Jump to content

Change Mode

Something is on my computer, my DDS scans


darkeyes
 Share

Recommended Posts

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/20/2011 6:45:58 PM
System Uptime: 1/16/2014 3:22:06 AM (213 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope
Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 191.074 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 4.78 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SCANPORT SimpleSCSI Miniport Drivers
Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Manufacturer: Company
Name: SCANPORT SimpleSCSI Miniport Drivers
PNP Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Service: SMPLSCSI
.
==== System Restore Points ===================
.
RP729: 10/27/2013 6:42:53 PM - System Checkpoint
RP730: 10/28/2013 8:04:47 PM - System Checkpoint
RP731: 10/29/2013 8:42:52 PM - System Checkpoint
RP732: 10/30/2013 9:54:53 PM - System Checkpoint
RP733: 10/31/2013 11:56:43 PM - System Checkpoint
RP734: 11/2/2013 12:09:34 AM - System Checkpoint
RP735: 11/2/2013 11:48:59 PM - System Checkpoint
RP736: 11/4/2013 12:22:14 AM - System Checkpoint
RP737: 11/5/2013 12:38:51 AM - System Checkpoint
RP738: 11/6/2013 1:22:14 AM - System Checkpoint
RP739: 11/7/2013 2:34:14 AM - System Checkpoint
RP740: 11/8/2013 3:21:14 AM - System Checkpoint
RP741: 11/9/2013 3:22:15 AM - System Checkpoint
RP742: 11/10/2013 4:22:15 AM - System Checkpoint
RP743: 11/11/2013 5:22:15 AM - System Checkpoint
RP744: 11/12/2013 6:22:15 AM - System Checkpoint
RP745: 11/13/2013 3:00:18 AM - Software Distribution Service 3.0
RP746: 11/14/2013 3:27:48 AM - System Checkpoint
RP747: 11/15/2013 4:23:55 AM - System Checkpoint
RP748: 11/16/2013 5:23:55 AM - System Checkpoint
RP749: 11/17/2013 5:42:24 AM - System Checkpoint
RP750: 11/18/2013 5:46:54 AM - System Checkpoint
RP751: 11/19/2013 6:46:55 AM - System Checkpoint
RP752: 11/20/2013 7:46:56 AM - System Checkpoint
RP753: 11/21/2013 8:00:59 AM - System Checkpoint
RP754: 11/22/2013 9:10:55 AM - System Checkpoint
RP755: 11/23/2013 9:46:55 AM - System Checkpoint
RP756: 11/24/2013 9:56:44 AM - System Checkpoint
RP757: 11/25/2013 10:57:23 AM - System Checkpoint
RP758: 11/26/2013 12:08:41 PM - System Checkpoint
RP759: 11/27/2013 12:56:44 PM - System Checkpoint
RP760: 11/28/2013 1:08:42 PM - System Checkpoint
RP761: 11/29/2013 1:56:45 PM - System Checkpoint
RP762: 11/30/2013 2:30:19 PM - System Checkpoint
RP763: 12/1/2013 3:17:05 PM - System Checkpoint
RP764: 12/2/2013 4:16:55 PM - System Checkpoint
RP765: 12/3/2013 4:53:55 PM - System Checkpoint
RP766: 12/4/2013 4:56:43 PM - System Checkpoint
RP767: 12/5/2013 5:56:47 PM - System Checkpoint
RP768: 12/6/2013 7:45:22 PM - System Checkpoint
RP769: 12/7/2013 8:07:10 PM - System Checkpoint
RP770: 12/8/2013 10:59:32 PM - System Checkpoint
RP771: 12/9/2013 11:55:43 PM - System Checkpoint
RP772: 12/11/2013 12:19:14 AM - System Checkpoint
RP773: 12/12/2013 1:07:08 AM - System Checkpoint
RP774: 12/12/2013 3:00:16 AM - Software Distribution Service 3.0
RP775: 12/13/2013 3:00:17 AM - Software Distribution Service 3.0
RP776: 12/14/2013 3:27:50 AM - System Checkpoint
RP777: 12/15/2013 3:51:51 AM - System Checkpoint
RP778: 12/16/2013 4:27:51 AM - System Checkpoint
RP779: 12/17/2013 5:27:53 AM - System Checkpoint
RP780: 12/18/2013 6:39:52 AM - System Checkpoint
RP781: 12/19/2013 7:27:52 AM - System Checkpoint
RP782: 12/20/2013 8:27:52 AM - System Checkpoint
RP783: 12/21/2013 8:51:52 AM - System Checkpoint
RP784: 12/22/2013 9:27:53 AM - System Checkpoint
RP785: 12/23/2013 10:27:52 AM - System Checkpoint
RP786: 12/24/2013 10:38:35 AM - System Checkpoint
RP787: 12/25/2013 10:39:53 AM - System Checkpoint
RP788: 12/26/2013 11:27:53 AM - System Checkpoint
RP789: 12/27/2013 12:03:55 PM - System Checkpoint
RP790: 12/28/2013 12:27:53 PM - System Checkpoint
RP791: 12/29/2013 1:51:53 PM - System Checkpoint
RP792: 12/30/2013 2:34:00 PM - System Checkpoint
RP793: 12/31/2013 4:28:02 PM - System Checkpoint
RP794: 1/1/2014 4:51:36 PM - System Checkpoint
RP795: 1/2/2014 5:27:55 PM - System Checkpoint
RP796: 1/3/2014 5:51:54 PM - System Checkpoint
RP797: 1/4/2014 6:27:55 PM - System Checkpoint
RP798: 1/4/2014 9:53:12 PM - avast! antivirus system restore point
RP799: 1/5/2014 11:27:29 PM - System Checkpoint
RP800: 1/7/2014 12:53:17 AM - System Checkpoint
RP801: 1/8/2014 2:01:19 AM - System Checkpoint
RP802: 1/9/2014 2:25:43 AM - System Checkpoint
RP803: 1/10/2014 3:23:56 AM - System Checkpoint
RP804: 1/11/2014 4:01:43 AM - System Checkpoint
RP805: 1/12/2014 5:01:43 AM - System Checkpoint
RP806: 1/13/2014 6:01:45 AM - System Checkpoint
RP807: 1/14/2014 7:01:43 AM - System Checkpoint
RP808: 1/14/2014 9:23:46 PM - Software Distribution Service 3.0
RP809: 1/15/2014 10:01:44 PM - System Checkpoint
RP810: 1/16/2014 3:00:22 AM - Software Distribution Service 3.0
RP811: 1/16/2014 2:38:02 PM - Removed Java 7 Update 25
RP812: 1/16/2014 2:38:56 PM - Installed Java 7 Update 51
RP813: 1/16/2014 2:46:05 PM - Installed QuickTime
RP814: 1/17/2014 3:23:27 PM - System Checkpoint
RP815: 1/18/2014 3:29:17 PM - System Checkpoint
RP816: 1/19/2014 3:41:44 PM - System Checkpoint
RP817: 1/20/2014 4:41:44 PM - System Checkpoint
RP818: 1/21/2014 5:39:10 PM - System Checkpoint
RP819: 1/22/2014 5:41:42 PM - System Checkpoint
RP820: 1/23/2014 6:41:45 PM - System Checkpoint
RP821: 1/24/2014 7:40:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
5 Card Slingo from HP Media Center (remove only)
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Application Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Canon i850
Chuzzle Deluxe from HP Media Center (remove only)
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Perf 4490P Guide
EPSON Scan
EPSON Scan Assistant
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareAlert
InstantShareDevices
InterVideo WinDVD Player
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 5
Java 7 Update 51
Java Auto Updater
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Money 2005
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OpenOffice.org 3.3
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Remove IntelliMover Demo
Revo Uninstaller 1.95
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834905-v2)
Security Update for Windows Media Player (KB2834905)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe from HP Media Center (remove only)
.
==== End Of File ===========================
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uWindows: Load = K:\CDSETUP.EXE
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [PCDrProfiler] <no file>
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\f6708611-49e6-4d39-bc44-6d6acc296e1e.exe /check
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4E0C14B6-12DC-4A9B-87D9-63DBA413DD58} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D1981F4D-17A3-4E2A-9253-27159CB8DDC0} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-14 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-14 410528]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-7-13 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-21 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-14 50344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-7-13 1598128]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
.
=============== Created Last 30 ================
.
2014-01-16 19:48:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-01-16 19:48:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-01-16 19:48:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-01-16 19:48:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-01-16 19:48:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-01-16 19:39:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 02:59:41 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVAST Software
.
==================== Find3M ====================
.
2014-01-23 05:12:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-23 05:12:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-16 19:39:11 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-05 02:55:09 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-05 02:55:09 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 02:55:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 02:55:09 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-05 02:55:08 43152 ----a-w- c:\windows\avastSS.scr
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 0:07:02.18 ===============

