Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29
  1. #11
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.Please post a new FRST Log Joe
    I got as far as Run FRST/FRST64 and it says it's not found. When I went back to Downloads, the ADwCleaner says it was removed and so was JRT.64 although I didn't remove them. FRST is still there but not FRST/FRST64.
    I saved the code box as Fixlist.txt to Desktop and it was there until I went to run FRST/FRST64 and could no longer find Fixlist.txt on Desktop. I went to save it to Desktop again and it said it was still on Desktop and did I want to replace it. At a standstill right now and would appreciate further direction. Thanks.

  2. #12
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Run a scan:

    Open FRST

    Click scan, only 1 log will be created this time called FRST.txt

    Post a new FRST log please.

    Thanks
    Joe

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #13
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
    Ran by Compaq_Owner (administrator) on YOUR-F78BF48CE2 on 18-12-2014 19:56:09
    Running from C:\Documents and Settings\Compaq_Owner\Desktop
    Loaded Profile: Compaq_Owner (Available profiles: Compaq_Owner)
    Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 6
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Company) C:\hp\KBD\KBD.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\ALCXMNTR.EXE
    (Agere Systems) C:\WINDOWS\AGRSMMSG.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
    HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-25] (Hewlett-Packard Company)
    HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2005-04-20] (RealNetworks, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Startup: C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\Compaq Organize.lnk
    ShortcutTarget: Compaq Organize.lnk -> C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (No File)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
    HKU\S-1-5-21-4176980217-1543212696-1864795365-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKU\S-1-5-21-4176980217-1543212696-1864795365-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    HKU\S-1-5-21-4176980217-1543212696-1864795365-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    HKU\S-1-5-21-4176980217-1543212696-1864795365-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKU\S-1-5-21-4176980217-1543212696-1864795365-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    URLSearchHook: HKU\S-1-5-21-4176980217-1543212696-1864795365-1009 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-4176980217-1543212696-1864795365-1009 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4176980217-1543212696-1864795365-1009 -> Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 172.16.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9118we4g.default
    FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.2088 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-12-17]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-12-17]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-10-13] (Apple Computer, Inc.) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2014-12-17] (Sun Microsystems, Inc.)
    S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [114800 2014-12-17] (Mozilla Foundation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
    R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [35840 2004-05-08] (Advanced Micro Devices)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
    R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [239104 2005-01-04] (Silicon Integrated Systems Corporation)
    R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [13184 2005-01-04] (Silicon Integrated Systems Corporation)
    R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2003-07-11] (SiS Corporation)
    S1 intelppm; system32\DRIVERS\intelppm.sys [X]
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-18 09:28 - 2014-12-18 09:38 - 00002858 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\Fixlist.txt
    2014-12-17 20:08 - 2014-12-17 20:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121714-01.dmp
    2014-12-17 08:53 - 2014-12-17 08:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-12-17 07:52 - 2014-12-17 07:51 - 00477616 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\npdeployJava1.dll
    2014-12-17 07:52 - 2014-12-17 07:51 - 00473520 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\deployJava1.dll
    2014-12-17 07:52 - 2014-12-17 07:51 - 00162224 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaws.exe
