Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hate my computer


  • This topic is locked This topic is locked
97 replies to this topic

#1 justmeandmycomputer

justmeandmycomputer

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 09 March 2015 - 05:11 PM

Ok, I have had it with my computer. I have posted here before and the last help I received my computer completely died on me. I had to reinstall by using the f8 key and it has been a nightmare every since. Know here is the problem this time. I have been trying to download Java for 3 days now plus another program but each times it downloads I am not able to install the program. I click the download arrow from my browser when it finishes downloading and nothing happens. Something is preventing me from installing programs. Also, I have shutdown my updates because when I get an update I am getting a fake update window where you can pause the download for 1 hour or 4 hours. It just automatically shut my computer down. I am student in major need of my computer and my final exam will be coming up soon. I had to run combofix just to try and see what was the problem but don't even think it installed right. Can I please just get me some help, because I am just a person trying to graduate but this computer want let me get the work done.  Thanks to who every is willing to help me ASAP!  Avast has found 3 incidents and I am not sure if I chose the right action to get rid of what was found. Grimefighter is stating 14 items have been found that is slowing my computer down.

 

Here is what Avast found:

 

HPLocale.exe    c:/hp/bin- Win32malware

 

Systemstatus.ni.dll-Win32:EVO-gen[susp]

 

Av.test.txt-  C:/users/family1st/appdata/local

 

 

HELP!!!!!!!! FINAL EXAMS COMING UP



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 11 March 2015 - 04:29 PM

Hello justmeandmycomputer and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested



Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop


  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

If it won’t run, try running it in Safe mode.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

RKreport.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 March 2015 - 05:53 PM

RogueKiller V10.5.3.0 [Mar 10 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Family 1st [Administrator]
Started from : C:\Users\Smart People\Desktop\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/11/2015  15:52:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\FAMILY~1\AppData\Local\Temp\catchme.sys) -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxAswDrv (\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\FAMILY~1\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-187951703-2136618692-784419598-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-187951703-2136618692-784419598-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 68.94.157.15 [UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 68.94.157.15 [UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B339C277-2B2B-4E7C-A768-046BA3CEF4C1} | DhcpNameServer : 192.168.0.1 205.152.144.23 [UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FDD2AB7B-E14A-4927-A6FD-5BC0C1D4F228} | DhcpNameServer : 192.168.0.1 68.94.157.15 [UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B339C277-2B2B-4E7C-A768-046BA3CEF4C1} | DhcpNameServer : 192.168.0.1 205.152.144.23 [UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FDD2AB7B-E14A-4927-A6FD-5BC0C1D4F228} | DhcpNameServer : 192.168.0.1 68.94.157.15 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD320KJ SCSI Disk Device +++++
--- User ---
[MBR] fde85b6a77395f32a5c5214f139a603f
[BSP] fbee10448a24018794d389a17134f0ae : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 296245 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 606710790 | Size: 8997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#4 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 March 2015 - 05:55 PM

Just wanted you to know that I got the blue screen of death before I even started this. Computer was flickering and just went crazy it gave me an stop error on the blue screen but I didn't get it. Sorry :devil: :smash:



#5 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 March 2015 - 06:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Smart People (ATTENTION: The logged in user is not administrator) on FAMILY1ST-PC on 11-03-2015 15:58:01
Running from C:\Users\Smart People\Desktop\Desktop
Loaded Profiles: Family 1st & Smart People (Available profiles: Family 1st & Smart People)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> wlanext.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> LSSrvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> XAudio.exe
Failed to access process -> AvastVBoxSVC.exe
Failed to access process -> taskeng.exe
Failed to access process -> svchost.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
Failed to access process -> WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Smart People\Desktop\Desktop\RogueKiller.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [combofix] => C:\ComboFix\CF20420.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKLM\...\RunOnce: [combofix] => C:\ComboFix\CF20420.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [216064 2006-11-02] (Microsoft Corporation)
HKLM\...\runonceex: [flags] =>
HKU\S-1-5-21-187951703-2136618692-784419598-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-187951703-2136618692-784419598-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-187951703-2136618692-784419598-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-187951703-2136618692-784419598-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-187951703-2136618692-784419598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
URLSearchHook: [S-1-5-21-187951703-2136618692-784419598-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {C3C73652-4C55-475E-8C8E-78E7A077D661} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKLM -> {D35CB428-A3BA-4FD7-804F-3885965AF37C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> DefaultScope {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {C3C73652-4C55-475E-8C8E-78E7A077D661} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {D35CB428-A3BA-4FD7-804F-3885965AF37C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-13] (AVAST Software)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.157.15