 

Link to comment
Share on other sites

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Hi and welcome

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

(use correct version for your system.....Which system am I using?)

 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to comment
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-01-2014 01

Ran by HP_Administrator at 2014-01-25 13:29:41

Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Boot Mode: Normal

==========================================================



==================== Security Center ========================


AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}


==================== Installed Programs ======================


5 Card Slingo from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512 - ABBYY Software House)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)

Adobe Reader 7.0 (Version: 7.0.0 - Adobe Systems Incorporated)

Agere Systems PCI-SV92PP Soft Modem (Version: - )

AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden

AiO_Scan_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden

AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden

AiOSoftwareNPI (Version: 50.0.214.000 - Hewlett-Packard) Hidden

Apple Application Support (Version: 2.3.4 - Apple Inc.)

Apple Software Update (Version: 2.1.3.127 - Apple Inc.)

AstroPop Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

ATI Control Panel (Version: 6.14.10.5166 - )

ATI Display Driver (Version: 8.17-050813a1-025991C-HP - )

avast! Free Antivirus (Version: 9.0.2011 - Avast Software)

Barnyard Invasion from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Bejeweled 2 Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Blackhawk Striker 2 from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Blasterball 2 from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Blasterball 2 Remix from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Boggle Supreme from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Bookworm Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Bounce Symphony from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CameraDrivers (Version: 5.0.0.290 - Hewlett-Packard) Hidden

CameraDrivers (Version: 5.0.0.328 - Hewlett-Packard) Hidden

Canon i850 (Version: - )

Chuzzle Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Coupon Printer for Windows (Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION

CP_AtenaShokunin1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CP_CalendarTemplates1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

cp_LightScribeConfig (Version: 53.0.24.000 - Hewlett-Packard) Hidden

cp_LightScribePlugin (Version: 53.0.24.000 - Hewlett-Packard) Hidden

CP_Package_Basic1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

CP_Panorama1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Crystal Maze from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

CueTour (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) <==== ATTENTION

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden <==== ATTENTION

Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden <==== ATTENTION

DISCover (Version: 3.21 - )

DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden

DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden

DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard)

Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden

EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON)

EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden

EPSON Copy Utility 3 (Version: 3.1.5.0 - )

EPSON Event Manager (Version: 1.71.00 - )

EPSON File Manager (Version: 1.1.0.0 - )

EPSON Perf 4490P Guide (Version: - )

EPSON Scan (Version: - )

EPSON Scan Assistant (Version: 1.10.00 - )

Family Feud (Version: 10/24/2005 10:21 AM - WildTangent)

FATE from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden

Fax_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden

GemMaster Mystic (Version: - )

Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)

Google Toolbar for Internet Explorer (Version: - )

High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)

HP Boot Optimizer (Version: 2.0.5.1 - Hewlett-Packard Company)

HP Deskjet Printer Preload (Version: 10.1.0 - Hewlett-Packard Company)

HP DigitalMedia Archive (Version: 1.2 - Hewlett-Packard)

HP Document Viewer 5.3 (Version: 5.3 - HP)

HP Game Console and games (Version: - WildTangent)

HP Image Zone 5.3 (Version: 5.3 - HP)