    2014-12-17 07:52 - 2014-12-17 07:51 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaw.exe
    2014-12-17 07:52 - 2014-12-17 07:51 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\java.exe
    2014-12-17 07:52 - 2014-12-17 07:51 - 00073728 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javacpl.cpl
    2014-12-16 21:32 - 2014-12-16 21:33 - 00000000 _RSHD () C:\cmdcons
    2014-12-16 21:18 - 2014-10-04 19:37 - 00000601 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\Register with HP.url
    2014-12-16 21:16 - 2014-12-16 21:16 - 00001850 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_CPC_PX801AA-ABA SR1520NX NA530_YC_0Pres_QCNH519_E53NAheRED1_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J160_7AMD_8Sempron_91.81_#130113_N10390900_Z11C1048C_G10396330.MRK
    2014-12-16 21:16 - 2004-08-04 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
    2014-12-16 19:40 - 2014-12-16 19:40 - 00896048 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
    2014-12-16 19:16 - 2014-12-18 19:56 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Temp
    2014-12-16 19:16 - 2014-12-17 10:33 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner\ntuser.ini
    2014-12-16 19:16 - 2014-12-16 21:19 - 00000000 ___RD () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Accessories
    2014-12-16 19:16 - 2014-12-16 21:19 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Online Services
    2014-12-16 19:16 - 2014-12-16 21:19 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
    2014-12-16 19:16 - 2014-12-16 21:19 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
    2014-12-16 19:16 - 2014-12-16 21:19 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner
    2014-12-16 19:16 - 2014-10-12 11:50 - 00000800 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Windows Media Player.lnk
    2014-12-16 19:16 - 2014-08-19 14:40 - 00000775 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Explorer.lnk
    2014-12-16 19:16 - 2014-08-19 14:40 - 00000746 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Outlook Express.lnk
    2014-12-16 19:16 - 2005-04-20 04:49 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
    2014-12-16 19:16 - 2005-04-20 04:44 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
    2014-12-16 19:16 - 2005-04-20 04:34 - 00001132 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\Help and Support.lnk
    2014-12-16 19:16 - 2005-04-20 04:29 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\WINDOWS
    2014-12-16 19:16 - 2005-04-20 04:28 - 00001717 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Install WeatherBug.lnk
    2014-12-16 19:16 - 2005-04-20 04:28 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer
    2014-12-16 19:16 - 2005-04-20 04:28 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
    2014-12-16 19:16 - 2005-04-20 04:24 - 00001689 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Install Microsoft Money 2005.lnk
    2014-12-16 19:16 - 2005-04-20 04:18 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\Real
    2014-12-16 19:16 - 2005-04-20 04:15 - 00001809 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Install Adobe Photoshop Album 2.0 Starter Edition.lnk
    2014-12-16 19:16 - 2005-01-26 20:53 - 00001599 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Remote Assistance.lnk
    2014-12-16 19:16 - 2002-10-24 13:51 - 00000231 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Multi-channel Sound Manager.lnk
    2014-12-16 19:14 - 2005-04-20 04:40 - 00001854 _____ () C:\Documents and Settings\All Users\Desktop\MSN.lnk
    2014-12-16 19:09 - 2001-08-17 14:02 - 00009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2014-12-16 19:09 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
    2014-12-14 20:57 - 2014-12-18 19:56 - 00011212 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
    2014-12-14 20:57 - 2014-12-14 20:58 - 00014659 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\Addition.txt
    2014-12-14 20:56 - 2014-12-18 19:56 - 00000000 ____D () C:\FRST
    2014-12-14 20:50 - 2014-12-14 20:50 - 00001411 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\JRT.txt
    2014-12-14 20:45 - 2014-12-14 20:45 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-12-14 20:43 - 2014-12-14 20:44 - 01707646 _____ (Thisisu) C:\Documents and Settings\Compaq_Owner\Desktop\JRT.exe
    2014-12-14 20:05 - 2014-12-14 20:06 - 02166272 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_4.105.exe
    2014-12-14 19:46 - 2014-12-18 09:36 - 01113600 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