FireFox:
========
FF ProfilePath: C:\Users\Smart People\AppData\Roaming\Mozilla\Firefox\Profiles\ofaxb6t0.default-1424670790524
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2013-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2013-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-02-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-12-13] (Avast Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2014-12-14] (Microsoft Corporation)
S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-13] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-13] ()
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-03-11] ()
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-12-13] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\FAMILY~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 15:57 - 2015-03-11 15:58 - 00000000 ____D () C:\FRST
2015-03-11 15:38 - 2015-03-11 15:45 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-11 15:38 - 2015-03-11 15:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-11 15:16 - 2015-03-11 15:16 - 00004006 _____ () C:\Users\Smart People\Desktop\crashreporter.ini
2015-03-11 14:59 - 2015-03-11 14:59 - 00000533 _____ () C:\Users\Smart People\Desktop\pev - Shortcut.lnk
2015-03-11 14:59 - 2011-06-25 23:45 - 00256000 ____R () C:\Users\Smart People\Documents\pev.3XE
2015-03-11 14:49 - 2015-03-11 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-03-11 14:48 - 2015-03-11 14:49 - 242228631 _____ () C:\Windows\MEMORY.DMP
2015-03-09 15:28 - 2015-03-09 15:28 - 00001005 _____ () C:\Users\Smart People\Desktop\20150308_141204 - Shortcut.lnk
2015-03-09 15:04 - 2015-03-09 15:04 - 00024576 _____ () C:\Users\Public\HPLocale.exe
2015-03-08 14:27 - 2015-03-08 14:27 - 00000540 _____ () C:\Windows\PFRO.log
2015-03-08 14:06 - 2015-03-11 14:58 - 00000000 ___SD () C:\ComboFix
2015-03-08 14:06 - 2015-03-08 14:06 - 00000000 ____D () C:\Qoobox
2015-03-08 14:06 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 14:06 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 14:06 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 14:06 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 14:05 - 2015-03-08 14:24 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 14:05 - 2015-03-08 14:06 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-08 03:18 - 2015-03-08 03:18 - 00355632 _____ (Dropbox, Inc.) C:\Users\Smart People\Downloads\DropboxInstaller.exe
2015-03-08 03:03 - 2015-03-08 03:03 - 01270856 _____ (Ellora Assets Corporation ) C:\Users\Smart People\Downloads\FreemakeVideoDownloaderSetup.exe
2015-03-08 02:58 - 2015-03-08 02:59 - 01270544 _____ (Ellora Assets Corporation ) C:\Users\Smart People\Downloads\FreemakeVideoConverterSetup.exe
2015-03-08 02:27 - 2015-03-08 02:29 - 34591384 _____ (Any-Video-Converter.com ) C:\Users\Smart People\Downloads\avc-free.exe
2015-03-08 02:23 - 2015-03-08 02:44 - 728468094 _____ () C:\Users\Smart People\Downloads\20150307_022902(1).mp4
2015-03-08 00:16 - 2015-03-08 00:17 - 00561064 _____ (Oracle Corporation) C:\Users\Smart People\Downloads\jxpiinstall(1).exe
2015-03-08 00:11 - 2015-03-08 00:11 - 00561064 _____ (Oracle Corporation) C:\Users\Smart People\Downloads\jxpiinstall.exe
2015-03-07 20:37 - 2015-03-07 20:58 - 728468094 _____ () C:\Users\Smart People\Downloads\20150307_022902.mp4
2015-03-06 22:35 - 2015-03-09 13:30 - 00468253 _____ () C:\Users\Smart People\Desktop\Kimberly Johnson-Challenges in the Business Environment.pptx
2015-03-06 22:35 - 2015-03-06 22:35 - 00000165 ____H () C:\Users\Smart People\Desktop\~$Kimberly Johnson-Challenges in the Business Environment.pptx
2015-03-05 13:23 - 2015-03-05 13:23 - 00093424 _____ () C:\Users\Smart People\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 11:34 - 2015-02-14 11:35 - 00000000 ____D () C:\Users\Smart People\Desktop\insta pic