HP Image Zone for Media Center PC (Version: - ) <==== ATTENTION

HP Imaging Device Functions 5.3 (Version: 5.3 - HP) <==== ATTENTION

HP Multimedia Keyboard Software (Version: - )

HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1 - HP)

HP Photosmart Cameras 5.0 (Version: 5.0 - HP)

HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden

HP PSC & OfficeJet 5.3.A (Version: - HP) <==== ATTENTION

HP PSC & OfficeJet 5.3.B (Version: - HP) <==== ATTENTION

HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3 - HP) <==== ATTENTION

HP Update (Version: 5.005.000.002 - Hewlett-Packard)

HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden

HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden

Insaniquarium Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

InstantShareAlert (Version: 1.00.0000 - HP) Hidden

InstantShareDevices (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION

InterVideo WinDVD Player (Version: - )

InterVideo WinDVD Player (Version: 5.0-B11.896 - InterVideo Inc.)

iPhoto Plus 4 (Version: - )

J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50 - Sun Microsystems, Inc.)

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Lemonade Tycoon 2 from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Lexibox Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

LightScribe 1.4.52.1 (Version: 1.4.52.1 - Integrator) Hidden

Mah Jong Quest from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

Microsoft .NET Framework 1.0 Hotfix (KB2572066) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2604042) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2656378) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2698035) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2742607) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2833951) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.1 (Version: - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation) <==== ATTENTION

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation) <==== ATTENTION

Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Away Mode (Version: 6.0.0160.0 - Microsoft Corporation)

Microsoft Money 2005 (Version: 14 - Microsoft)

Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (Version: 1.0.0 - Microsoft) <==== ATTENTION

Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation) <==== ATTENTION

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (Version: 08.04.0623 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee autoProducer 4.5 (Version: 4.50.050 - muvee Technologies) <==== ATTENTION

muvee autoProducer unPlugged 1.2 (Version: 1.20.100 - muvee Technologies) <==== ATTENTION

Netscape Browser (remove only) (Version: - )

NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden

NewCopy_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden

OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org) <==== ATTENTION

Otto (Version: - )

PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden

PC-Doctor 5 for Windows (Version: 5.00.3187.03 - PC-Doctor, Inc.)

PhotoGallery (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Polar Bowler from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Polar Golfer from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

PS2 (Version: - )

PSPrinters08 (Version: 8.01.0000 - HP) Hidden

PSTAPlugin (Version: 8.01.0000 - Hewlett-Packard) Hidden

Puzzle Express from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Python 2.2 pywin32 extensions (build 203) (Version: - )

Python 2.2.3 (Version: 2.2.3 - PythonLabs at Zope Corporation)

Quicken 2006 (Version: 15.1.1.29 - Intuit)

QuickTime (Version: 7.74.80.86 - Apple Inc.)

RandMap (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Readme (Version: 50.0.214.000 - Hewlett-Packard) Hidden

RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (Version: 16.0.3 - RealNetworks)

Realtek High Definition Audio Driver (Version: - )

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Remove IntelliMover Demo (Version: - )

Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)

Ricochet Lost Worlds from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden

ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden

SCRABBLE from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Shooting Stars Pool from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Shrek 2 Ogre Bowler from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

SkinsHP1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Slingo Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

Snowboard SuperJam from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden <==== ATTENTION

Sonic Express Labeler (Version: 2.1.0 - Sonic Solutions)

Sonic MyDVD Plus (Version: 6.2.0 - Sonic Solutions)

Sonic RecordNow Audio (Version: 2.0.4 - Sonic Solutions)

Sonic RecordNow Copy (Version: 2.0.4 - Sonic Solutions)

Sonic RecordNow Data (Version: 2.0.4 - Sonic Solutions)

Sonic Update Manager (Version: 3.0.0 - Sonic Solutions)

Sonic_PrimoSDK (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)

Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Super Granny from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

SUPERAntiSpyware (Version: 5.0.1142 - SUPERAntiSpyware.com)

Tradewinds from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION

TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Unload (Version: 5.0.0 - Hewlett-Packard) Hidden

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation)

Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)

Update Rollup 2 for Windows XP Media Center Edition 2005 (Version: - Microsoft Corporation) <==== ATTENTION

Updates from HP (remove only) (Version: - )

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden

Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)

Windows Media Format Runtime (Version: - )

Windows XP Media Center Edition 2005 KB2502898 (Version: - Microsoft Corporation) <==== ATTENTION

Windows XP Media Center Edition 2005 KB2619340 (Version: - Microsoft Corporation) <==== ATTENTION

Windows XP Media Center Edition 2005 KB2628259 (Version: - Microsoft Corporation) <==== ATTENTION

Windows XP Media Center Edition 2005 KB908250 (Version: - Microsoft Corporation) <==== ATTENTION

Windows XP Media Center Edition 2005 KB973768 (Version: - Microsoft Corporation) <==== ATTENTION

Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation) <==== ATTENTION

Zuma Deluxe from HP Media Center (remove only) (Version: - WildTangent) <==== ATTENTION


