Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default my computer is very slow and freezes up a lot , also the hard drive revs up .

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/28/2015 at 03:12 PM

    Application Version : 6.0.1194
    Database Version : 11895

    Scan type : Complete Scan
    Total Scan Time : 01:52:00

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 702
    Memory threats detected : 0
    Registry items scanned : 36939
    Registry threats detected : 0
    File items scanned : 58763
    File threats detected : 0

    ============
    End of Log
    ============
    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 5/28/2015
    Scan Time: 3:26:54 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.28.07
    Rootkit Database: v2015.05.24.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: HP_Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 773637
    Time Elapsed: 59 min, 18 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 4:47:41 PM, on 5/28/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21376)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Download Web Browser - Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?')
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1306033869237
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9033 bytes
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 6:20:06 PM, on 5/28/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21376)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Download Web Browser - Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?')
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1306033869237
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9307 bytes
    i think this is all the logs i have at this time , if you need more or different one please let me know.
    thanks
    rroberts

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    First open hijackthis
    Do a system scan only
    Place a check mark in the following entries:

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-771800031-3871854053-1600153569-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

    • Click Fix checked
    • Close Hijackthis
    • Reboot


    Next

    Everything gets download to the desktop.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
    • Please copy and paste log back here.[/*]
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]
    Last edited by zep516; 05-28-2015 at 09:02 PM.

  3. #3
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    ok here is the first one,
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
    Ran by HP_Administrator (administrator) on FAMILYROOM on 29-05-2015 15:53:20
    Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & jenuma & ASPNET & Administrator)
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 7 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-10] (Hewlett-Packard Company)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM\...\Run: [AGRSMMSG] => AGRSMMSG.exe
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010240 2006-03-08] (Realtek Semiconductor Corp.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-02-10] (ATI Technologies Inc.)
    Winlogon\Notify\WBSrv: C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2007-09-23] (Stardock Corporation)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll => C:\WINDOWS\system32\wbsys.dll [42672 2007-07-11] (Stardock.Net, Inc)
    Startup: C:\Documents and Settings\jenuma.FAMILYROOM\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    Startup: C:\Documents and Settings\jenuma.FAMILYROOM\Start Menu\Programs\Startup\Xpadder.lnk [2010-08-18]
    ShortcutTarget: Xpadder.lnk -> C:\Documents and Settings\jenuma.FAMILYROOM\My Documents\Downloads\Xpadder [5.7]\Xpadder [5.7].exe ()
    Startup: C:\Documents and Settings\leonette\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    Startup: C:\Documents and Settings\sarah.FAMILYROOM\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-23] (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HP« Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.44.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default
    FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2004-01-13] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\searchplugins\yahoo-avast.xml [2014-12-30]
    FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\jid1-uabu5A9hduqzCw@jetpack [2014-12-12]
    FF Extension: NetVideoHunter - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\netvideohunter@netvideohunter(2).com [2014-12-11]
    FF Extension: SpeedFox - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\jid1-uabu5A9hduqzCw@jetpack.xpi [2014-12-11]
    FF Extension: YouTube to MP3 - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-12-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-13]
    FF HKLM\...\Firefox\Extensions: [{04D6A72A-2719-4F98-8786-118F54C54289}] - C:\Documents and Settings\leonette\Local Settings\Application Data\{04D6A72A-2719-4F98-8786-118F54C54289}
    FF HKLM\...\Firefox\Extensions: [{B3FA5870-FFD8-4CD5-878B-2F7359C4FAC5}] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{B3FA5870-FFD8-4CD5-878B-2F7359C4FAC5}
    FF HKLM\...\Firefox\Extensions: [{3D77D09B-48CF-4FB5-A470-718DAD35DDE7}] - C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\{3D77D09B-48CF-4FB5-A470-718DAD35DDE7}
    FF HKLM\...\Firefox\Extensions: [{9362548B-B9E0-4496-A839-EB465155A573}] - C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\{9362548B-B9E0-4496-A839-EB465155A573}
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-13]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
    CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
    CHR Extension: (Adblock Plus) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-02]
    CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
    CHR Extension: (Bookmark Manager) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04]
    CHR Extension: (Adblock Pro) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-02]
    CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
    StartMenuInternet: chrome.exe - C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-10] (ATI Technologies Inc.) [File not signed]
    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2010-10-10] (Macrovision Europe Ltd.) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-10-03] (Sun Microsystems, Inc.)
    R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-05-09] (Hewlett-Packard Company) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    R2 MSFtpsvc; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-13] (Microsoft Corporation)
    S2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-13] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ActionReplayDS; C:\WINDOWS\System32\Drivers\ActionReplayDS.sys [29184 2011-03-15] (Thesycon GmbH, Germany) [File not signed]
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
    R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
    R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [149120 2005-03-18] (Hauppauge Computer Works, Inc.)
    R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
    R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
    R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 RzSynapse; C:\WINDOWS\System32\DRIVERS\RzSynapse.sys [103424 2011-03-31] (Razer USA Ltd) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-10-02] (Duplex Secure Ltd.)
    S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [11480 2007-03-28] (Symantec Corporation)
    S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [171928 2007-03-28] (Symantec Corporation)
    S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [37016 2007-03-28] (Symantec Corporation)
    S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [47192 2007-03-28] (Symantec Corporation)
    S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [18904 2007-03-28] (Symantec Corporation)
    R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266552 2007-03-28] (Symantec Corporation)
    R0 Teefer; C:\WINDOWS\System32\Drivers\Teefer.sys [55888 2005-06-15] (Sygate Technologies, Inc.) [File not signed]
    R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [11914 2005-06-15] (Sygate Technologies, Inc.) [File not signed]
    S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 PCDRSRVC; system32\drivers\PCDRSRVC.pkms [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100826.001\symidsco.sys [X]
    U1 WS2IFSL; No ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 15:52 - 2015-05-29 15:53 - 00000000 ____D () C:\FRST
    2015-05-28 11:02 - 2015-05-28 11:02 - 00058192 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2015-05-28 11:00 - 2015-05-28 11:00 - 00215264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-25 17:43 - 2015-05-25 17:43 - 00000000 ____D () C:\Program Files\avast software
    2015-05-13 13:41 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-13 13:34 - 2015-05-13 13:34 - 00000344 _____ () C:\Documents and Settings\HP_Administrator\My Documents\cc_20150513_133412.reg
    2015-05-08 12:48 - 2015-05-08 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2491683$
    2015-05-06 20:14 - 2015-05-06 20:14 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-05-06 20:13 - 2004-08-10 07:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxsclntR.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxscfgwz.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxsroute.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxssend.exe
    2015-05-06 20:13 - 2004-08-10 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
    2015-05-06 20:13 - 2004-08-10 07:00 - 00001793 _____ () C:\WINDOWS\system32\fxsperf.ini
    2015-05-06 20:13 - 2004-08-10 07:00 - 00001361 _____ () C:\WINDOWS\system32\fxscount.h

