01-27 02:02 . 2011-12-22 08:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2014-01-26 20:53 . 2012-10-15 01:54 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2014-01-26 20:53 . 2012-10-15 01:54 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2014-01-26 20:53 . 2012-10-15 01:54 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2014-01-26 20:53 . 2013-03-21 19:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2014-01-26 20:53 . 2012-10-15 01:54 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2014-01-26 20:53 . 2012-10-15 01:53 43152 ----a-w- c:\windows\avastSS.scr

    2014-01-26 20:53 . 2012-10-15 01:53 270240 ----a-w- c:\windows\system32\aswBoot.exe

    2014-01-16 19:39 . 2014-01-16 19:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

    2014-01-16 19:39 . 2013-03-07 23:24 145408 ----a-w- c:\windows\system32\javacpl.cpl

    2014-01-05 02:55 . 2013-03-21 19:56 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2014-01-05 02:55 . 2013-03-21 19:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-11-27 20:21 . 2011-12-20 20:08 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

    2013-11-13 02:59 . 2004-08-10 19:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

    2013-11-07 05:38 . 2011-12-20 20:09 591360 ----a-w- c:\windows\system32\rpcrt4.dll

    2013-11-06 01:03 . 2011-12-21 03:51 7168 ----a-w- c:\windows\system32\xpsp4res.dll

    2013-10-30 02:26 . 2011-12-20 20:12 1879040 ----a-w- c:\windows\system32\win32k.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2014-01-26 20:53 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 5625624]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

    "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]

    "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

    "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-10-17 295512]

    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

    .

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

    Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe -startup [2011-12-20 36903]

    .

    c:\documents and settings\Default User\Start Menu\Programs\Startup\

    Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat [2005-11-13 27136]

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Program Files\\DISC\\DISCover.exe"=

    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=

    "c:\\Program Files\\DISC\\myFTP.exe"=

    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    .

    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/21/2013 2:56 PM 49944]

    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/21/2013 2:56 PM 180248]

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/14/2012 8:54 PM 775952]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/14/2012 8:54 PM 410784]

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/21/2013 2:56 PM 67824]

    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]

    S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]

    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

    S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - WS2IFSL

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 02:02]

    .

    2014-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

    .

    2014-01-27 c:\windows\Tasks\avast! Emergency Update.job

    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-15 20:53]

    .

    2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

    - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22]

    .

    2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

    - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22]

    .

    2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

    .

    2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

    .

    2014-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

    .

    2014-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.yahoo.com/

    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

    HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe

    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe

    HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

    HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe

    AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2014-01-27 13:57

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

    @DACL=(02 0000)

    "Installed"="1"

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

    @DACL=(02 0000)

    "Installed"="1"

    "NoChange"="1"

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

    @DACL=(02 0000)

    "Installed"="1"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(788)

    c:\windows\system32\Ati2evxx.dll

    .

    - - - - - - - > 'explorer.exe'(1328)

    c:\windows\system32\WININET.dll

    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\webcheck.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\Ati2evxx.exe

    c:\program files\AVAST Software\Avast\AvastSvc.exe

    c:\windows\system32\Ati2evxx.exe

    c:\windows\arservice.exe

    c:\windows\eHome\ehRecvr.exe

    c:\windows\eHome\ehSched.exe

    c:\program files\Java\jre7\bin\jqs.exe

    c:\program files\Common Files\LightScribe\LSSrvc.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\windows\ehome\mcrdsvc.exe

    c:\windows\ARPWRMSG.EXE

    c:\windows\system32\dllhost.exe

    c:\windows\eHome\ehmsas.exe

    c:\program files\Updates from HP\9972322\Program\Updates from HP.exe

    c:\program files\DISC\DiscStreamHub.exe

    c:\program files\OpenOffice.org 3\program\soffice.exe

    c:\program files\OpenOffice.org 3\program\soffice.bin

    c:\windows\system32\wscntfy.exe

    c:\hp\KBD\KBD.EXE

    .

    **************************************************************************

    .

    Completion time: 2014-01-27 14:05:26 - machine was rebooted

    ComboFix-quarantined-files.txt 2014-01-27 19:05

    .

    Pre-Run: 204,659,134,464 bytes free

    Post-Run: 204,703,301,632 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    .

    - - End Of File - - CC4AC80BAEF29A1C90C4997AAE129AAA

    0AC6D996BCE152AED9600E6D6B797E2E

  14. Thanks Juliet, when I went in to link you provided for how to do an emergency backup, my computer went haywire and a video popped up about spaceships and blah blah while I was trying to read the instructions. There is defenetely something hiding in my computer.

     

    So I am going to get going with the new instructions you gave me. Thanks again!

  15. I don't think it is the fan, because normally the computer is quiet. I have had a few strange things happen while browsing, a couple of times music started to play, another time a rather large picture popped up in front of my screen, I was able to X out of the picture. Are these what you would consider Malware?

     

    It is really hard for me to explain, but this sound my computer makes only seems to happen when something has gotten into my computer and no matter how many times I run the usual scans if the scans don't find the problems and remove them then the computer will continue to act up. It is not constant but always when I am using my browser. So I came here again because all the scans I ran did not correct the issue. So now I am hoping what you suggested will help. At the moment it is very quiete, not whining at all.

     

    Should I do any other scans to make sure all is well? Can't thank you enough Juliet for your help and I am so thankful for the PcPitstop. Everytime I get into a mess I always come here. Thank you so much!!

     

     

     

    oops! another question.....what do I do with all of the above scans I have on my Desktop....keep....delete?

  16. I hope I pasted the results of the right one and not the one from the first scan ealier....thank you!

     

     

     

     

     

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-01-2014 03

    Ran by HP_Administrator at 2014-01-26 19:56:43 Run:2

    Running from C:\Documents and Settings\HP_Administrator\Desktop

    Boot Mode: Normal

     

    ==============================================

     

    Content of fixlist:

    *****************

    start

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip

    C:\Program Files\PDFCreator\message.exe

    end

    *****************

     

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip => Moved successfully.

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip => Moved successfully.

    C:\Program Files\PDFCreator\message.exe => Moved successfully.

     

    ==== End of Fixlog ====

×
×
  • Create New...