==================== Restore Points =========================


27-10-2013 22:42:53 System Checkpoint

29-10-2013 00:04:47 System Checkpoint

30-10-2013 00:42:52 System Checkpoint

31-10-2013 01:54:53 System Checkpoint

01-11-2013 03:56:43 System Checkpoint

02-11-2013 04:09:34 System Checkpoint

03-11-2013 04:48:59 System Checkpoint

04-11-2013 05:22:14 System Checkpoint

05-11-2013 05:38:51 System Checkpoint

06-11-2013 06:22:14 System Checkpoint

07-11-2013 07:34:14 System Checkpoint

08-11-2013 08:21:14 System Checkpoint

09-11-2013 08:22:15 System Checkpoint

10-11-2013 09:22:15 System Checkpoint

11-11-2013 10:22:15 System Checkpoint

12-11-2013 11:22:15 System Checkpoint

13-11-2013 08:00:18 Software Distribution Service 3.0

14-11-2013 08:27:48 System Checkpoint

15-11-2013 09:23:55 System Checkpoint

16-11-2013 10:23:55 System Checkpoint

17-11-2013 10:42:24 System Checkpoint

18-11-2013 10:46:54 System Checkpoint

19-11-2013 11:46:55 System Checkpoint

20-11-2013 12:46:56 System Checkpoint

21-11-2013 13:00:59 System Checkpoint

22-11-2013 14:10:55 System Checkpoint

23-11-2013 14:46:55 System Checkpoint

24-11-2013 14:56:44 System Checkpoint

25-11-2013 15:57:23 System Checkpoint

26-11-2013 17:08:41 System Checkpoint

27-11-2013 17:56:44 System Checkpoint

28-11-2013 18:08:42 System Checkpoint

29-11-2013 18:56:45 System Checkpoint

30-11-2013 19:30:19 System Checkpoint

01-12-2013 20:17:05 System Checkpoint

02-12-2013 21:16:55 System Checkpoint

03-12-2013 21:53:55 System Checkpoint

04-12-2013 21:56:43 System Checkpoint

05-12-2013 22:56:47 System Checkpoint

07-12-2013 00:45:22 System Checkpoint

08-12-2013 01:07:10 System Checkpoint

09-12-2013 03:59:32 System Checkpoint

10-12-2013 04:55:43 System Checkpoint

11-12-2013 05:19:14 System Checkpoint

12-12-2013 06:07:08 System Checkpoint

12-12-2013 08:00:16 Software Distribution Service 3.0

13-12-2013 08:00:17 Software Distribution Service 3.0

14-12-2013 08:27:50 System Checkpoint

15-12-2013 08:51:51 System Checkpoint

16-12-2013 09:27:51 System Checkpoint

17-12-2013 10:27:53 System Checkpoint

18-12-2013 11:39:52 System Checkpoint

19-12-2013 12:27:52 System Checkpoint

20-12-2013 13:27:52 System Checkpoint

21-12-2013 13:51:52 System Checkpoint

22-12-2013 14:27:53 System Checkpoint

23-12-2013 15:27:52 System Checkpoint

24-12-2013 15:38:35 System Checkpoint

25-12-2013 15:39:53 System Checkpoint

26-12-2013 16:27:53 System Checkpoint

27-12-2013 17:03:55 System Checkpoint

28-12-2013 17:27:53 System Checkpoint

29-12-2013 18:51:53 System Checkpoint

30-12-2013 19:34:00 System Checkpoint

31-12-2013 21:28:02 System Checkpoint

01-01-2014 21:51:36 System Checkpoint

02-01-2014 22:27:55 System Checkpoint

03-01-2014 22:51:54 System Checkpoint

04-01-2014 23:27:55 System Checkpoint

05-01-2014 02:53:12 avast! antivirus system restore point

06-01-2014 04:27:29 System Checkpoint

07-01-2014 05:53:17 System Checkpoint

08-01-2014 07:01:19 System Checkpoint

09-01-2014 07:25:43 System Checkpoint

10-01-2014 08:23:56 System Checkpoint

11-01-2014 09:01:43 System Checkpoint

12-01-2014 10:01:43 System Checkpoint

13-01-2014 11:01:45 System Checkpoint

14-01-2014 12:01:43 System Checkpoint

15-01-2014 02:23:46 Software Distribution Service 3.0

16-01-2014 03:01:44 System Checkpoint

16-01-2014 08:00:22 Software Distribution Service 3.0

16-01-2014 19:38:02 Removed Java 7 Update 25

16-01-2014 19:38:56 Installed Java 7 Update 51

16-01-2014 19:46:05 Installed QuickTime

17-01-2014 20:23:27 System Checkpoint

18-01-2014 20:29:17 System Checkpoint

19-01-2014 20:41:44 System Checkpoint

20-01-2014 21:41:44 System Checkpoint

21-01-2014 22:39:10 System Checkpoint

22-01-2014 22:41:42 System Checkpoint

23-01-2014 23:41:45 System Checkpoint

25-01-2014 00:40:01 System Checkpoint


==================== Hosts content: ==========================


2004-08-10 14:00 - 2004-08-10 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost


==================== Scheduled Tasks (whitelisted) =============


Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job => C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job => C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe


==================== Loaded Modules (whitelisted) =============


2014-01-20 18:38 - 2014-01-20 12:52 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012001\algo.dll

2014-01-25 06:49 - 2014-01-25 03:26 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012500\algo.dll

2011-12-20 15:09 - 2011-02-04 20:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll

2011-12-20 15:09 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

2011-12-20 15:04 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2011-12-20 15:07 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2005-08-02 19:19 - 2005-08-02 19:19 - 00050176 _____ () C:\WINDOWS\armcex.dll

2013-07-10 02:08 - 2013-07-10 02:08 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_90c5d2d9\mscorlib.dll

2013-07-10 02:08 - 2013-07-10 02:08 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f06de9ae\system.windows.forms.dll

2013-07-10 02:07 - 2013-07-10 02:07 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c3f250f3\system.dll

2013-07-10 02:08 - 2013-07-10 02:08 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2d3f536d\system.drawing.dll

2014-01-04 21:55 - 2014-01-04 21:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-07-10 02:08 - 2013-07-10 02:08 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1519af9f\system.xml.dll

2005-03-15 18:17 - 2005-03-15 18:17 - 00204800 _____ () c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll

2011-12-20 20:43 - 2011-12-20 20:43 - 00061496 _____ () C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\clntutil.dll

2011-12-20 20:43 - 2011-12-20 20:43 - 00151589 _____ () C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\BWfiles.dll

2011-12-20 20:43 - 2011-12-20 20:43 - 00098339 _____ () C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\frext.dll

2011-12-20 20:43 - 2011-12-20 20:43 - 00126976 _____ () C:\Program Files\Updates from HP\9972322\Program\HPClientExt.dll

2011-01-17 19:19 - 2012-02-22 16:18 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

2014-01-16 00:31 - 2014-01-11 05:29 - 04055320 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll

2014-01-16 00:31 - 2014-01-11 05:29 - 00399640 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll

2014-01-16 00:31 - 2014-01-11 05:28 - 01634584 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll


==================== Alternate Data Streams (whitelisted) =========



==================== Safe Mode (whitelisted) ===================



==================== Faulty Device Manager Devices =============


Name: SCANPORT SimpleSCSI Miniport Drivers

Description: SCANPORT SimpleSCSI Miniport Drivers

Class Guid:

Manufacturer: Company

Service: SMPLSCSI

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.