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 15:53 - 2010-09-20 23:14 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\temp
    2015-05-29 15:43 - 2012-09-27 21:57 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-05-29 15:39 - 2005-01-27 16:50 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
    2015-05-29 15:38 - 2015-02-28 00:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-29 15:38 - 2014-12-11 11:22 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-05-29 15:38 - 2005-06-03 12:28 - 00000000 ____D () C:\WINDOWS\system32\Lang
    2015-05-29 15:37 - 2005-01-27 21:16 - 00000000 ____D () C:\WINDOWS\Registration
    2015-05-29 15:36 - 2010-10-03 00:24 - 01559108 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-29 15:35 - 2010-10-03 00:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-05-29 15:35 - 2010-10-03 00:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-05-29 15:34 - 2005-01-28 04:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-29 15:33 - 2011-04-15 07:06 - 00262144 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
    2015-05-29 15:33 - 2010-10-03 00:26 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-05-29 15:33 - 2008-11-30 16:57 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini
    2015-05-29 15:33 - 2005-08-16 15:36 - 00000248 ____C () C:\WINDOWS\system\hpsysdrv.dat
    2015-05-29 15:30 - 2011-10-12 15:15 - 00001000 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010UA.job
    2015-05-29 15:26 - 2010-12-15 11:40 - 00001004 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009UA.job
    2015-05-29 15:07 - 2015-01-26 13:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-29 15:05 - 2015-02-28 00:54 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-28 18:30 - 2011-10-12 15:15 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010Core.job
    2015-05-28 17:53 - 2015-03-10 22:06 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-28 17:51 - 2010-08-22 16:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-05-28 17:32 - 2005-01-28 04:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-05-27 19:32 - 2008-11-30 16:57 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
    2015-05-26 18:07 - 2014-12-18 21:56 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-05-25 21:26 - 2010-12-15 11:40 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009Core.job
    2015-05-25 18:11 - 2015-02-28 00:55 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-05-13 13:41 - 2015-03-07 03:15 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-13 13:41 - 2015-03-07 03:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-13 13:41 - 2015-03-07 03:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-05-13 13:30 - 2006-01-11 22:59 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-12 12:33 - 2014-12-10 19:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-12 12:17 - 2008-12-14 19:34 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-09 17:03 - 2014-12-30 19:23 - 00000693 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2015-05-09 17:03 - 2010-08-20 20:34 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-08 15:00 - 2014-12-11 11:22 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-05-08 12:45 - 2005-06-03 12:10 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
    2015-05-06 20:20 - 2005-01-27 21:16 - 00000000 ____D () C:\WINDOWS\security
    2015-05-06 20:13 - 2005-01-28 04:47 - 00817400 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-06 20:13 - 2005-01-27 16:38 - 00000000 ____D () C:\WINDOWS\addins
    2015-05-02 16:19 - 2006-02-14 22:53 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

    ==================== Files in the root of some directories =======

    2005-12-03 12:54 - 2010-11-10 14:03 - 0015640 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    2008-11-30 16:58 - 2012-04-19 22:54 - 0103424 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-11-30 16:58 - 2005-12-03 13:02 - 0000139 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
    2009-07-12 13:01 - 2010-07-28 13:28 - 0005632 __SHC () C:\Documents and Settings\All Users\Thumbs.db

    Files to move or delete:
    ====================
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat


    Some files in TEMP:
    ====================
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\contentDATs.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\hpzmsi01.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\hpzscr01.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\IadHide5.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\mPlayer.dj.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\SecurityScan_Release.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\swt-gdip-win32-3448.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\swt-win32-3448.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\{DEB58AE1-1EA2-40FD-830B-F07EBC104674}-chrome_updater.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of log ============================
    second one ,
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by HP_Administrator at 2015-05-29 15:55:13
    Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-771800031-3871854053-1600153569-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-771800031-3871854053-1600153569-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\FAMILYROOM\ASPNET
    Guest (S-1-5-21-771800031-3871854053-1600153569-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-771800031-3871854053-1600153569-1007 - Limited - Disabled)
    HP_Administrator (S-1-5-21-771800031-3871854053-1600153569-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
    IUSR_FAMILYROOM (S-1-5-21-771800031-3871854053-1600153569-1012 - Limited - Enabled)
    IWAM_FAMILYROOM (S-1-5-21-771800031-3871854053-1600153569-1013 - Limited - Enabled)
    jenuma (S-1-5-21-771800031-3871854053-1600153569-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\jenuma.FAMILYROOM
    SUPPORT_388945a0 (S-1-5-21-771800031-3871854053-1600153569-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-771800031-3871854053-1600153569-1006 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
    ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
    ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0210.2338 - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5140 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.593.100-100210a-095952E-ATI - )
    Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Citrix online plug-in (Web) (HKLM\...\{B124E6D3-91B4-4E3C-AD03-BA959B223537}) (Version: 12.0.3.6 - Citrix Systems, Inc.)
    DiskAid 4.11 (HKLM\...\DiskAid_is1) (Version: 4.11 - DigiDNA)
    Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
    Help and Support Additions (HKLM\...\Help and Support Additions) (Version: 3.0.5 - Hewlett Packard)
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 1.0.2 - Hewlett-Packard)
    HP Deskjet Printer Preload (HKLM\...\{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}) (Version: 10.1.0 - Hewlett-Packard Company)
    HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version: - HP)
    HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )
    InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version: - )
    InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    KBD (HKLM\...\KBD) (Version: - )
    LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.7 (HKLM\...\Wudf01007) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
    muvee autoProducer 4.0 (HKLM\...\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}) (Version: 4.00.050 - muvee Technologies)
    muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
    Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
    PC-Doctor for Windows (HKLM\...\InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}) (Version: 1.06.005 - PC-Doctor, Inc.)
    Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    PS2 (HKLM\...\PS2) (Version: - )
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.05 - Realtek Semiconductor Corp.)
    Remove Quicken New User Edition installer (HKLM\...\Quicken_NUE) (Version: - )
    Safari (HKLM\...\{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}) (Version: 3.525.28.1 - Apple Inc.)
    SlimDX Redistributable (March 2009) (HKLM\...\{D5395E5F-4D45-4665-8F00-234FA33678AF}) (Version: 2.0.7.41 - SlimDX Group)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
    Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
    Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Stanza (HKLM\...\Stanza) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: - )
    Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) (HKLM\...\9722CA1E8F72F362E93CBEC75A707FDABFC8D880) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
    Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    Could not list restore points
    Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-10 13:00 - 2015-03-10 15:59 - 00000141 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009Core.job => C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009UA.job => C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010Core.job => C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010UA.job => C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-26 12:23 - 2015-04-23 14:39 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
    2015-03-26 12:23 - 2015-04-23 14:39 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
    2015-05-29 15:39 - 2015-05-29 15:39 - 02950656 _____ () C:\Program Files\Alwil Software\Avast5\defs\15052901\algo.dll
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2004-08-10 06:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-10 06:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-10 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2004-08-10 13:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
    2004-08-10 13:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
    2004-08-10 06:00 - 2011-10-14 18:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
    2005-06-03 12:19 - 2002-09-23 16:11 - 00040960 _____ () C:\WINDOWS\system32\hcwXDS.dll
    2015-03-13 16:07 - 2015-03-26 12:24 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\flirt-fever.de -> flirt-fever.de - flirten. chatten. daten - Singles Chat Partnersuche Kontaktanzeigen Singleb÷rse
    IE restricted site: HKU\.DEFAULT\...\softvisia.com -> avast.softvisia.com
    IE restricted site: HKU\.DEFAULT\...\xxx.com -> www.xxx.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.44.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
    DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\mqsvc.exe] => Enabled:Message Queuing
    StandardProfile\AuthorizedApplications: [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe] => Enabled:BackWeb for Pavilion
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mqsvc.exe] => Disabled:Message Queuing
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2201) (User: )
    Description: Message Queuing Triggers initialization failed (Error: 0x80110401).

    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2215) (User: )
    Description: The Triggers transactional component could not be registered in COM+ (Error: 0x80110401).

    Error: (05/29/2015 03:35:42 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

    Error: (05/29/2015 03:35:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (05/29/2015 03:35:42 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/29/2015 00:34:17 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/29/2015 00:34:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.44.2 for the Network Card with network address 0013D410A4CA has been
    denied by the DHCP server 192.168.44.1 (The DHCP Server sent a DHCPNACK message).

