Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mouse-cursor-moved-around-scrren-ie-history-folder-fills-with-adhelpercom


  • This topic is locked This topic is locked
57 replies to this topic

#1 Butch#11

Butch#11

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 23 May 2013 - 06:45 PM

Interent slows and the IE 8 History Folder fills constantly with ad.helper.com entries ith numbers increasing numerically continually. I tried usual operating system cleanups and defragmenter and Reset IE8 and followed instructions and posted logs in Bleeping Computer thanks.
 It occurred to me this morning I could have tried an operating system repair but I get the good impressio you guys here do successful work at removing things and that you would remove all the traces which I would not be familar with. I have not attempted to do an OS repair on this PC yet.
The link to the first topic I started asking about these problems
http://www.bleepingcomputer.com/forums/t/495368/odd-behaviour-and-spam-into-favorites/page-2
 
 
 
DDS

 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by HP_Owner at 11:30:11 on 2013-05-24
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.217 [GMT 12:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\LibreOffice 4.0\program\soffice.exe
C:\Program Files\LibreOffice 4.0\program\soffice.bin
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nz.yahoo.com/?cmp=hp
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q305&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.3.1.22\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.3.1.22\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [KM Status] "c:\program files\konica minolta\status monitor\KMSM.EXE" startup
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x082b -f audio -m logitech -d 13.31.1044.0
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\libreo~1.lnk - c:\program files\libreoffice 4.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357281690703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356870756906
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2F0BDD40-D08A-48ED-9716-895D688C5E0B} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2013-2-17 57112]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1403010.016\SymDS.sys [2013-4-22 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1403010.016\SymEFA.sys [2013-4-22 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\bashdefs\20130515.001\BHDrvx86.sys [2013-5-21 1000024]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1403010.016\ccSetx86.sys [2013-4-22 134304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1403010.016\Ironx86.sys [2013-4-22 175264]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-8 119024]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-4-10 168592]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.3.1.22\ccSvcHst.exe [2013-4-22 144520]
R2 PageScope Net Care Service;KONICA MINOLTA PageScope Net Care;c:\program files\konica minolta\pagescope net care\javaservice.exe -ms4m -mx32m --> c:\program files\konica minolta\pagescope net care\JavaService.exe -ms4m -mx32m [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-7 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\ipsdefs\20130522.001\IDSXpx86.sys [2013-5-23 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\virusdefs\20130523.003\NAVENG.SYS [2013-5-24 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\virusdefs\20130523.003\NAVEX15.SYS [2013-5-24 1611992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-5 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-23 02:23:25 -------- d-----w- c:\program files\ESET
2013-05-23 01:59:38 -------- d-----w- c:\windows\ERUNT
2013-05-23 01:59:31 -------- d-----w- C:\JRT
2013-05-23 00:41:18 92184 ----a-w- c:\documents and settings\all users\application data\microsoft\bingdesktop\updater\BingDesktopRestarter.exe
2013-05-23 00:26:02 -------- d-----w- c:\program files\Microsoft
2013-05-22 11:40:36 1409 ----a-w- c:\windows\QTFont.for
2013-05-22 06:29:39 -------- d-----w- c:\documents and settings\hp_owner\application data\Malwarebytes
2013-05-22 06:29:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-22 06:29:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 06:29:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 00:41:13 -------- d-----w- C:\OLD COMPUTER FILES
2013-05-22 00:04:24 -------- d-----w- c:\documents and settings\hp_owner\application data\SUPERAntiSpyware.com
2013-05-22 00:04:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-22 00:04:07 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-05-13 20:20:28 -------- d-----w- c:\program files\Dropbox