2015-02-12 18:13 - 2015-02-12 18:13 - 00000855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-02-12 18:12 - 2015-02-12 18:12 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-02-12 18:12 - 2015-02-12 18:12 - 00001182 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2015-02-12 18:12 - 2015-02-12 18:12 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2015-02-12 18:05 - 2009-06-01 16:36 - 00749568 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax6.dll
2015-02-12 18:05 - 2009-06-01 16:36 - 00315392 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll
2015-02-12 18:05 - 2009-05-18 14:33 - 00372736 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2015-02-12 17:58 - 2015-02-12 18:25 - 00205143 _____ () C:\Windows\hpwins26.dat
2015-02-12 17:58 - 2009-08-17 23:31 - 00000370 ____N () C:\Windows\hpwmdl26.dat
2015-02-12 17:21 - 2015-02-12 17:18 - 00205118 ____N () C:\Windows\hpwins26.dat.temp
2015-02-12 17:09 - 2009-08-17 23:31 - 00000370 ____N () C:\Windows\hpwmdl26.dat.temp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 15:54 - 2006-11-02 05:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 15:54 - 2006-11-02 05:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 15:11 - 2014-12-13 14:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 15:01 - 2006-11-02 03:33 - 00716948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 14:58 - 2006-11-02 05:52 - 01312092 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 14:54 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 15:04 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2015-03-08 21:14 - 2006-11-02 06:01 - 00024308 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-08 14:26 - 2006-11-02 03:22 - 34078720 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-08 14:26 - 2006-11-02 03:22 - 24903680 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-08 14:26 - 2006-11-02 03:22 - 09961472 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-03-08 14:26 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-08 14:26 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-08 14:26 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-03-08 02:48 - 2014-12-13 14:32 - 00000950 _____ () C:\Users\Smart People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-08 00:24 - 2013-11-11 17:19 - 00000000 ____D () C:\Windows\SMINST
2015-03-08 00:16 - 2015-01-27 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-08 00:13 - 2015-01-27 18:07 - 00000000 ____D () C:\Program Files\Java
2015-03-07 17:15 - 2014-12-13 14:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 18:00 - 2015-01-18 17:12 - 00014848 _____ () C:\Users\Smart People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-06 16:46 - 2015-01-27 16:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-06 11:19 - 2013-11-11 16:42 - 00000000 ____D () C:\Program Files\HP Games
2015-03-06 11:09 - 2013-11-11 16:42 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-06 11:09 - 2006-11-02 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-06 11:07 - 2013-11-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-06 11:07 - 2013-11-11 16:48 - 00000000 ____D () C:\Program Files\HP
2015-03-06 11:07 - 2013-11-11 16:47 - 00010067 _____ () C:\ProgramData\hpzinstall.log
2015-03-06 11:01 - 2014-12-18 14:22 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 11:01 - 2014-12-18 14:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-24 04:23 - 2014-12-13 16:18 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 15:04 - 2006-11-02 05:47 - 00359144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 18:24 - 2006-11-02 03:23 - 00000179 _____ () C:\Windows\win.ini
2015-02-12 18:22 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\twain_32
2015-02-12 18:13 - 2013-11-11 16:47 - 00000000 ____D () C:\ProgramData\HP
2015-02-12 18:05 - 2014-12-07 15:54 - 00000000 ____D () C:\Users\Family 1st