    Error: (05/28/2015 05:38:29 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/28/2015 05:22:50 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/28/2015 05:21:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (05/28/2015 05:20:02 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error: (05/28/2015 05:06:25 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
    in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (05/28/2015 05:01:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (05/28/2015 05:01:05 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}


    Microsoft Office:
    =========================
    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2201) (User: )
    Description: 0x80110401

    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2215) (User: )
    Description: 0x80110401

    Error: (05/29/2015 03:35:42 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description:

    Error: (05/29/2015 03:35:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description:

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) D CPU 3.00GHz
    Percentage of memory in use: 51%
    Total physical RAM: 1022.41 MB
    Available physical RAM: 495.92 MB
    Total Pagefile: 2459.72 MB
    Available Pagefile: 2049.86 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.49 MB

    ==================== Drives ================================

    Drive c: (HP_PAVILION) (Fixed) (Total:224.87 GB) (Free:63.85 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:1.38 GB) FAT32 ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
    Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)
    Partition 2: (Active) - (Size=224.9 GB) - (Type=07 NTFS)

    ==================== End of log ============================
    thanks ,
    rroberts

  4. #4
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    ok here is the first one,
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
    Ran by HP_Administrator (administrator) on FAMILYROOM on 29-05-2015 15:53:20
    Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & jenuma & ASPNET & Administrator)
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 7 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-10] (Hewlett-Packard Company)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM\...\Run: [AGRSMMSG] => AGRSMMSG.exe
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010240 2006-03-08] (Realtek Semiconductor Corp.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-02-10] (ATI Technologies Inc.)
    Winlogon\Notify\WBSrv: C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2007-09-23] (Stardock Corporation)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll => C:\WINDOWS\system32\wbsys.dll [42672 2007-07-11] (Stardock.Net, Inc)
    Startup: C:\Documents and Settings\jenuma.FAMILYROOM\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    Startup: C:\Documents and Settings\jenuma.FAMILYROOM\Start Menu\Programs\Startup\Xpadder.lnk [2010-08-18]
    ShortcutTarget: Xpadder.lnk -> C:\Documents and Settings\jenuma.FAMILYROOM\My Documents\Downloads\Xpadder [5.7]\Xpadder [5.7].exe ()
    Startup: C:\Documents and Settings\leonette\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    Startup: C:\Documents and Settings\sarah.FAMILYROOM\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk [2011-03-26]
    ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-23] (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HP« Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.44.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default
    FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2004-01-13] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\searchplugins\yahoo-avast.xml [2014-12-30]
    FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\jid1-uabu5A9hduqzCw@jetpack [2014-12-12]
    FF Extension: NetVideoHunter - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\netvideohunter@netvideohunter(2).com [2014-12-11]
    FF Extension: SpeedFox - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\jid1-uabu5A9hduqzCw@jetpack.xpi [2014-12-11]
    FF Extension: YouTube to MP3 - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\thzy4tbt.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-12-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-13]
    FF HKLM\...\Firefox\Extensions: [{04D6A72A-2719-4F98-8786-118F54C54289}] - C:\Documents and Settings\leonette\Local Settings\Application Data\{04D6A72A-2719-4F98-8786-118F54C54289}
    FF HKLM\...\Firefox\Extensions: [{B3FA5870-FFD8-4CD5-878B-2F7359C4FAC5}] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{B3FA5870-FFD8-4CD5-878B-2F7359C4FAC5}
    FF HKLM\...\Firefox\Extensions: [{3D77D09B-48CF-4FB5-A470-718DAD35DDE7}] - C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\{3D77D09B-48CF-4FB5-A470-718DAD35DDE7}
    FF HKLM\...\Firefox\Extensions: [{9362548B-B9E0-4496-A839-EB465155A573}] - C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\{9362548B-B9E0-4496-A839-EB465155A573}
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-13]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
    CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
    CHR Extension: (Adblock Plus) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-02]
    CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
    CHR Extension: (Bookmark Manager) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04]
    CHR Extension: (Adblock Pro) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-02]
    CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
    StartMenuInternet: chrome.exe - C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-10] (ATI Technologies Inc.) [File not signed]
    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2010-10-10] (Macrovision Europe Ltd.) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-10-03] (Sun Microsystems, Inc.)
    R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-05-09] (Hewlett-Packard Company) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    R2 MSFtpsvc; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-13] (Microsoft Corporation)
    S2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-13] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ActionReplayDS; C:\WINDOWS\System32\Drivers\ActionReplayDS.sys [29184 2011-03-15] (Thesycon GmbH, Germany) [File not signed]
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
    R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
    R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [149120 2005-03-18] (Hauppauge Computer Works, Inc.)
    R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
    R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
    R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 RzSynapse; C:\WINDOWS\System32\DRIVERS\RzSynapse.sys [103424 2011-03-31] (Razer USA Ltd) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-10-02] (Duplex Secure Ltd.)
    S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [11480 2007-03-28] (Symantec Corporation)
    S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [171928 2007-03-28] (Symantec Corporation)
    S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [37016 2007-03-28] (Symantec Corporation)
    S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [47192 2007-03-28] (Symantec Corporation)
    S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [18904 2007-03-28] (Symantec Corporation)
    R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266552 2007-03-28] (Symantec Corporation)
    R0 Teefer; C:\WINDOWS\System32\Drivers\Teefer.sys [55888 2005-06-15] (Sygate Technologies, Inc.) [File not signed]
    R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [11914 2005-06-15] (Sygate Technologies, Inc.) [File not signed]
    S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 PCDRSRVC; system32\drivers\PCDRSRVC.pkms [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100826.001\symidsco.sys [X]
    U1 WS2IFSL; No ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 15:52 - 2015-05-29 15:53 - 00000000 ____D () C:\FRST
    2015-05-28 11:02 - 2015-05-28 11:02 - 00058192 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2015-05-28 11:00 - 2015-05-28 11:00 - 00215264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-25 17:43 - 2015-05-25 17:43 - 00000000 ____D () C:\Program Files\avast software
    2015-05-13 13:41 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-13 13:34 - 2015-05-13 13:34 - 00000344 _____ () C:\Documents and Settings\HP_Administrator\My Documents\cc_20150513_133412.reg
    2015-05-08 12:48 - 2015-05-08 12:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2491683$
    2015-05-06 20:14 - 2015-05-06 20:14 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-05-06 20:13 - 2004-08-10 07:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxsclntR.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxscfgwz.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxsroute.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
    2015-05-06 20:13 - 2004-08-10 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\fxssend.exe
    2015-05-06 20:13 - 2004-08-10 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
    2015-05-06 20:13 - 2004-08-10 07:00 - 00001793 _____ () C:\WINDOWS\system32\fxsperf.ini
    2015-05-06 20:13 - 2004-08-10 07:00 - 00001361 _____ () C:\WINDOWS\system32\fxscount.h