2013-05-13 20:17:30 -------- d-----w- c:\documents and settings\hp_owner\application data\Dropbox
2013-05-07 01:04:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-04 00:39:58 81920 ----a-w- c:\windows\ALCFDRTM.VER
2013-05-04 00:39:58 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2013-05-02 02:04:45 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2013-05-02 02:04:45 -------- d-----w- c:\program files\MINOLTA-QMS
.
==================== Find3M  ====================
.
2013-05-22 23:41:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-22 23:41:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 01:04:30 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-07 01:04:29 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-07 01:04:29 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-21 20:07:43 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 11:30:59.12 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 31/12/2012 1:11:04 a.m.
System Uptime: 24/05/2013 7:26:19 a.m. (4 hours ago)
.
Motherboard: MSI | | Gypsum
Processor: Intel® Pentium® 4 CPU 3.06GHz | CPU 1 | 3067/532mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 63 GiB total, 39.875 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 6.998 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 21/05/2013 8:58:24 p.m. - System Checkpoint
RP134: 23/05/2013 11:33:00 a.m. - Software Distribution Service 3.0
RP135: 23/05/2013 11:38:11 a.m. - Removed J2SE Runtime Environment 5.0
RP136: 23/05/2013 11:53:41 a.m. - Removed Bing Desktop
RP137: 23/05/2013 12:26:01 p.m. - Installed Bing Desktop
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 11 ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Bing Desktop
BufferChm
CameraDrivers
CCleaner
Citrix Online Launcher
Compatibility Pack for the 2007 Office system
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crown Print Monitor+
CueTour
Destinations
Director
DocProc
DocumentViewer
Dropbox
ESET Online Scanner v3
Fax
Foxit Reader
Google Talk Plugin
GoToMeeting 5.5.0.1133
Help and Support Additions
High Definition Audio Driver Package - KB835221
Home Theater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Printer Preload
HP Help and Support 4.0
HP Image Zone 4.8.6
HP Photosmart Cameras 4.5
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
InterVideo Home Theater
InterVideo WinDVD Player
Java 7 Update 21
Java Auto Updater
KONICA MINOLTA PageScope Net Care
KONICA MINOLTA Status Monitor
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.0.3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Norton Internet Security
PanoStandAlone
Paragon Backup & Recovery™ 2011 (Advanced) Free
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PSPrinters06
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shockwave
SkinsHP1
Skype™ 6.3
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Imaging Component
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
23/05/2013 12:17:48 a.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI Tcpip UimBus Uim_IM
23/05/2013 12:17:48 a.m., error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
23/05/2013 12:17:48 a.m., error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/05/2013 12:17:48 a.m., error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/05/2013 12:17:48 a.m., error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
23/05/2013 12:16:48 a.m., error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/05/2013 12:16:39 a.m., error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
23/05/2013 11:38:35 a.m., error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
23/05/2013 1:45:38 p.m., error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
23/05/2013 1:45:38 p.m., error: Service Control Manager [7034] - The KONICA MINOLTA PageScope Net Care service terminated unexpectedly. It has done this 1 time(s).
23/05/2013 1:45:38 p.m., error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23/05/2013 1:45:38 p.m., error: Service Control Manager [7034] - The Bing Desktop Update service service terminated unexpectedly. It has done this 1 time(s).
23/05/2013 1:45:38 p.m., error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
23/05/2013 1:24:45 p.m., error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
22/05/2013 2:43:11 p.m., error: RemoteAccess [20106] - Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
21/05/2013 12:50:57 p.m., error: SRTSP [4] - Error loading virus definitions.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 28 May 2013 - 08:33 AM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