    2014-12-07 16:33 - 2014-12-07 16:41 - 00000000 ____D () C:\57cc6429b8d2182ce9b56cba78ea9e46
    2014-12-07 15:27 - 2014-12-07 15:28 - 00000000 ____D () C:\18bc0e126b0f17fefb
    2014-12-07 14:50 - 2014-12-07 14:50 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
    2014-12-07 07:47 - 2004-08-04 04:00 - 00260272 __RSH () C:\cmldr
    2014-12-06 16:27 - 2014-12-06 16:27 - 00000792 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-06 16:18 - 2014-12-06 22:39 - 00000286 _____ () C:\WINDOWS\Tasks\Easy Internet Sign-up.job
    2014-12-04 20:52 - 2014-12-14 20:30 - 00001715 _____ () C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    2014-11-26 15:45 - 2014-12-18 19:50 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-26 15:45 - 2014-12-18 18:14 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 21:07 - 2005-04-20 04:39 - 00001827 _____ () C:\Documents and Settings\All Users\Desktop\AOL®.lnk
    2014-11-20 10:25 - 2014-11-20 10:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-18 19:47 - 2014-04-22 14:42 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf5e7c1b952ab0.job
    2014-12-18 19:30 - 2014-02-10 09:18 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf268420102020.job
    2014-12-18 19:30 - 2005-01-28 01:12 - 00032072 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-18 18:20 - 2005-01-28 01:12 - 00098671 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-18 18:16 - 2013-01-13 06:15 - 00000249 _____ () C:\WINDOWS\system\hpsysdrv.dat
    2014-12-18 18:14 - 2014-04-22 14:42 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf5e7c1adff7f8.job
    2014-12-18 18:14 - 2014-02-10 09:18 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf26841fba4b78.job
    2014-12-18 18:14 - 2013-12-22 19:57 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1553475198-844246670-687601700-1009.job
    2014-12-18 18:14 - 2013-01-13 09:55 - 00000484 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-12-18 18:14 - 2005-01-28 01:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-17 20:08 - 2013-01-24 09:49 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-12-16 21:33 - 2013-01-13 07:55 - 00015830 _____ () C:\WINDOWS\WINNT32.LOG
    2014-12-16 21:33 - 2013-01-13 07:55 - 00000576 _____ () C:\WINDOWS\wsdu.log
    2014-12-16 21:33 - 2005-01-28 01:05 - 00210213 _____ () C:\WINDOWS\setupact.log
    2014-12-16 21:33 - 2005-01-27 20:31 - 00000283 __RSH () C:\boot.ini
    2014-12-16 21:32 - 2013-01-13 07:55 - 00009078 _____ () C:\WINDOWS\DHCPUPG.LOG
    2014-12-16 21:32 - 2013-01-13 07:55 - 00000264 _____ () C:\WINDOWS\UPGRADE.TXT
    2014-12-16 21:32 - 2013-01-13 07:55 - 00000000 ____D () C:\WINDOWS\setup.pss
    2014-12-16 21:32 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-16 21:32 - 2005-01-26 20:56 - 00169096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-12-16 21:31 - 2005-01-27 16:09 - 00000000 ____D () C:\WINDOWS\security
    2014-12-16 21:24 - 2005-04-20 04:31 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2014-12-16 21:24 - 2005-04-20 03:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools
    2014-12-16 21:23 - 2005-04-20 04:37 - 00000000 ____D () C:\Program Files\PC-Doctor for Windows
    2014-12-16 21:23 - 2005-04-20 04:06 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-16 21:22 - 2005-01-28 01:11 - 00544089 _____ () C:\WINDOWS\setupapi.log
    2014-12-16 21:19 - 2005-04-20 04:30 - 00002154 _____ () C:\WINDOWS\system32\ssmute.ini
    2014-12-16 21:18 - 2005-01-26 20:58 - 00441626 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-12-16 21:16 - 2005-01-26 20:56 - 00040093 _____ () C:\WINDOWS\wmsetup.log
    2014-12-16 19:15 - 2005-01-28 01:04 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-16 19:14 - 2005-01-27 15:53 - 00000000 ___HD () C:\hp
    2014-12-16 19:13 - 2013-01-13 07:55 - 00000213 __RSH () C:\BOOT.BAK
    2014-12-16 19:12 - 2005-01-27 16:09 - 00000000 ____D () C:\WINDOWS\Registration
    2014-12-16 19:12 - 2005-01-26 20:56 - 00045409 _____ () C:\WINDOWS\tsoc.log
    2014-12-16 19:12 - 2005-01-26 20:56 - 00014731 _____ () C:\WINDOWS\iis6.log
    2014-12-16 19:12 - 2005-01-26 20:51 - 00003339 _____ () C:\WINDOWS\sessmgr.setup.log
    2014-12-16 19:12 - 2005-01-26 20:51 - 00000641 _____ () C:\WINDOWS\DtcInstall.log
    2014-12-16 19:11 - 2005-01-26 12:47 - 00003364 _____ () C:\WINDOWS\regopt.log
    2014-12-16 19:10 - 2005-01-26 12:47 - 00000231 _____ () C:\WINDOWS\system.ini
    2014-12-16 19:04 - 2005-01-27 16:10 - 00000000 ____D () C:\WINDOWS\system