==================== Files in the root of some directories =======

2015-01-18 17:12 - 2015-03-06 18:00 - 0014848 _____ () C:\Users\Smart People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-11 16:47 - 2015-03-06 11:07 - 0010067 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Public\HPLocale.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End Of Log ============================



#6 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 March 2015 - 06:01 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Smart People at 2015-03-11 15:58:41
Running from C:\Users\Smart People\Desktop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2015-03-08 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>

==================== Loaded Modules (whitelisted) ==============

2014-12-13 17:20 - 2014-12-13 17:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-187951703-2136618692-784419598-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-187951703-2136618692-784419598-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1 - 68.94.157.15

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: NvSvc => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSCONFIG\startupreg: SnapfishMediaDetector => C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-187951703-2136618692-784419598-500 - Administrator - Disabled)
Family 1st (S-1-5-21-187951703-2136618692-784419598-1000 - Administrator - Enabled) => C:\Users\Family 1st
Guest (S-1-5-21-187951703-2136618692-784419598-501 - Limited - Disabled)
Smart People (S-1-5-21-187951703-2136618692-784419598-1001 - Limited - Enabled) => C:\Users\Smart People

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service: NPF
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 03:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 36.0.1.5542, time stamp 0x54f851c0, faulting module mozalloc.dll, version 36.0.1.5542, time stamp 0x54f8437e, exception code 0x80000003, fault offset 0x00001e02,
process id 0x1328, application start time 0xplugin-container.exe0.

Error: (03/11/2015 02:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application keytool.exe, version 8.0.31.13, time stamp 0x54925fd7, faulting module MSVCR100.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0xf14, application start time 0xkeytool.exe0.

Error: (03/11/2015 02:10:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application keytool.exe, version 8.0.31.13, time stamp 0x54925fd7, faulting module MSVCR100.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0xe60, application start time 0xkeytool.exe0.

Error: (03/09/2015 01:19:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application keytool.exe, version 8.0.31.13, time stamp 0x54925fd7, faulting module MSVCR100.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0xc88, application start time 0xkeytool.exe0.

Error: (03/09/2015 01:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application keytool.exe, version 8.0.31.13, time stamp 0x54925fd7, faulting module MSVCR100.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0xac0, application start time 0xkeytool.exe0.

Error: (03/08/2015 11:46:25 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/08/2015 11:46:25 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4

Error: (03/08/2015 01:12:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 36.0.1.5542, time stamp 0x54f851c0, faulting module mozalloc.dll, version 36.0.1.5542, time stamp 0x54f8437e, exception code 0x80000003, fault offset 0x00001e02,
process id 0x1690, application start time 0xplugin-container.exe0.

Error: (03/08/2015 01:11:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPAdvisor.exe version 1.1.17.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 918
Start Time: 01d05970e6590026
Termination Time: 21

Error: (03/08/2015 00:49:34 AM) (Source: MsiInstaller) (EventID: 11722) (User: Family1st-PC)
Description: Product: Java 8 Update 40 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Program Files\Java\jre1.8.0_40\installer.exe, command: /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_40\\" REPAIRMODE=0


System errors:
=============
Error: (03/11/2015 02:56:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (03/11/2015 02:54:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:53:12 PM on 3/11/2015 was unexpected.

Error: (03/11/2015 02:49:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (03/11/2015 02:48:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:46:18 PM on 3/11/2015 was unexpected.

Error: (03/11/2015 02:09:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:57:12 PM on 3/9/2015 was unexpected.

Error: (03/09/2015 01:20:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (03/09/2015 01:18:36 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 100D7F3E0551 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/09/2015 01:18:01 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0.
Please contact your system vendor for technical assistance.

Error: (03/09/2015 01:18:01 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0.
Please contact your system vendor for technical assistance.