#2 Butch#11

Butch#11
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 23 May 2013 - 06:50 PM

Hi, something I forgot to mention is IE8 opens ok and begins to connect then freezes for maybeup to 5 seconds then opens ok. I think the 5 seconds increases after the computer has been on for an hour and more.

I dont think I noticed anything unusual happen when I ran the DDS scan.



#3 Butch#11

Butch#11
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 23 May 2013 - 07:02 PM

Hi, also I told you this was a Microsoft Windows XP Professional SP3 PC but it is a Home Edition SP3 installation, and I am the guy who installed it! Well, I checked the C.O.A. and it is Home Edition and I remember what happened, the computer was urgent for business so thats why we did not upgrade to XP Pro yet.


Edited by Butch#11, 23 May 2013 - 07:03 PM.


#4 Butch#11

Butch#11
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 23 May 2013 - 09:20 PM

the link in the post above was here so I moved it into the post in this thread where I should have posted it before


Edited by Butch#11, 23 May 2013 - 10:36 PM.


#5 Aharrypooter

Aharrypooter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 26 May 2013 - 02:38 AM

Title was: Hi, just wanted to let you know about the help you are giving me ~ OB
 
Just to let you know I am the person helping the man in the link below. We may be able to get to the computer again tomorrow. Just hoping you will not close this thread yet because we want to find the problem. Thanks very much for helping.
 
http://www.bleepingcomputer.com/forums/t/495932/mouse-cursor-moved-around-scrren-ie-history-folder-fills-with-adhelpercom/


Edited by Orange Blossom, 28 May 2013 - 12:29 AM.
Changed link to the new topic ID so content can be viewed. ~ OB


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 26 May 2013 - 07:17 PM

Thread will stay open and I moved this post to that topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 28 May 2013 - 08:26 AM

Greetings Butch#11 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 28 May 2013 - 08:46 AM

Greetings,

Thank you again for your patience. Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for 32 bit systems and save it to your desktop
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Attach.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 31 May 2013 - 08:07 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 03 June 2013 - 09:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 03 June 2013 - 03:39 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#12 Butch#11

Butch#11
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 05 June 2013 - 08:55 PM

Hi, I am the guy helping the man with this computer problem, reporting in to continue wth your help.

EDITED:

Also, I edited the Hosts file? with a list of websites which seemed like a good idea while we waited for your help. I will go and post the link to it now. It just seemed a good idea while we were waiting for help and in light of the delays of him having an operation and me getting a cold. I will post it when I find it shortly.

EDITED: also we noticed when we were posting here  the last time we posted that unlike the other computer here that uses the same webpage for the IE8 Homepage, this computer does not show the advertisements on both sides of the center of the homepage.

I  think this may have happened after one of the applications we were asked to run from Bleeping Computer when we were here last week. What I noticed then was the picture places on the homepage had red x's and no pictures.


Edited by Butch#11, 05 June 2013 - 09:26 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 05 June 2013 - 09:46 PM

Greetings,

Glad you are well enough to continue. I will be winding down for the evening but will look at your reply first thing in the morning.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Attach.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST lot
  • Attach log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#14 Butch#11

Butch#11
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 05 June 2013 - 10:29 PM

Hi, before I post the logs I will tell you what happened since we posted about the problem because some of the symptoms have gone. The links appearing in the IE8 History Folder have stopped, and the ads appearing on the http//nz.yahoo.com Homepage seem to be caused by a bad Yahoo script. Every other Homepage I saved in IE8 opened without problems.

 IE8 opening slowly on the Yahoo webpage is about the only problem that seems to remain.

Here are the logs

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by HP_Owner at 2013-06-06 15:21:30 Run:
Running from C:\Documents and Settings\HP_Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader 6.0.1 (Version: 006.000.001)
Agere Systems PCI Soft Modem
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
BufferChm (Version: 45.4.157.000)
CameraDrivers (Version: 4.5.0.211)
CCleaner (Version: 4.01)
Citrix Online Launcher (Version: 1.0.109)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000)
cp_dwSharkTaleCards1 (Version: 45.4.157.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
Crown Print Monitor+ (Version: 5.1.6)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Dropbox (Version: 2.0.22)
Fax (Version: 47.0.1.000)
Foxit Reader (Version: 5.4.5.124)
Google Talk Plugin (Version: 3.19.1.13088)
GoToMeeting 5.7.0.1172 (Version: 5.7.0.1172)
Help and Support Additions (Version: 3.0.5)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Home Theater
HP Deskjet Printer Preload (Version: 10.1.0)
HP Help and Support 4.0 (Version: 4.00.0025)
HP Image Zone 4.8.6 (Version: 4.8.6)
HP Photosmart Cameras 4.5 (Version: 4.5)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® Network Connections Drivers
Internet Explorer (Enable DEP)
InterVideo Home Theater
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.767)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
KONICA MINOLTA PageScope Net Care (Version: 5.01)
KONICA MINOLTA Status Monitor (Version: 3.0.8.2)
LibreOffice 4.0 Help Pack (English) (Version: 4.0.0.3)
LibreOffice 4.0.0.3 (Version: 4.0.0.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Encarta Encyclopedia Standard 2005 (Version: 2005)
Microsoft Money (Version: 14)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 08.04.0623)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Norton Internet Security (Version: 20.3.1.22)
PanoStandAlone (Version: 45.4.157.000)
Paragon Backup & Recovery™ 2011 (Advanced) Free (Version: 90.00.0003)
PhotoGallery (Version: 45.4.157.000)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
PopularScreensavers Toolbar and Software
PrintScreen (Version: 43.1.5.000)
PSPrinters06 (Version: 1.00.0000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
Readme (Version: 47.0.1.000)
Realtek High Definition Audio Driver
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Shockwave
SkinsHP1 (Version: 45.4.157.000)
Skype™ 6.3 (Version: 6.3.105)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.0)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