==================== Event log errors: =========================


Application errors:

==================

Error: (12/06/2013 02:58:34 PM) (Source: CardSpace 3.0.0.0) (User: CARLINE)

Description: An error occurred during the import of a card.

Errors in reading the imported card file.


Inner Exception: The data at the root level is invalid. Line 1, position 1.



Additional Information:

Microsoft.InfoCards.ImportException: Errors in reading the imported card file. ---> System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1.

at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)

at System.Xml.XmlUTF8TextReader.Read()

at System.Xml.XmlCharCheckingReader.Read()

at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

at System.Xml.XmlDocument.Load(XmlReader reader)

at Microsoft.InfoCards.InfoCardXmlSerializer.RetrieveIssuerAndCheckSign(XmlReader reader)

at Microsoft.InfoCards.InfoCardXmlSerializer.CreateCardFromXml(String filename)

at Microsoft.InfoCards.InfoCardXmlSerializer.Deserialize(String filename)

--- End of inner exception stack trace ---


Error: (12/06/2013 02:58:34 PM) (Source: CardSpace 3.0.0.0) (User: CARLINE)

Description: An error occurred during the import of a card.

Errors in reading the imported card file.


Inner Exception: The data at the root level is invalid. Line 1, position 1.



Additional Information:

Microsoft.InfoCards.ImportException: Errors in reading the imported card file. ---> System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1.

at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)

at System.Xml.XmlUTF8TextReader.Read()

at System.Xml.XmlCharCheckingReader.Read()

at System.Xml.XsdValidatingReader.Read()

at System.Xml.XmlReader.MoveToContent()

at System.Xml.XmlReader.IsStartElement(String localname, String ns)

at Microsoft.InfoCards.CheckStoreFileValidityRequest.OnProcess()

--- End of inner exception stack trace ---


Error: (12/06/2013 02:58:33 PM) (Source: CardSpace 3.0.0.0) (User: NT AUTHORITY)

Description: The Windows CardSpace service is too busy to process this request.

User has too many outstanding requests.




Additional Information:

at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)

at System.Environment.get_StackTrace()

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)

at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)

at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)

at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)


Error: (11/18/2013 06:55:52 PM) (Source: Application Hang) (User: )

Description: Fault bucket -333249720.


Error: (11/18/2013 06:55:49 PM) (Source: Application Hang) (User: )

Description: Fault bucket -333249720.


Error: (11/18/2013 06:54:41 PM) (Source: Application Hang) (User: )

Description: Hanging application chrome.exe, version 31.0.1650.57, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


Error: (11/18/2013 06:54:41 PM) (Source: Application Hang) (User: )

Description: Hanging application chrome.exe, version 31.0.1650.57, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


Error: (10/30/2013 05:36:33 PM) (Source: Application Hang) (User: )

Description: Fault bucket 229465369.


Error: (10/30/2013 05:36:33 PM) (Source: Application Hang) (User: )

Description: Fault bucket 229465369.


Error: (10/30/2013 05:36:04 PM) (Source: Application Hang) (User: )

Description: Hanging application Updates from HP.exe, version 6.3.2.116, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



System errors:

=============

Error: (01/16/2014 02:37:44 PM) (Source: Service Control Manager) (User: )

Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).


Error: (01/16/2014 03:23:02 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SBRE

SMPLSCSI


Error: (01/16/2014 03:23:02 AM) (Source: Service Control Manager) (User: )

Description: The ONSIO service failed to start due to the following error:

%%2


Error: (01/16/2014 03:23:02 AM) (Source: Service Control Manager) (User: )

Description: The ASPI32 service failed to start due to the following error:

%%2


Error: (01/04/2014 09:59:00 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SBRE

SMPLSCSI


Error: (01/04/2014 09:58:45 PM) (Source: Service Control Manager) (User: )

Description: The ONSIO service failed to start due to the following error:

%%2


Error: (01/04/2014 09:58:45 PM) (Source: Service Control Manager) (User: )

Description: The ASPI32 service failed to start due to the following error:

%%2


Error: (01/04/2014 09:58:45 PM) (Source: Service Control Manager) (User: )

Description: The aswFsBlk service failed to start due to the following error:

%%2


Error: (01/04/2014 09:47:17 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SBRE

SMPLSCSI


Error: (01/04/2014 09:47:17 PM) (Source: Service Control Manager) (User: )

Description: The ONSIO service failed to start due to the following error:

%%2



Microsoft Office Sessions:

=========================

Error: (12/06/2013 02:58:34 PM) (Source: CardSpace 3.0.0.0)(User: CARLINE)

Description: Errors in reading the imported card file.


Inner Exception: The data at the root level is invalid. Line 1, position 1.



Additional Information:

Microsoft.InfoCards.ImportException: Errors in reading the imported card file. ---> System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1.

at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)

at System.Xml.XmlUTF8TextReader.Read()

at System.Xml.XmlCharCheckingReader.Read()

at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

at System.Xml.XmlDocument.Load(XmlReader reader)

at Microsoft.InfoCards.InfoCardXmlSerializer.RetrieveIssuerAndCheckSign(XmlReader reader)

at Microsoft.InfoCards.InfoCardXmlSerializer.CreateCardFromXml(String filename)

at Microsoft.InfoCards.InfoCardXmlSerializer.Deserialize(String filename)

--- End of inner exception stack trace ---


Error: (12/06/2013 02:58:34 PM) (Source: CardSpace 3.0.0.0)(User: CARLINE)

Description: Errors in reading the imported card file.


Inner Exception: The data at the root level is invalid. Line 1, position 1.