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 15:53 - 2010-09-20 23:14 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\temp
    2015-05-29 15:43 - 2012-09-27 21:57 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-05-29 15:39 - 2005-01-27 16:50 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
    2015-05-29 15:38 - 2015-02-28 00:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-29 15:38 - 2014-12-11 11:22 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-05-29 15:38 - 2005-06-03 12:28 - 00000000 ____D () C:\WINDOWS\system32\Lang
    2015-05-29 15:37 - 2005-01-27 21:16 - 00000000 ____D () C:\WINDOWS\Registration
    2015-05-29 15:36 - 2010-10-03 00:24 - 01559108 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-29 15:35 - 2010-10-03 00:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-05-29 15:35 - 2010-10-03 00:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-05-29 15:34 - 2005-01-28 04:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-29 15:33 - 2011-04-15 07:06 - 00262144 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
    2015-05-29 15:33 - 2010-10-03 00:26 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-05-29 15:33 - 2008-11-30 16:57 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini
    2015-05-29 15:33 - 2005-08-16 15:36 - 00000248 ____C () C:\WINDOWS\system\hpsysdrv.dat
    2015-05-29 15:30 - 2011-10-12 15:15 - 00001000 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010UA.job
    2015-05-29 15:26 - 2010-12-15 11:40 - 00001004 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009UA.job
    2015-05-29 15:07 - 2015-01-26 13:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-29 15:05 - 2015-02-28 00:54 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-28 18:30 - 2011-10-12 15:15 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010Core.job
    2015-05-28 17:53 - 2015-03-10 22:06 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-28 17:51 - 2010-08-22 16:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-05-28 17:32 - 2005-01-28 04:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-05-27 19:32 - 2008-11-30 16:57 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
    2015-05-26 18:07 - 2014-12-18 21:56 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-05-25 21:26 - 2010-12-15 11:40 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009Core.job
    2015-05-25 18:11 - 2015-02-28 00:55 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-05-13 13:41 - 2015-03-07 03:15 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-13 13:41 - 2015-03-07 03:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-13 13:41 - 2015-03-07 03:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-05-13 13:30 - 2006-01-11 22:59 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-12 12:33 - 2014-12-10 19:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-12 12:17 - 2008-12-14 19:34 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-09 17:03 - 2014-12-30 19:23 - 00000693 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2015-05-09 17:03 - 2010-08-20 20:34 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-08 15:00 - 2014-12-11 11:22 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-05-08 12:45 - 2005-06-03 12:10 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
    2015-05-06 20:20 - 2005-01-27 21:16 - 00000000 ____D () C:\WINDOWS\security
    2015-05-06 20:13 - 2005-01-28 04:47 - 00817400 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-06 20:13 - 2005-01-27 16:38 - 00000000 ____D () C:\WINDOWS\addins
    2015-05-02 16:19 - 2006-02-14 22:53 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

    ==================== Files in the root of some directories =======

    2005-12-03 12:54 - 2010-11-10 14:03 - 0015640 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    2008-11-30 16:58 - 2012-04-19 22:54 - 0103424 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-11-30 16:58 - 2005-12-03 13:02 - 0000139 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
    2009-07-12 13:01 - 2010-07-28 13:28 - 0005632 __SHC () C:\Documents and Settings\All Users\Thumbs.db

    Files to move or delete:
    ====================
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat


    Some files in TEMP:
    ====================
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\contentDATs.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\hpzmsi01.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\hpzscr01.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\IadHide5.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\mPlayer.dj.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\SecurityScan_Release.exe
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\swt-gdip-win32-3448.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\swt-win32-3448.dll
    C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\temp\{DEB58AE1-1EA2-40FD-830B-F07EBC104674}-chrome_updater.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of log ============================
    second one ,
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by HP_Administrator at 2015-05-29 15:55:13
    Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-771800031-3871854053-1600153569-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-771800031-3871854053-1600153569-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\FAMILYROOM\ASPNET
    Guest (S-1-5-21-771800031-3871854053-1600153569-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-771800031-3871854053-1600153569-1007 - Limited - Disabled)
    HP_Administrator (S-1-5-21-771800031-3871854053-1600153569-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
    IUSR_FAMILYROOM (S-1-5-21-771800031-3871854053-1600153569-1012 - Limited - Enabled)
    IWAM_FAMILYROOM (S-1-5-21-771800031-3871854053-1600153569-1013 - Limited - Enabled)
    jenuma (S-1-5-21-771800031-3871854053-1600153569-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\jenuma.FAMILYROOM
    SUPPORT_388945a0 (S-1-5-21-771800031-3871854053-1600153569-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-771800031-3871854053-1600153569-1006 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
    ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
    ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0210.2338 - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5140 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.593.100-100210a-095952E-ATI - )
    Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Citrix online plug-in (Web) (HKLM\...\{B124E6D3-91B4-4E3C-AD03-BA959B223537}) (Version: 12.0.3.6 - Citrix Systems, Inc.)
    DiskAid 4.11 (HKLM\...\DiskAid_is1) (Version: 4.11 - DigiDNA)
    Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
    Help and Support Additions (HKLM\...\Help and Support Additions) (Version: 3.0.5 - Hewlett Packard)
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 1.0.2 - Hewlett-Packard)
    HP Deskjet Printer Preload (HKLM\...\{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}) (Version: 10.1.0 - Hewlett-Packard Company)
    HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version: - HP)
    HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )
    InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version: - )
    InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    KBD (HKLM\...\KBD) (Version: - )
    LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.7 (HKLM\...\Wudf01007) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
    muvee autoProducer 4.0 (HKLM\...\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}) (Version: 4.00.050 - muvee Technologies)
    muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
    Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
    PC-Doctor for Windows (HKLM\...\InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}) (Version: 1.06.005 - PC-Doctor, Inc.)
    Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    PS2 (HKLM\...\PS2) (Version: - )
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.05 - Realtek Semiconductor Corp.)
    Remove Quicken New User Edition installer (HKLM\...\Quicken_NUE) (Version: - )
    Safari (HKLM\...\{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}) (Version: 3.525.28.1 - Apple Inc.)
    SlimDX Redistributable (March 2009) (HKLM\...\{D5395E5F-4D45-4665-8F00-234FA33678AF}) (Version: 2.0.7.41 - SlimDX Group)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
    Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
    Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Stanza (HKLM\...\Stanza) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: - )
    Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) (HKLM\...\9722CA1E8F72F362E93CBEC75A707FDABFC8D880) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
    Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 10 Hotfix [See KB889858 for more information] (HKLM\...\KB889858) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    Could not list restore points
    Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-10 13:00 - 2015-03-10 15:59 - 00000141 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009Core.job => C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1009UA.job => C:\Documents and Settings\jenuma.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010Core.job => C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-771800031-3871854053-1600153569-1010UA.job => C:\Documents and Settings\sarah.FAMILYROOM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-26 12:23 - 2015-04-23 14:39 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
    2015-03-26 12:23 - 2015-04-23 14:39 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
    2015-05-29 15:39 - 2015-05-29 15:39 - 02950656 _____ () C:\Program Files\Alwil Software\Avast5\defs\15052901\algo.dll
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2004-08-10 06:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-10 06:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-10 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2004-08-10 13:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
    2004-08-10 13:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
    2004-08-10 06:00 - 2011-10-14 18:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
    2005-06-03 12:19 - 2002-09-23 16:11 - 00040960 _____ () C:\WINDOWS\system32\hcwXDS.dll
    2015-03-13 16:07 - 2015-03-26 12:24 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\flirt-fever.de -> flirt-fever.de - flirten. chatten. daten - Singles Chat Partnersuche Kontaktanzeigen Singleb÷rse
    IE restricted site: HKU\.DEFAULT\...\softvisia.com -> avast.softvisia.com
    IE restricted site: HKU\.DEFAULT\...\xxx.com -> www.xxx.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.44.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
    DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\mqsvc.exe] => Enabled:Message Queuing
    StandardProfile\AuthorizedApplications: [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe] => Enabled:BackWeb for Pavilion
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mqsvc.exe] => Disabled:Message Queuing
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2201) (User: )
    Description: Message Queuing Triggers initialization failed (Error: 0x80110401).

    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2215) (User: )
    Description: The Triggers transactional component could not be registered in COM+ (Error: 0x80110401).

    Error: (05/29/2015 03:35:42 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

    Error: (05/29/2015 03:35:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (05/29/2015 03:35:42 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/29/2015 00:34:17 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/29/2015 00:34:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.44.2 for the Network Card with network address 0013D410A4CA has been
    denied by the DHCP server 192.168.44.1 (The DHCP Server sent a DHCPNACK message).