21-05-2013 08:58:24 System Checkpoint
22-05-2013 23:33:00 Software Distribution Service 3.0
22-05-2013 23:38:11 Removed J2SE Runtime Environment 5.0
22-05-2013 23:53:41 Removed Bing Desktop
23-05-2013 00:26:01 Installed Bing Desktop
24-05-2013 01:37:21 Installed Windows Internet Explorer 8.
24-05-2013 01:37:45 Software Distribution Service 3.0
24-05-2013 03:13:50 Software Distribution Service 3.0
24-05-2013 03:48:00 Removed Bing Desktop
25-05-2013 04:39:03 System Checkpoint
26-05-2013 05:00:33 System Checkpoint
27-05-2013 05:59:01 System Checkpoint
28-05-2013 04:37:59 Software Distribution Service 3.0
28-05-2013 06:36:51 RESTOREPOINT
29-05-2013 07:35:54 System Checkpoint
30-05-2013 08:05:51 System Checkpoint
31-05-2013 20:12:41 System Checkpoint
01-06-2013 23:40:15 System Checkpoint
03-06-2013 00:39:37 System Checkpoint
04-06-2013 00:58:41 System Checkpoint
05-06-2013 01:50:35 System Checkpoint

==================== Hosts content: ==========================

::1  localhost
# [end of entries generated by MVPS HOSTS]
127.0.0.1  localhost
127.0.0.1  ad. helpertrack.com
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com 127.0.0.1  ads.activepower.net

There are 1000 more lines starting with "127.0.0.1"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2013 07:42:10 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2013 05:43:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2013 05:24:47 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (05/28/2013 05:24:37 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2013 05:24:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2013 04:20:20 PM) (Source: Application Error) (User: )
Description: Fault bucket -1992386449.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/28/2013 04:19:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
Processing media-specific event for [iexplore.exe!ws!]

Error: (05/24/2013 03:31:31 PM) (Source: Application Error) (User: )
Description: Fault bucket -763466170.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/24/2013 03:29:53 PM) (Source: Application Error) (User: )
Description: Faulting application bingdesktop.exe, version 1.2.126.0, faulting module bingdesktop.exe, version 1.2.126.0, fault address 0x0001f2cd.
Processing media-specific event for [bingdesktop.exe!ws!]

Error: (05/24/2013 02:51:45 PM) (Source: Application Error) (User: )
Description: Fault bucket -763466170.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

System errors:
=============
Error: (06/06/2013 02:55:49 PM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 01:22:35 PM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 01:22:30 PM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 01:06:41 PM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 01:06:41 PM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 11:03:31 AM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 11:03:31 AM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 10:47:57 AM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 10:47:53 AM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/06/2013 10:14:29 AM) (Source: RemoteAccess) (User: )
Description: Unable to add the interface {704E01AB-CE1D-4BE1-A03D-4977C300A85A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Microsoft Office Sessions:
=========================
Error: (05/30/2013 07:42:10 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/28/2013 05:43:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/28/2013 05:24:47 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (05/28/2013 05:24:37 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/28/2013 05:24:36 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/28/2013 04:20:20 PM) (Source: Application Error)(User: )
Description: -1992386449

Error: (05/28/2013 04:19:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500010a19

Error: (05/24/2013 03:31:31 PM) (Source: Application Error)(User: )
Description: -763466170

Error: (05/24/2013 03:29:53 PM) (Source: Application Error)(User: )
Description: bingdesktop.exe1.2.126.0bingdesktop.exe1.2.126.00001f2cd

Error: (05/24/2013 02:51:45 PM) (Source: Application Error)(User: )
Description: -763466170