Additional Information:

Microsoft.InfoCards.ImportException: Errors in reading the imported card file. ---> System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1.

at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)

at System.Xml.XmlUTF8TextReader.Read()

at System.Xml.XmlCharCheckingReader.Read()

at System.Xml.XsdValidatingReader.Read()

at System.Xml.XmlReader.MoveToContent()

at System.Xml.XmlReader.IsStartElement(String localname, String ns)

at Microsoft.InfoCards.CheckStoreFileValidityRequest.OnProcess()

--- End of inner exception stack trace ---


Error: (12/06/2013 02:58:33 PM) (Source: CardSpace 3.0.0.0)(User: NT AUTHORITY)

Description: User has too many outstanding requests.




Additional Information:

at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)

at System.Environment.get_StackTrace()

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)

at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)

at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)

at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)

at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)


Error: (11/18/2013 06:55:52 PM) (Source: Application Hang)(User: )

Description: -333249720


Error: (11/18/2013 06:55:49 PM) (Source: Application Hang)(User: )

Description: -333249720


Error: (11/18/2013 06:54:41 PM) (Source: Application Hang)(User: )

Description: chrome.exe31.0.1650.57hungapp0.0.0.000000000


Error: (11/18/2013 06:54:41 PM) (Source: Application Hang)(User: )

Description: chrome.exe31.0.1650.57hungapp0.0.0.000000000


Error: (10/30/2013 05:36:33 PM) (Source: Application Hang)(User: )

Description: 229465369


Error: (10/30/2013 05:36:33 PM) (Source: Application Hang)(User: )

Description: 229465369


Error: (10/30/2013 05:36:04 PM) (Source: Application Hang)(User: )

Description: Updates from HP.exe6.3.2.116hungapp0.0.0.000000000



==================== Memory info ===========================


Percentage of memory in use: 82%

Total physical RAM: 959.36 MB

Available physical RAM: 165.64 MB

Total Pagefile: 2312.59 MB

Available Pagefile: 1126.08 MB

Total Virtual: 2047.88 MB

Available Virtual: 1953.24 MB


==================== Drives ================================


Drive c: (HP_PAVILION) (Fixed) (Total:221.12 GB) (Free:190.96 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:4.78 GB) FAT32 ==>[Drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (Size: 233 GB) (Disk ID: B797B797)

Partition 1: (Not Active) - (Size=12 GB) - (Type=0C)

Partition 2: (Active) - (Size=221 GB) - (Type=07 NTFS)


==================== End Of Log ============================

Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2014 01

Ran by HP_Administrator (administrator) on CARLINE on 25-01-2014 13:28:30

Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal


The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.



==================== Processes (Whitelisted) ===================


(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft) C:\WINDOWS\arservice.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft) C:\WINDOWS\arpwrmsg.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscGui.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe



==================== Registry (Whitelisted) ==================


HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

HKLM\...\Run: [PCDrProfiler] - [x]

HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [ROC_roc_dec12] - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

HKLM\...\Run: [HF_G_Jul] - "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

HKLM\...\Run: [ROC_ROC_NT] - "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

HKLM\...\Run: [] - [x]

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-04] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\f6708611-49e6-4d39-bc44-6d6acc296e1e.exe /check [181136 2014-01-23] (AVAST Software)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)

HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

MountPoints2: {ba9bfa3e-53e6-11da-9f04-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()


==================== Internet (Whitelisted) ====================




HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKLM - DefaultScope value is missing.


BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab


Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76


Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


========================== Services (Whitelisted) =================


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-04] (AVAST Software)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-13] (AVG Secure Search)


==================== Drivers (Whitelisted) ====================


R3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

R3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

R3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

R3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

R3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-04] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-04] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-04] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-04] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-04] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-04] ()

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-07-13] (AVG Technologies)

R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

S2 ASPI32; No ImagePath

S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

U1 WS2IFSL;

U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]


==================== NetSvcs (Whitelisted) ===================


NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)


==================== One Month Created Files and Folders ========


2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 00:54 - 2014-01-25 00:54 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\DDS

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


==================== One Month Modified Files and Folders =======


2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 13:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

2014-01-25 12:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-25 09:55 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-25 03:01 - 2005-08-31 07:17 - 01316387 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-25 00:54 - 2014-01-25 00:54 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\DDS

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-24 23:34 - 2005-08-31 07:17 - 00032548 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-24 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

2014-01-23 00:13 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

2014-01-23 00:12 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-23 00:12 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-01-19 12:00 - 2012-05-10 22:20 - 00000966 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job

2014-01-18 23:13 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-18 23:13 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-18 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-16 14:11 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

2014-01-16 14:10 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

2014-01-16 03:23 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-16 03:23 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

2014-01-16 03:22 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-16 03:22 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

2014-01-16 03:22 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

2014-01-16 03:21 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-04 21:55 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-04 21:55 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

2014-01-04 21:45 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


Some content of TEMP:

====================

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll



==================== Bamital & volsnap Check =================


C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


==================== End Of Log ============================

Link to comment
Share on other sites

Coupon Printer for Windows <== need to uninstall this

 

I see AVG and AVAST antivirus on the computer, seems AVG you tried to uninstall? or AVAST?

If so, search add/remove programs list and uninstall anything related.

Only need 1 antivirus on the computer.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM\...\Run: [PCDrProfiler] - [x]

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {5777113E-6B9B-4053-A826-91E42D5BF359} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7D119258-D6BB-4E71-AD1C-8724EC278065&apn_sauid=43B73AAC-C1D9-4605-AB37-12471E5F01F0

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys

end

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:

     

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

     

     

     

     

     

     

    Please post:

    Fixlog.txt

    \AdwCleaner[s1].txt

    JRT.txt

    MBAM.txt

     

    Also please tell me how the computer is at the moment.

Edited by Juliet
Link to comment
Share on other sites

Farbar Recovery Scan Tool FRST<-- it should had created an icon for the tool.

Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads

 

You already downloaded it but it's not located where I would like it to be.

If you would please, go to your copy located C:\Documents and Settings\HP_Administrator\My Documents\Downloads- and delete Farbar Recovery Scan Tool (FRST)

 

I would like for you to download it again but this time please locate it on your desktop.