    Error: (05/28/2015 05:38:29 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/28/2015 05:22:50 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
    Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

    Error: (05/28/2015 05:21:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (05/28/2015 05:20:02 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error: (05/28/2015 05:06:25 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
    in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (05/28/2015 05:01:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (05/28/2015 05:01:05 PM) (Source: DCOM) (EventID: 10005) (User: FAMILYROOM)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}


    Microsoft Office:
    =========================
    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2201) (User: )
    Description: 0x80110401

    Error: (05/29/2015 03:37:12 PM) (Source: MSMQTriggers) (EventID: 2215) (User: )
    Description: 0x80110401

    Error: (05/29/2015 03:35:42 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description:

    Error: (05/29/2015 03:35:42 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description:

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 57578

    Error: (05/29/2015 02:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13860

    Error: (05/29/2015 02:46:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) D CPU 3.00GHz
    Percentage of memory in use: 51%
    Total physical RAM: 1022.41 MB
    Available physical RAM: 495.92 MB
    Total Pagefile: 2459.72 MB
    Available Pagefile: 2049.86 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.49 MB

    ==================== Drives ================================

    Drive c: (HP_PAVILION) (Fixed) (Total:224.87 GB) (Free:63.85 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:1.38 GB) FAT32 ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
    Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)
    Partition 2: (Active) - (Size=224.9 GB) - (Type=07 NTFS)

    ==================== End of log ============================
    thanks ,
    rroberts

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    First do this:
    Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
    To do that:
    • Navagate to your downloads folder-->C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    • In the downloads folder find FRST (Farber recovery scan tool)
    • Right click on it,Choose cut.
    • Go back to the desktop.
    • On an empty space right click, choose paste.
    • Farber will now have been successfully moved to desktop.


    No need to another scan after doing that.

    Next

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 PCDRSRVC; system32\drivers\PCDRSRVC.pkms [X]
    S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100826.001\symidsco.sys [X]
    U1 WS2IFSL; No ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;

    • Fix log.txt, that log ends up on the desktop after fix is run.
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe

  6. #6
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by HP_Administrator at 2015-05-30 17:23:05 Run:1
    Running from C:\Documents and Settings\HP_Administrator\Desktop
    Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & jenuma & ASPNET & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 PCDRSRVC; system32\drivers\PCDRSRVC.pkms [X]
    S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100826.001\symidsco.sys [X]
    U1 WS2IFSL; No ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value Removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    "HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} => value Removed successfully.
    HKCR\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => value Removed successfully.
    HKCR\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => value Removed successfully.
    HKCR\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value Removed successfully.
    HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => key not found.
    AvgMfx86 => Service Removed successfully.
    catchme => Service Removed successfully.
    PCDRSRVC => Service Removed successfully.
    SYMIDSCO => Service Removed successfully.
    WS2IFSL => Service Removed successfully.
    zumbus => Service Removed successfully.
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat => Moved successfully.
    C:\WINDOWS\system32\korean.uce => ":SummaryInformation" ADS Removed successfully..
    C:\WINDOWS\system32\korean.uce => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..
    C:\WINDOWS\system32\moricons.dll => ":SummaryInformation" ADS Removed successfully..
    C:\WINDOWS\system32\moricons.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..
    C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg => ":SummaryInformation" ADS Removed successfully..
    C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..

    ========= bitsadmin /reset /allusers =========

    'bitsadmin' is not recognized as an internal or external command,
    operable program or batch file.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    WARNING: Could not obtain host information from machine: [FAMILYROOM]. Some commands may not be available.
    The network location cannot be reached. For information about network troubleshooting, see Windows Help.


    Sucessfully reset the Winsock Catalog.
    You must restart the machine in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts restored successfully.
    EmptyTemp: => Removed 2.1 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 17:27:43 ====

  7. #7
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    sorry Joe ,
    i posted the fixlog before i ran the other scans . will do them now .
    thanks,
    rroberts

  8. #8
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by HP_Administrator at 2015-05-30 17:23:05 Run:1
    Running from C:\Documents and Settings\HP_Administrator\Desktop
    Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & jenuma & ASPNET & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-771800031-3871854053-1600153569-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 PCDRSRVC; system32\drivers\PCDRSRVC.pkms [X]
    S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100826.001\symidsco.sys [X]
    U1 WS2IFSL; No ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\korean.uce:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\moricons.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value Removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    "HKU\S-1-5-21-771800031-3871854053-1600153569-1008\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} => value Removed successfully.
    HKCR\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => value Removed successfully.
    HKCR\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => value Removed successfully.
    HKCR\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    HKU\S-1-5-21-771800031-3871854053-1600153569-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value Removed successfully.
    HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => key not found.
    AvgMfx86 => Service Removed successfully.
    catchme => Service Removed successfully.
    PCDRSRVC => Service Removed successfully.
    SYMIDSCO => Service Removed successfully.
    WS2IFSL => Service Removed successfully.
    zumbus => Service Removed successfully.
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\Jenuma\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\jenuma.FAMILYROOM\jagex__preferences3.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\sarah.FAMILYROOM\jagex__preferences3.dat => Moved successfully.
    C:\WINDOWS\system32\korean.uce => ":SummaryInformation" ADS Removed successfully..
    C:\WINDOWS\system32\korean.uce => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..
    C:\WINDOWS\system32\moricons.dll => ":SummaryInformation" ADS Removed successfully..
    C:\WINDOWS\system32\moricons.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..
    C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg => ":SummaryInformation" ADS Removed successfully..
    C:\Documents and Settings\HP_Administrator\My Documents\cc_20100820_232308.reg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS Removed successfully..