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 1015.36 MB
Available physical RAM: 450.77 MB
Total Pagefile: 2442.21 MB
Available Pagefile: 1685.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.88 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:62.56 GB) (Free:39.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.98 GB) (Free:7 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=12 GB) - (Type=0C)
Partition 2: (Active) - (Size=63 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by HP_Owner (administrator) on 06-06-2013 15:20:49
Running from C:\Documents and Settings\HP_Owner\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard Company) C:\windows\system\hpsysdrv.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Documents and Settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
(The Document Foundation) C:\Program Files\LibreOffice 4.0\program\soffice.exe
(The Document Foundation) C:\Program Files\LibreOffice 4.0\program\soffice.bin
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [59392 2004-08-04] ()
HKLM\...\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-15] (Hewlett-Packard Company)
HKLM\...\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe [52736 1998-05-08] (Hewlett-Packard Company)
HKLM\...\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-08] (Hewlett-Packard)
HKLM\...\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-08] (Hewlett-Packard)
HKLM\...\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [106496 2005-05-10] (InterVideo Inc.)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe [x]
HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [AGRSMMSG] AGRSMMSG.exe [x]
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (No File)
Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\LibreOffice 4.0.lnk
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files\LibreOffice 4.0\program\quickstart.exe ()
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZR^xdm795^S05581^nz&si=CMWB5OP2rbcCFc4hpQodHkUAbA&ptb=06BC8C35-6515-4816-8DDC-6F3A280DBFDA&ind=2013052400&n=77fcbdf0&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL =
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Toolbar BHO - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\PROGRA~1\POPULA~2\bar\1.bin\7ibar.dll (MindSpark)
BHO: Search Assistant BHO - {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - PopularScreensavers - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
Toolbar: HKCU -No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -  No File
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -PopularScreensavers - {F339A07F-9578-412D-85E0-B8A80277151A} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
PDF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357281690703
PDF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356870756906
PDF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
PDF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
PDF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-08] (SUPERAntiSpyware.com)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
R2 PageScope Net Care Service; C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe [73789 2002-12-24] ()
S2 PopularScreensavers_7iService; C:\PROGRA~1\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-24] (COMPANYVERS_NAME)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-06-01] (Symantec Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1403010.016\ccSetx86.sys [134304 2012-11-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-05-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-05-02] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-01-21] (Paragon Software Group)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [830684 2005-04-06] (Intel Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130604.001\IDSxpx86.sys [373728 2013-04-19] (Symantec Corporation)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-04] (LT)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130605.002\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130605.002\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1403010.016\SRTSP.SYS [602712 2013-01-29] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1403010.016\SRTSPX.SYS [32344 2013-01-29] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1403010.016\SYMDS.SYS [367704 2013-01-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1403010.016\SYMEFA.SYS [934488 2013-01-31] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-04-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1403010.016\Ironx86.SYS [175264 2012-11-16] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1403010.016\SYMTDI.SYS [394656 2013-01-31] (Symantec Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-06 15:20 - 2013-06-06 15:20 - 00000000 ____D C:\FRST
2013-06-06 15:19 - 2013-06-06 15:19 - 01357013 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FRST.exe
2013-06-06 14:50 - 2013-06-06 14:50 - 00000060 ____A C:\Windows\setupact.log
2013-06-06 14:50 - 2013-06-06 14:50 - 00000000 ____A C:\Windows\setuperr.log
2013-05-28 16:39 - 2013-05-28 16:39 - 00000024 __ASH C:\Documents and Settings\HP_Owner\Application Data\Win4665 Config DB.dlx
2013-05-28 16:39 - 2013-05-28 16:39 - 00000024 __ASH C:\Documents and Settings\HP_Owner\Application Data\System3192SettingsDB.dat
2013-05-28 16:10 - 2013-05-28 16:10 - 00000734 ____A C:\Documents and Settings\HP_Owner\Desktop\original hosts.txt
2013-05-28 16:06 - 2013-05-28 17:12 - 00571879 ____A C:\Documents and Settings\HP_Owner\Desktop\hosts.txt
2013-05-24 16:54 - 2013-05-24 16:54 - 00000000 ___AD C:\Program Files\Zwinky_5qEI
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IAC
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers
2013-05-24 16:42 - 2012-12-19 07:22 - 00039464 ____A (popularscreensavers.com) C:\Windows\System32\p5PSSavr.scr
2013-05-24 13:38 - 2013-05-24 13:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2013-05-24 11:27 - 2013-05-28 18:00 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\SCANS2
2013-05-23 13:59 - 2013-05-23 13:59 - 00000000 ____D C:\Windows\ERUNT
2013-05-23 13:59 - 2013-05-23 13:59 - 00000000 ____D C:\JRT
2013-05-23 13:24 - 2013-05-23 13:25 - 00001967 ____A C:\AdwCleaner[S1].txt
2013-05-23 13:15 - 2013-05-23 13:16 - 00001883 ____A C:\AdwCleaner[R2].txt
2013-05-23 13:13 - 2013-05-23 13:14 - 00001823 ____A C:\AdwCleaner[R1].txt
2013-05-22 23:40 - 2013-05-22 23:40 - 00000000 ___SD C:\Documents and Settings\HP_Owner\My Documents\My DVDs
2013-05-22 21:07 - 2013-05-22 21:07 - 00001583 ____A C:\Documents and Settings\HP_Owner\Desktop\Disk Defragmenter (2).lnk
2013-05-22 21:07 - 2013-05-22 21:07 - 00001543 ____A C:\Documents and Settings\HP_Owner\Desktop\Disk Cleanup (2).lnk
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-22 18:29 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-22 17:30 - 2013-05-24 15:11 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\SCANS
2013-05-22 12:41 - 2013-05-22 21:05 - 00000000 ____D C:\OLD COMPUTER FILES
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-15 13:04 - 2013-05-15 13:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 13:00 - 2013-05-15 13:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-14 09:32 - 2013-05-14 09:32 - 00000167 ____A C:\Documents and Settings\HP_Owner\Desktop\www.ogpreneurs.com.url
2013-05-14 08:36 - 2013-06-06 14:56 - 00000000 ___RD C:\Documents and Settings\HP_Owner\My Documents\Dropbox
2013-05-14 08:36 - 2013-06-02 22:55 - 00001038 ____A C:\Documents and Settings\HP_Owner\Desktop\Dropbox.lnk
2013-05-14 08:20 - 2013-05-14 08:20 - 00000000 ____D C:\Program Files\Dropbox
2013-05-14 08:17 - 2013-06-06 14:56 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Dropbox
2013-05-07 13:44 - 2013-05-07 13:44 - 00185536 ____A C:\Documents and Settings\HP_Owner\My Documents\cc_20130507_134400.reg
2013-05-07 13:27 - 2013-05-07 13:27 - 00000693 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-07 13:04 - 2013-05-07 13:04 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll

==================== One Month Modified Files and Folders ========

2013-06-06 15:20 - 2013-06-06 15:20 - 00000000 ____D C:\FRST
2013-06-06 15:19 - 2013-06-06 15:19 - 01357013 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FRST.exe
2013-06-06 15:10 - 2013-03-19 15:00 - 00000990 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003443269-3448007288-540395774-1008UA.job
2013-06-06 14:58 - 2004-11-24 00:15 - 01915794 ____A C:\Windows\WindowsUpdate.log
2013-06-06 14:56 - 2013-05-14 08:36 - 00000000 ___RD C:\Documents and Settings\HP_Owner\My Documents\Dropbox
2013-06-06 14:56 - 2013-05-14 08:17 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Dropbox
2013-06-06 14:56 - 2013-02-17 10:14 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Skype
2013-06-06 14:55 - 2004-12-16 05:52 - 00000000 ____D C:\Windows\System32\ias
2013-06-06 14:54 - 2013-02-17 15:44 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-06 14:54 - 2013-02-17 15:44 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 14:54 - 2012-12-31 00:12 - 00000062 __ASH C:\Documents and Settings\HP_Owner\Local Settings\desktop.ini
2013-06-06 14:54 - 2005-06-29 04:54 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 14:54 - 2005-06-29 04:54 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 14:54 - 2004-11-24 00:15 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 14:52 - 2012-12-31 00:12 - 00000178 ___SH C:\Documents and Settings\HP_Owner\ntuser.ini
2013-06-06 14:52 - 2004-11-24 00:15 - 00032316 ____A C:\Windows\SchedLgU.Txt
2013-06-06 14:50 - 2013-06-06 14:50 - 00000060 ____A C:\Windows\setupact.log
2013-06-06 14:50 - 2013-06-06 14:50 - 00000000 ____A C:\Windows\setuperr.log
2013-06-06 14:41 - 2012-12-30 22:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 19:19 - 2013-05-02 12:58 - 00010607 ____A C:\Windows\System32\lvcoinst.log
2013-06-05 19:14 - 2013-02-15 14:12 - 00000000 ____D C:\Documents and Settings\My Pictures\Mt ruapehu 2010 dora
2013-06-05 16:10 - 2013-03-19 15:00 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003443269-3448007288-540395774-1008Core.job
2013-06-03 15:25 - 2013-05-02 16:05 - 00012753 ____A C:\Documents and Settings\HP_Owner\Desktop\New Inv..odt
2013-06-02 22:55 - 2013-05-14 08:36 - 00001038 ____A C:\Documents and Settings\HP_Owner\Desktop\Dropbox.lnk
2013-06-01 12:48 - 2013-02-15 16:00 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2013-05-31 22:12 - 2004-11-24 00:01 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-05-28 18:07 - 2004-11-24 14:32 - 00000281 _RASH C:\boot.ini
2013-05-28 18:07 - 2004-11-24 10:48 - 00000227 ____A C:\Windows\system.ini
2013-05-28 18:07 - 2004-11-23 23:58 - 00000557 ____A C:\Windows\win.ini
2013-05-28 18:03 - 2004-11-24 00:01 - 00321136 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-28 18:00 - 2013-05-24 11:27 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\SCANS2
2013-05-28 17:12 - 2013-05-28 16:06 - 00571879 ____A C:\Documents and Settings\HP_Owner\Desktop\hosts.txt
2013-05-28 16:39 - 2013-05-28 16:39 - 00000024 __ASH C:\Documents and Settings\HP_Owner\Application Data\Win4665 Config DB.dlx
2013-05-28 16:39 - 2013-05-28 16:39 - 00000024 __ASH C:\Documents and Settings\HP_Owner\Application Data\System3192SettingsDB.dat
2013-05-28 16:10 - 2013-05-28 16:10 - 00000734 ____A C:\Documents and Settings\HP_Owner\Desktop\original hosts.txt
2013-05-24 16:54 - 2013-05-24 16:54 - 00000000 ___AD C:\Program Files\Zwinky_5qEI
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IAC
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers
2013-05-24 16:18 - 2005-06-29 05:02 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-24 16:03 - 2005-06-29 05:37 - 00000000 ____D C:\Program Files\QuickTime