Error: (03/09/2015 01:18:01 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0.
Please contact your system vendor for technical assistance.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 81%
Total physical RAM: 1917.88 MB
Available physical RAM: 362.55 MB
Total Pagefile: 4051.21 MB
Available Pagefile: 2930.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.73 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:289.3 GB) (Free:231.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:8.79 GB) (Free:1.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#7 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 12 March 2015 - 05:06 AM

I notice you have run ComboFix which is not recommended. ComboFix is a VERY powerful tool that can reduce a computer to a useless piece of metal without expert guidance.

While you may see ComboFix being used quite often without incident, the tool should NEVER be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Please send the log from when you ran it. ComboFix logs are located at c:\combofix.txt, older logs are at c:\qoobox\combofix2.txt, c:\qoobox\ComboFix3.txt etc

 

================================================

 

Please run all scans with Admin status.

================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.


HKU\S-1-5-21-187951703-2136618692-784419598-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-187951703-2136618692-784419598-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-187951703-2136618692-784419598-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {C3C73652-4C55-475E-8C8E-78E7A077D661} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKLM -> {D35CB428-A3BA-4FD7-804F-3885965AF37C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> DefaultScope {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {60B06E85-DB19-41D7-BAB1-1EF8E4BB4553} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {C3C73652-4C55-475E-8C8E-78E7A077D661} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKU\S-1-5-21-187951703-2136618692-784419598-1001 -> {D35CB428-A3BA-4FD7-804F-3885965AF37C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
HKU\S-1-5-21-187951703-2136618692-784419598-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

===================================================

Run aswMBR

  • download aswMBR.exe to your desktop
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply

Logs to include with next post:

fixlist.txt
aswMBR log
combofix.txt


Thanks

Satchfan


Edited by satchfan, 12 March 2015 - 05:20 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 13 March 2015 - 03:46 PM

I just wanted you to know that I haven't been able to bring my computer back up at all after running these scans. All I get when I log on is a black screen. I have tried running the computer in safe mode with networking and getting a black screen there also. I had to come to another computer to type this message. I am not sure what is giving me the black screen but I let it run and still nothing came up so I look at the task manager and desktop is running very high and I also have numerous of service host that are HIGH.  HELLLLLLLLLLLLLLLLLLLLLLLP.

 

Thanks, I will  check back.



#9 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 13 March 2015 - 04:42 PM

Do you have a Vista install disk?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 13 March 2015 - 06:35 PM

I am currently searching for it now, but if I don't find it what should be the next step? I am not having any luck so far locating this disk.



#11 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 14 March 2015 - 02:37 AM

Can you borrow one from somebody?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 17 March 2015 - 12:46 PM

Ok, I found the disk and have been trying to install for the last day or so but keep getting an error. Know I am working from the new computer I bought about 3 weeks ago Windows 8.1 and this computer is acting strangely such as loading pages taking about 2-3 minutes or longer to come up and black screen when I am turning on computer. Just about tired of trying to figure this out.



#13 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 17 March 2015 - 06:36 PM

have been trying to install for the last day or so but keep getting an error

 

 

Well done on locating the disk and we may use it later but can you please explain what you have tried to do with it and what the error was.

 

The fault with the new computer is interesting and may be relevant but I need more information about the original problem.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:01 PM

Posted 18 March 2015 - 04:20 AM

In addition to the previous post, I'd like a look at the files, registries and services that are responsible for your network connection.

 

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:


Internet Services
Windows Firewallsfc
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.

Please also remember to explain what you have tried to do with the Vista disk and what the error was.

 

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 justmeandmycomputer

justmeandmycomputer
  • Topic Starter

  • Members
  • 232 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 18 March 2015 - 03:05 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Johnson Family (administrator) on 18-03-2015 at 13:02:50
Running from "C:\Users\Johnson Family\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

 

 

 

NOTE: THIS SCAN WAS FROM THE WINDOWS 8.1 (NEW COMPUTER) NOT THE ONE I CAN'T LOAD THE DISK FOR.  I will try to run the disk for the windows vista again and make notation of the error that I get when running the disk. 

 

Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users