    ========= bitsadmin /reset /allusers =========

    'bitsadmin' is not recognized as an internal or external command,
    operable program or batch file.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    WARNING: Could not obtain host information from machine: [FAMILYROOM]. Some commands may not be available.
    The network location cannot be reached. For information about network troubleshooting, see Windows Help.


    Sucessfully reset the Winsock Catalog.
    You must restart the machine in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts restored successfully.
    EmptyTemp: => Removed 2.1 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 17:27:43 ====

    # AdwCleaner v4.205 - Logfile created 30/05/2015 at 18:07:33
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-25.3 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : HP_Administrator - FAMILYROOM
    # Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner_4.205.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Save
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\Documents and Settings\Jenuma\Application Data\Viewpoint

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
    Key Deleted : HKLM\SOFTWARE\MetaStream
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v7.0.6000.21376


    -\\ Mozilla Firefox v


    -\\ Google Chrome v43.0.2357.81

    [C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2879 bytes] - [30/05/2015 17:58:55]
    AdwCleaner[S0].txt - [2852 bytes] - [30/05/2015 18:07:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2911 bytes] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.5 (05.30.2015:1)
    OS: Microsoft Windows XP x86
    Ran by HP_Administrator on Sat 05/30/2015 at 18:22:42.75
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}



    ~~~ Files

    Successfully deleted: [File] C:\WINDOWS\wininit.ini



    ~~~ Folders

    Successfully deleted: [Folder] C:\Documents and Settings\All Users\start menu\programs\hot deals
    Successfully deleted: [Folder] C:\Program Files\tgtsoft\stylexp



    ~~~ Chrome


    [C:\Documents and Settings\HP_Administrator\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Documents and Settings\HP_Administrator\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Documents and Settings\HP_Administrator\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Documents and Settings\HP_Administrator\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/30/2015 at 18:28:10.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Two more scans. ESET might take considerable time.


    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    Next

    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


    Please post in your next reply;
    Eset scan results.
    Checkup.txt

    Thanks
    Joe

  10. #10
    Member
    Join Date
    May 2015
    Posts
    12
    Points
    0

    Default

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # product=EOS
    # version=8
    # iexplore.exe=7.00.6000.21376 (vista_ldr.140224-1641)
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=283b1d03da8bfb4cba62d3980d7ee9d8
    # engine=24125
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2015-06-02 04:47:27
    # local_time=2015-06-01 11:47:27 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # scanned=239865
    # found=9
    # cleaned=0
    # scan_time=20456
    sh=7BF4ACBBD24216773A98E6CF833A65353B2BDBA6 ft=1 fh=57781e6c440790d4 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\All Users\Documents\My Music\My Documents\RuneScape_Connectivity.exe"
    sh=871F3B5176251E9D06EF4F97D5230615D925BFE6 ft=0 fh=0000000000000000 vn="Win32/AutoRun.EU worm" ac=I fn="C:\Documents and Settings\HP_Administrator\Application Data\VCOM\SystemSuite\Backups\DC7d90b18001304.fiz"
    sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ccsetup505.exe"
    sh=7BF4ACBBD24216773A98E6CF833A65353B2BDBA6 ft=1 fh=57781e6c440790d4 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\Jenuma\My Documents\RuneScape_Connectivity.exe"
    sh=EC2228D4A0C0347E60AD876582F10B258C9CE0BA ft=1 fh=75da119cd5a52d78 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Documents and Settings\jenuma.FAMILYROOM\My Documents\BitTorrent-6.4c.exe"
    sh=DBEE45B7CAFBCCB9B42F075E1039F94FC76EAB10 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.J potentially unsafe application" ac=I fn="C:\Documents and Settings\jenuma.FAMILYROOM\My Documents\Downloads\Stardock Window Blinds v6.1 Build55 [ Enhanced!]\2.Patch-Embrace.rar"
    sh=7BF4ACBBD24216773A98E6CF833A65353B2BDBA6 ft=1 fh=57781e6c440790d4 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\jenuma.FAMILYROOM\My Documents\My Documents\RuneScape_Connectivity.exe"
    sh=BE85D601F3F67E0B548F9BA5C2421E95DB51A0EB ft=1 fh=8e3770e1065a3392 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\RuneScape_Connectivity\tbRune.dll"
    sh=01F362DA971CF24458EA515A531F969E3A2A0EA0 ft=0 fh=0000000000000000 vn="Win32/AutoRun.EU worm" ac=I fn="C:\Qoobox\Quarantine\D\Autorun.inf.vir"

Page 1 of 2 12 LastLast