2013-05-24 16:02 - 2005-06-29 05:30 - 00000000 ____D C:\Program Files\Common Files\Real
2013-05-24 15:11 - 2013-05-22 17:30 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\SCANS
2013-05-24 13:38 - 2013-05-24 13:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2013-05-24 13:37 - 2005-06-29 05:08 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-23 13:59 - 2013-05-23 13:59 - 00000000 ____D C:\Windows\ERUNT
2013-05-23 13:59 - 2013-05-23 13:59 - 00000000 ____D C:\JRT
2013-05-23 13:25 - 2013-05-23 13:24 - 00001967 ____A C:\AdwCleaner[S1].txt
2013-05-23 13:16 - 2013-05-23 13:15 - 00001883 ____A C:\AdwCleaner[R2].txt
2013-05-23 13:14 - 2013-05-23 13:13 - 00001823 ____A C:\AdwCleaner[R1].txt
2013-05-23 11:41 - 2012-12-30 22:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-23 11:41 - 2012-12-30 22:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-23 11:38 - 2005-06-29 05:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-23 11:24 - 2012-12-31 01:36 - 00000000 ____D C:\Windows\pss
2013-05-22 23:40 - 2013-05-22 23:40 - 00000000 ___SD C:\Documents and Settings\HP_Owner\My Documents\My DVDs
2013-05-22 21:07 - 2013-05-22 21:07 - 00001583 ____A C:\Documents and Settings\HP_Owner\Desktop\Disk Defragmenter (2).lnk
2013-05-22 21:07 - 2013-05-22 21:07 - 00001543 ____A C:\Documents and Settings\HP_Owner\Desktop\Disk Cleanup (2).lnk
2013-05-22 21:05 - 2013-05-22 12:41 - 00000000 ____D C:\OLD COMPUTER FILES
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2013-05-22 18:29 - 2013-05-22 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2013-05-22 12:04 - 2013-05-22 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-21 16:47 - 2012-12-31 00:31 - 00000000 __SHD C:\Documents and Settings\HP_Owner\UserData
2013-05-19 22:01 - 2013-02-17 21:09 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Citrix
2013-05-15 13:17 - 2013-02-15 16:19 - 00000000 ____D C:\Windows\ie8updates
2013-05-15 13:15 - 2004-11-24 00:03 - 00554874 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 13:04 - 2013-05-15 13:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 13:01 - 2013-02-15 16:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 13:00 - 2013-05-15 13:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-14 09:32 - 2013-05-14 09:32 - 00000167 ____A C:\Documents and Settings\HP_Owner\Desktop\www.ogpreneurs.com.url
2013-05-14 08:33 - 2012-12-31 00:24 - 00081936 ____A C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-14 08:20 - 2013-05-14 08:20 - 00000000 ____D C:\Program Files\Dropbox
2013-05-11 07:17 - 2005-06-29 05:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-08 09:19 - 2013-02-19 13:02 - 00000000 ____D C:\Documents and Settings\My Pictures\Picture
2013-05-07 16:27 - 2004-08-04 23:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-07 16:27 - 2004-08-04 23:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 13:44 - 2013-05-07 13:44 - 00185536 ____A C:\Documents and Settings\HP_Owner\My Documents\cc_20130507_134400.reg
2013-05-07 13:27 - 2013-05-07 13:27 - 00000693 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-07 13:27 - 2013-02-15 15:05 - 00000000 ____D C:\Program Files\CCleaner
2013-05-07 13:04 - 2013-05-07 13:04 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-07 13:04 - 2013-05-07 13:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-07 13:04 - 2012-12-30 22:50 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-07 13:04 - 2012-12-30 22:50 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-07 13:04 - 2012-12-30 22:50 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-05-07 12:55 - 2005-06-29 05:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-07 12:51 - 2004-12-16 05:22 - 00000000 ___HD C:\hp