Don't run it, for now just download it and ensure the location to desktop so that when you complete instructions I posted earlier they will work.

 

Chrome --

Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

(use correct version for your system.....Which system am I using?)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

After you have finished the above we can continue:

 

Coupon Printer for Windows <== need to uninstall this

 

I see AVG and AVAST antivirus on the computer, seems AVG you tried to uninstall? or AVAST?

If so, search add/remove programs list and uninstall anything related.

Only need 1 antivirus on the computer.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

 

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:

     

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

     

     

     

     

     

     

    Please post:

    Fixlog.txt

    \AdwCleaner[s1].txt

    JRT.txt

    MBAM.txt

     

    Also please tell me how the computer is at the moment.

Edited by Juliet
Link to comment
Share on other sites

Thank you Juliet, I will try again.

 

 

I removed the Coupon Clipper and AVG and most of it, a couple of things would not delete. I also deleted McAffee Security sScan, I think it was downloaded along with something else as a "bonus".

 

I placed the contents of the Quote Box into Notepad and saved it to my desktop. The FRST/ and fixlist.txt are also in Desktop. I am now going to go and run the FRST/ and if I succeed I will post it back here. Thank you!

Edited by darkeyes
Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03

Ran by HP_Administrator (administrator) on CARLINE on 26-01-2014 13:53:55

Running from C:\Documents and Settings\HP_Administrator\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal


The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.



==================== Processes (Whitelisted) ===================


(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft) C:\WINDOWS\arservice.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft) C:\WINDOWS\arpwrmsg.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscGui.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe



==================== Registry (Whitelisted) ==================


HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

HKLM\...\Run: [PCDrProfiler] - [x]

HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [ROC_roc_dec12] - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

HKLM\...\Run: [HF_G_Jul] - "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

HKLM\...\Run: [ROC_ROC_NT] - "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

HKLM\...\Run: [] - [x]

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-04] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\f6708611-49e6-4d39-bc44-6d6acc296e1e.exe /check [181136 2014-01-23] (AVAST Software)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)

HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

MountPoints2: {ba9bfa3e-53e6-11da-9f04-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()


==================== Internet (Whitelisted) ====================




HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKLM - DefaultScope value is missing.


BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab


Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76


Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


========================== Services (Whitelisted) =================


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-04] (AVAST Software)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-13] (AVG Secure Search)


==================== Drivers (Whitelisted) ====================


R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-04] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-04] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-04] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-04] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-04] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-04] ()

R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

S2 ASPI32; No ImagePath

R1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

U1 WS2IFSL;

U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]


==================== NetSvcs (Whitelisted) ===================


NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)


==================== One Month Created Files and Folders ========


2014-01-26 13:53 - 2014-01-26 13:54 - 00017703 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:22 - 2014-01-26 13:22 - 01222656 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-25 21:35 - 2014-01-25 21:35 - 00000845 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


==================== One Month Modified Files and Folders =======


2014-01-26 13:54 - 2014-01-26 13:53 - 00017703 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-26 13:22 - 2014-01-26 13:22 - 01222656 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-26 13:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

2014-01-26 12:00 - 2012-05-10 22:20 - 00000966 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job

2014-01-26 09:55 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-26 02:34 - 2005-08-31 07:17 - 00032568 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-25 23:13 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2005-08-31 07:17 - 01325018 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-25 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

2014-01-25 21:35 - 2014-01-25 21:35 - 00000845 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

2014-01-23 00:13 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

2014-01-23 00:12 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-23 00:12 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-16 14:11 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

2014-01-16 14:10 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

2014-01-16 03:23 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-16 03:23 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

2014-01-16 03:22 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-16 03:22 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

2014-01-16 03:22 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

2014-01-16 03:21 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-04 21:55 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-04 21:55 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

2014-01-04 21:45 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


Some content of TEMP:

====================

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll



==================== Bamital & volsnap Check =================


C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


==================== End Of Log ============================

Link to comment
Share on other sites







Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03

Ran by HP_Administrator (administrator) on CARLINE on 26-01-2014 13:53:55

Running from C:\Documents and Settings\HP_Administrator\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal


The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.



==================== Processes (Whitelisted) ===================


(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft) C:\WINDOWS\arservice.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft) C:\WINDOWS\arpwrmsg.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscGui.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe



==================== Registry (Whitelisted) ==================


HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

HKLM\...\Run: [PCDrProfiler] - [x]

HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [ROC_roc_dec12] - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

HKLM\...\Run: [HF_G_Jul] - "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

HKLM\...\Run: [ROC_ROC_NT] - "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

HKLM\...\Run: [] - [x]

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-04] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\f6708611-49e6-4d39-bc44-6d6acc296e1e.exe /check [181136 2014-01-23] (AVAST Software)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)

HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

MountPoints2: {ba9bfa3e-53e6-11da-9f04-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()


==================== Internet (Whitelisted) ====================




HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKLM - DefaultScope value is missing.


BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab


Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76


Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


========================== Services (Whitelisted) =================


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-04] (AVAST Software)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-13] (AVG Secure Search)


==================== Drivers (Whitelisted) ====================


R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-04] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-04] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-04] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-04] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-04] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-04] ()

R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

S2 ASPI32; No ImagePath

R1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

U1 WS2IFSL;

U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]


==================== NetSvcs (Whitelisted) ===================


NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)


==================== One Month Created Files and Folders ========


2014-01-26 13:53 - 2014-01-26 13:54 - 00017703 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:22 - 2014-01-26 13:22 - 01222656 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-25 21:35 - 2014-01-25 21:35 - 00000845 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


==================== One Month Modified Files and Folders =======


2014-01-26 13:54 - 2014-01-26 13:53 - 00017703 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-26 13:22 - 2014-01-26 13:22 - 01222656 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-26 13:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

2014-01-26 12:00 - 2012-05-10 22:20 - 00000966 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job