    2014-12-16 19:03 - 2013-01-13 05:58 - 00000000 ____D () C:\WINDOWS\I386
    2014-12-16 19:01 - 2005-01-27 16:21 - 00000000 ____D () C:\WINDOWS\system32\usmt
    2014-12-16 19:01 - 2005-01-27 15:54 - 00000000 ____D () C:\Program Files\Windows NT
    2014-12-16 19:01 - 2005-01-27 15:54 - 00000000 ____D () C:\Program Files\Outlook Express
    2014-12-16 19:01 - 2005-01-27 15:54 - 00000000 ____D () C:\Program Files\NetMeeting
    2014-12-16 19:01 - 2005-01-27 15:54 - 00000000 ____D () C:\Program Files\Movie Maker
    2014-12-16 19:01 - 2005-01-27 15:53 - 00000000 ____D () C:\Program Files\Messenger
    2014-12-16 19:01 - 2005-01-27 15:53 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-12-16 19:01 - 2005-01-27 15:53 - 00000000 ____D () C:\Program Files\Common Files\Services
    2014-12-16 19:00 - 2005-01-27 16:20 - 00000000 ____D () C:\WINDOWS\system32\ras
    2014-12-16 19:00 - 2005-01-27 16:19 - 00000000 ____D () C:\WINDOWS\system32\npp
    2014-12-16 19:00 - 2005-01-27 16:17 - 00000000 ____D () C:\WINDOWS\system32\icsxml
    2014-12-16 19:00 - 2005-01-27 16:17 - 00000000 ____D () C:\WINDOWS\system32\ias
    2014-12-16 18:58 - 2005-04-20 04:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB883667$
    2014-12-16 18:58 - 2005-04-20 04:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB890175$
    2014-12-16 18:58 - 2005-04-20 04:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB888239$
    2014-12-16 18:58 - 2005-04-20 04:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB885836$
    2014-12-16 18:58 - 2005-04-20 04:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB885835$
    2014-12-16 18:58 - 2005-04-20 04:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB887742$
    2014-12-16 18:58 - 2005-04-20 04:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB885250$
    2014-12-16 18:58 - 2005-04-20 04:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB873339$
    2014-12-16 18:58 - 2005-04-20 04:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB867282$
    2014-12-16 18:58 - 2005-04-20 04:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB891781$
    2014-12-16 18:58 - 2005-04-20 04:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB888113$
    2014-12-16 18:58 - 2005-01-27 16:22 - 00000000 ___RD () C:\WINDOWS\Web
    2014-12-16 18:58 - 2005-01-27 16:20 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2014-12-16 18:58 - 2005-01-27 16:10 - 00000000 ____D () C:\WINDOWS\system32\Com
    2014-12-16 18:58 - 2005-01-27 16:09 - 00000000 ____D () C:\WINDOWS\srchasst
    2014-12-16 18:58 - 2005-01-27 16:09 - 00000000 ____D () C:\WINDOWS\PeerNet
    2014-12-16 18:58 - 2005-01-27 16:07 - 00000000 ____D () C:\WINDOWS\msagent
    2014-12-16 18:58 - 2005-01-27 16:07 - 00000000 ____D () C:\WINDOWS\Media
    2014-12-16 18:58 - 2005-01-27 16:06 - 00000000 ____D () C:\WINDOWS\ime
    2014-12-16 18:58 - 2005-01-27 15:56 - 00000000 ____D () C:\WINDOWS\Help
    2014-12-16 18:58 - 2005-01-27 15:54 - 00000000 ____D () C:\WINDOWS\Cursors
    2014-12-16 18:58 - 2005-01-27 13:20 - 00000000 ____D () C:\WINDOWS\addins
    2014-12-16 18:57 - 2013-01-13 05:50 - 00000000 __RHD () C:\MSOCache
    2014-12-16 18:57 - 2013-01-13 05:50 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
    2014-12-16 18:57 - 2013-01-13 05:50 - 00000000 ___RD () C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
    2014-12-16 18:57 - 2013-01-13 05:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
    2014-12-16 18:57 - 2013-01-13 05:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
    2014-12-14 20:17 - 2014-01-17 13:17 - 00000000 ____D () C:\AdwCleaner
    2014-12-14 19:34 - 2014-08-19 15:28 - 00000075 _____ () C:\Documents and Settings\Compaq_Owner\LuResult.txt
    2014-12-14 13:49 - 2013-12-22 19:57 - 00000300 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1553475198-844246670-687601700-1009.job
    2014-12-10 19:59 - 2014-08-20 07:48 - 00001484 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
    2014-12-10 19:59 - 2013-11-20 20:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
    2014-12-10 19:59 - 2013-02-20 13:31 - 00000000 ____D () C:\Program Files\DivX
    2014-12-06 16:28 - 2014-09-29 13:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-12-06 16:27 - 2014-10-24 19:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-11-26 15:51 - 2014-01-21 17:08 - 00001821 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-11-20 16:23 - 2014-08-20 12:55 - 00039264 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\UninstallRC-6750491.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