Files to move or delete:
====================
C:\Documents and Settings\HWiNFO32\HW32inst.EXE
C:\Documents and Settings\HWiNFO32\HWiNFO32.EXE
C:\Documents and Settings\HWiNFO32\unins000.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 PM

Posted 06 June 2013 - 08:53 AM

Greetings,

Thank you for your patience.
 

IE8 opening slowly on the Yahoo webpage is about the only problem that seems to remain.

So every other page you try to load works just fine?

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (No File)
SearchScopes: HKLM - {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZR^xdm795^S05581^nz&si=CMWB5OP2rbcCFc4hpQodHkUAbA&ptb=06BC8C35-6515-4816-8DDC-6F3A280DBFDA&ind=2013052400&n=77fcbdf0&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL =
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL =
BHO: Toolbar BHO - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\PROGRA~1\POPULA~2\bar\1.bin\7ibar.dll (MindSpark)
BHO: Search Assistant BHO - {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
Toolbar: HKLM - PopularScreensavers - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
Toolbar: HKCU -No Name - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -  No File
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU -PopularScreensavers - {F339A07F-9578-412D-85E0-B8A80277151A} - C:\Program Files\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
S2 PopularScreensavers_7iService; C:\PROGRA~1\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-24] (COMPANYVERS_NAME)
C:\PROGRA~1\POPULA~2\bar\1.bin\7ibarsvc.exe
2013-05-24 16:54 - 2013-05-24 16:54 - 00000000 ___AD C:\Program Files\Zwinky_5qEI
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers
2013-05-24 16:42 - 2012-12-19 07:22 - 00039464 ____A (popularscreensavers.com) C:\Windows\System32\p5PSSavr.scr
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers_7i
2013-05-24 16:42 - 2013-05-24 16:42 - 00000000 ____D C:\Program Files\PopularScreensavers
C:\Documents and Settings\HWiNFO32\HW32inst.EXE
C:\Documents and Settings\HWiNFO32\HWiNFO32.EXE
C:\Documents and Settings\HWiNFO32\unins000.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users