2014-01-26 09:55 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-26 02:34 - 2005-08-31 07:17 - 00032568 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-25 23:13 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 23:13 - 2005-08-31 07:17 - 01325018 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-25 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

2014-01-25 21:35 - 2014-01-25 21:35 - 00000845 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-25 13:28 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

2014-01-23 00:13 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

2014-01-23 00:12 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-23 00:12 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-16 14:11 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

2014-01-16 14:10 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

2014-01-16 03:23 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-16 03:23 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

2014-01-16 03:22 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-16 03:22 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

2014-01-16 03:22 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

2014-01-16 03:21 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-04 21:55 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-04 21:55 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-04 21:55 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

2014-01-04 21:45 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay


Some content of TEMP:

====================

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll



==================== Bamital & volsnap Check =================


C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


==================== End Of Log ============================

Link to comment
Share on other sites

# AdwCleaner v3.017 - Report created 26/01/2014 at 14:44:34

# Updated 12/01/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : HP_Administrator - CARLINE

# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\Toolbar Cleaner

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AVG SafeGuard toolbar

File Deleted : C:\Program Files\Mozilla Firefox\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\Software\Toolbar Cleaner

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v

 

[ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1518 octets] - [27/08/2013 14:09:35]

AdwCleaner[R1].txt - [1578 octets] - [28/08/2013 23:22:46]

AdwCleaner[R2].txt - [2228 octets] - [26/01/2014 14:31:44]

AdwCleaner[s0].txt - [2183 octets] - [26/01/2014 14:44:34]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2243 octets] ##########

Link to comment
Share on other sites

Now, Let's try this:

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE.

To read how to save a file:

http://windows.microsoft.com/en-us/windows/save-file#1TC=windows-8

 

It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM\...\Run: [PCDrProfiler] - [x]

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {5777113E-6B9B-4053-A826-91E42D5BF359} URL = http://websearch.ask...37-12471E5F01F0

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

end

Once you save the fixlist.txt next to the FRST icon, Open or double click FRST/FRST64 and press the Fix button just once and wait. Thats all you have to do, there is no dragging or pasting into boxes with this tool.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

     

    -Junkware-Removal-Tool-

     

    Please download Junkware Removal Tool to your desktop.

     

    Vista / 7 / 8 users:

    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

     

    bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

     

    Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:

     

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    In your next reply I need to see

     

    Fixlog.txt

    C:\AdwCleaner[s1].txt

    JRT.txt

    Malwarebytes' Anti-Malware log

     

    You might have to make multiple post to ensure I see all the logs.

     

     

     

Link to comment
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Microsoft Windows XP x86

Ran by HP_Administrator on Sun 01/26/2014 at 15:09:50.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-877228005-2687231834-3398282986-1008\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5777113E-6B9B-4053-A826-91E42D5BF359}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\adawarebp"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/26/2014 at 15:17:26.92

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites

 

Juliet,

 

I think I've done all of the scans you asked me to do, if I have missed any please let me know. Thank you!

 

My computer is still making that weird noise.

 

Thank you!

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.26.06

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Administrator :: CARLINE [administrator]

 

1/26/2014 3:31:57 PM

mbam-log-2014-01-26 (15-31-57).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233413

Time elapsed: 11 minute(s), 17 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to comment
Share on other sites

Were you able to run Fixlog?

 

It might not be malware making a noise on your computer. Sounds like a fan motor.

If this is the case and after we clean your machine, we'll have to start a new topic in one of our different forums.

Link to comment
Share on other sites

No, shouldn't be any need to start over.

 

Farbar Recovery Scan Tool (Icon) should still be on desktop

Copy and paste what I posted in the quote box above and save the file to desktop as fixlist.txt, locate it next to the Farbar Recovery Scan Tool (Icon), once you have done that click on the fix button.

Link to comment
Share on other sites

Thank you, I am going to do this right now and will post if I have any problems doing so. Thank you!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-01-2014 03

Ran by HP_Administrator at 2014-01-26 16:45:32 Run:1

Running from C:\Documents and Settings\HP_Administrator\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Quote

start

HKLM\...\Run: [PCDrProfiler] - [x]

HKCU\...\CurrentVersion\Windows: [Load] K:\CDSETUP.EXE <===== ATTENTION

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {5777113E-6B9B-4053-A826-91E42D5BF359} URL = http://websearch.ask...37-12471E5F01F0

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys

end

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler => Value deleted successfully.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.

"c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261339~1.144\\{16cdf~1\\browse~1.dll" => Value Data not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5777113E-6B9B-4053-A826-91E42D5BF359} => Key not found.

HKCR\Wow6432Node\CLSID\{5777113E-6B9B-4053-A826-91E42D5BF359} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.

HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value deleted successfully.

HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll not found.

"C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys" => File/Directory not found.

 

==== End of Fixlog ====

Link to comment
Share on other sites

it worked!

 

 

What I would like to do next will take quite some time to scan. We do this because the next scanner is very thorough, but needed. Don't be alarmed if it finds a few things, I do expect to see bad files held in quarantine folders.

You can start the scan and check back in an hour or so but do let it finish.

 

Read over the instructions and print them out if you wish....save to note pad to follow along. I don't want it to delete anything just to list what it finds.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~~~~~

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

Hi again Juliet

 

Ok, that scan took awhile like 1 hour and 50 mins or enough time for me to make dinner and get two loads of laundry going! Here are the results.... thank you again!

 

 

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe Win32/Toolbar.Babylon.T application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe Win32/Toolbar.Babylon.T application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe Win32/Toolbar.Babylon.T application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe Win32/Toolbar.Babylon.T application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip Win32/PSWTool.KonBoot.A application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip Win32/PSWTool.KonBoot.A application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip Win32/PSWTool.KonBoot.B application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip Win32/PSWTool.KonBoot.B application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip Win32/PSWTool.KonBoot.A application

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip Win32/PSWTool.KonBoot.A application

C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application

Link to comment
Share on other sites

OK, we have some bad files to delete.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip

C:\Program Files\PDFCreator\message.exe

end

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~

 

Also, please update me how the computer is at the moment.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...