  5. #14
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    OK,

    I just want to make sure you have it on the desktop and you do

    Now lets try it again,

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Don't copy the word code just what's inside the box.

    Code:
    start
    CloseProcesses:
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    ShellExecuteHooks: - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File [ ]
    S1 intelppm; system32\DRIVERS\intelppm.sys [X]
    Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    ShortcutTarget: Compaq Organize.lnk -> C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (No File)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    2014-12-13 12:48 - 2005-04-20 04:52 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
    2014-12-07 14:54 - 2014-12-07 14:54 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\AVG2015
    2014-12-07 14:50 - 2014-12-14 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-12-07 14:50 - 2014-12-07 14:50 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
    2014-12-07 14:44 - 2014-12-07 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2014-12-07 14:35 - 2014-12-07 15:27 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2015
    2014-12-14 20:18 - 2013-01-13 09:55 - 00000484 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Symantec
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
    2014-12-14 19:12 - 2013-01-13 23:39 - 00000000 ____D () C:\Program Files\AVG
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\UninstallRC-6750491.dll
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers
    
    Hosts:
    Emptytemp:
    reboot:
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST and press the Fix button just once and wait.


    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Post the fix log.txt, it should be on the desktop

  6. The Following User Says Thank You to zep516 For This Useful Post:


  7. #15
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Don't copy the word code just what's inside the box.Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST and press the Fix button just once and wait.

    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.Rhe tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.Post the fix log.txt, it should be on the desktop

    I don't know what I'm doing wrong. I've gone through this about ten times. I copy what is in the code box. I paste it in Notepad. I click on File and then on Save As. Then I click on Desktop and type Fixlist.txt in the Name. I click on Save. It says "the file already exists, do you want to replace it?" I click "Yes". I then go to run FST and I click on 'Fix" and it says that no Fixlist.txt exists so I go back and do the same thing again... and again... and again. What am I doing wrong?

  8. #16
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Hello,

    Don't get frustrated. The first time someone told me to go to the C drive I kept pressing C on the keyboard and nothing was happening


    *************************
    start
    CloseProcesses:
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    ShellExecuteHooks: - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File [ ]
    S1 intelppm; system32\DRIVERS\intelppm.sys [X]
    Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    ShortcutTarget: Compaq Organize.lnk -> C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (No File)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    2014-12-13 12:48 - 2005-04-20 04:52 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
    2014-12-07 14:54 - 2014-12-07 14:54 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\AVG2015
    2014-12-07 14:50 - 2014-12-14 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-12-07 14:50 - 2014-12-07 14:50 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
    2014-12-07 14:44 - 2014-12-07 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2014-12-07 14:35 - 2014-12-07 15:27 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2015
    2014-12-14 20:18 - 2013-01-13 09:55 - 00000484 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Symantec
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
    2014-12-14 19:12 - 2013-01-13 23:39 - 00000000 ____D () C:\Program Files\AVG
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\UninstallRC-6750491.dll
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers

    Hosts:
    Emptytemp:
    reboot:
    end

    *************************************************************************

    OK. So you're coping all the text above between the stars,

    You then open notepad and paste it in, Then click on file in notepad choose save, then in the file namebox (File name) at the bottom. clear anything out of there first so the box is blank and type in Fixlist.txt then click save, save it to the desktop. Then open FRST and hit fix.

    If you can't get it we will try another tool called OTL.

  9. The Following User Says Thank You to zep516 For This Useful Post:


  10. #17
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    Hello,Don't get frustrated. The first time someone told me to go to the C drive I kept pressing C on the keyboard and nothing was happening OK. So you're coping all the text above between the stars,You then open notepad and paste it in, Then click on file in notepad choose save, then in the file namebox (File name) at the bottom. clear anything out of there first so the box is blank and type in Fixlist.txt then click save, save it to the desktop. Then open FRST and hit fix.If you can't get it we will try another tool called OTL.

    lol Okay. I was doing exactly that, and today did it again, several times. It kept saying no Fixlist.txt found. When I did it for the fifth time it started and went through the fix. My computer booted and I had to search to find where the log was. This one is dated today so I think this is it:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2014
    Ran by Compaq_Owner at 2014-12-20 13:17:37 Run:1
    Running from C:\Documents and Settings\Compaq_Owner\Desktop
    Loaded Profile: Compaq_Owner (Available profiles: Compaq_Owner)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    CloseProcesses:
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    ShellExecuteHooks: - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File [ ]
    S1 intelppm; system32\DRIVERS\intelppm.sys [X]
    Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    ShortcutTarget: Compaq Organize.lnk -> C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (No File)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2282284664-4155394860-2380723634-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    2014-12-13 12:48 - 2005-04-20 04:52 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
    2014-12-07 14:54 - 2014-12-07 14:54 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\AVG2015
    2014-12-07 14:50 - 2014-12-14 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-12-07 14:50 - 2014-12-07 14:50 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
    2014-12-07 14:44 - 2014-12-07 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2014-12-07 14:35 - 2014-12-07 15:27 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2015
    2014-12-14 20:18 - 2013-01-13 09:55 - 00000484 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Symantec
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-14 20:18 - 2005-04-20 04:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
    2014-12-14 19:12 - 2013-01-13 23:39 - 00000000 ____D () C:\Program Files\AVG
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\UninstallRC-6750491.dll
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers

    Hosts:
    Emptytemp:
    reboot:
    end
    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} => Value not found.
    HKCR\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} => Key not found.
    intelppm => Service deleted successfully.
    C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => Moved successfully.
    C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-2282284664-4155394860-2380723634-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    HKU\S-1-5-21-2282284664-4155394860-2380723634-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value not found.
    "HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
    "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
    "HKCR\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
    "C:\Documents and Settings\Compaq_Owner\Application Data\Symantec" => File/Directory not found.
    "C:\Documents and Settings\Compaq_Owner\Application Data\AVG2015" => File/Directory not found.
    "C:\Documents and Settings\All Users\Start Menu\Programs\AVG" => File/Directory not found.
    C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software => Moved successfully.
    "C:\Documents and Settings\All Users\Application Data\AVG2015" => File/Directory not found.
    "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2015" => File/Directory not found.
    "C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job" => File/Directory not found.
    "C:\Program Files\Symantec" => File/Directory not found.
    C:\Program Files\Common Files\Symantec Shared => Moved successfully.
    "C:\Documents and Settings\All Users\Application Data\Symantec" => File/Directory not found.
    "C:\Program Files\AVG" => File/Directory not found.
    "C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll" => File/Directory not found.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\UninstallRC-6750491.dll => Moved successfully.

    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========

    'bitsadmin' is not recognized as an internal or external command,
    operable program or batch file.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 588 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

  11. #18
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Very good,

    I want to see a hijackthis log,

    Download HijackThis

    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic


    Thanks
    Joe

  12. The Following User Says Thank You to zep516 For This Useful Post:


  13. #19
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    .......I want to see a hijackthis log,


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 4:27:04 PM, on 12/20/2014
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    FIREFOX: 34.0.5 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

    --
    End of file - 6045 bytes

  14. #20
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,181
    Points
    1308

    Default

    Hello,

    Open Hijackthis this, this time do a system scan only.

    Place a check mark in the following entries:

    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    • Click fix checked
    • Close Hijackthis
    • Reboot


    Post a new Hijackthis log

  15. The Following User Says Thank You to zep516 For This Useful Post:


Page 2 of 3 FirstFirst 123 LastLast