AtuZi not completely removed (?)

Status
Not open for further replies.
K

Katy1

New member
Hello,

I found AtuZi in my program files. (I have a WindowsXP Home Version and Spybot Home Edition). AtuZi did not show in my Add/Remove folder; I deleted the folder myself. Then I removed its' keys in my registry. Rebooted. And I get my *first* problem, an endless loop when I go into Spybot and do a C:/ system scan. It stops at 4.7% (with 1371 minutes remaining) OR goes thru to 100% and starts its endless loop again.

I thought it was AtuZi/maybe it is/ but: are there parts of it remaining? I did do a few System Restores and nothing at all happened.

Thank you for your time and attention.

Katy
-------------------------------------------------
Edit
For future reference and others reading. :)
http://forums.spybot.info/showthrea...ocedure-Before-Requesting-Assistance)-Updated
 
Last edited by a moderator:
Hi Katy1,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt
 
Hi OCD!

I saved your instructions to Notepad.

>>If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.<<

Question: Do I run Security Check first or ALL the tools you gave me at once? (Security Check; aswMBR, etc.

Many thanks,
Katy
 
Hi Katy1,

You run one tool at a time and be sure to save the log/s that are generated. Just follow the list in the order they are presented.
If you run into a problem, skip that step and proceed to the next tool. :bigthumb:
 
Hi OCD,

Uh...my downloads are set to download from my Tools at the top of the page. I don't know how to get downloads to the desktop with Firefox. Duh.

Katy
 
Hi Katy,

Your files should be going to your Downloads folder. Locate the Downloads folder, then just drag the program to your Desktop.

If you cannot find the Downloads folder, (or wherever the downloads are being stored) click on the download arrow in your Firefox browser, then right click on the file you want to open and select "Open Containing Folder". This should open the folder where your downloads are saved to.
 
Last edited:
Hi OCD,

I cut/pasted the logs and think (with what you may ask?) I attached the MBR.ZIP; it would not let me drag and drop. :


Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 71
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
.....................................
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 20:45:43
-----------------------------
20:45:43.484 OS Version: Windows 5.1.2600 Service Pack 3
20:45:43.484 Number of processors: 1 586 0x409
20:45:43.484 ComputerName: D5TBBCB1 UserName: Katy
20:45:43.859 Initialize success
20:45:43.906 VM: initialized successfully
20:45:43.921 VM: Intel CPU virtualization not supported
20:47:51.718 AVAST engine defs: 15012801
20:50:38.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:50:38.625 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
20:50:38.796 Disk 0 MBR read successfully
20:50:38.796 Disk 0 MBR scan
20:50:38.828 Disk 0 unknown MBR code
20:50:38.828 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:50:38.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53968 MB offset 80325
20:50:38.843 Disk 0 default boot code
20:50:38.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
20:50:38.890 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
20:50:38.921 Disk 0 scanning sectors +156232125
20:50:39.640 Disk 0 scanning C:\WINDOWS\system32\drivers
20:50:57.984 Service scanning
20:51:44.140 Modules scanning
20:51:44.140 Disk 0 trace - called modules:
20:51:44.156 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:51:44.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89aab8]
20:51:44.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8dcb00]
20:51:44.437 AVAST engine scan C:\WINDOWS
20:51:58.656 AVAST engine scan C:\WINDOWS\system32
20:55:21.640 AVAST engine scan C:\WINDOWS\system32\drivers
20:55:49.265 AVAST engine scan C:\Documents and Settings\Katy
20:59:13.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katy\Desktop\MBR.dat"
20:59:13.265 The log file has been saved successfully to "C:\Documents and Settings\Katy\Desktop\aswMBR.txt"
.................

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 28-01-2015 21:35:19
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1226216386-1621485569-1288477537-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1226216386-1621485569-1288477537-1006] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [X]
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 21:35 - 2015-01-28 21:35 - 00017668 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-28 21:34 - 2015-01-28 21:35 - 00000000 ___DC () C:\FRST
2015-01-28 21:28 - 2015-01-28 21:28 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-28 21:14 - 2015-01-28 21:18 - 02130432 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST64(1).exe
2015-01-28 20:59 - 2015-01-28 20:59 - 00002134 _____ () C:\Documents and Settings\Katy\Desktop\aswMBR.txt
2015-01-28 20:59 - 2015-01-28 20:59 - 00000512 _____ () C:\Documents and Settings\Katy\Desktop\MBR.dat
2015-01-28 20:44 - 2015-01-28 20:44 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
2015-01-28 17:54 - 2015-01-28 17:54 - 00852573 _____ () C:\Documents and Settings\Katy\Desktop\SecurityCheck(3).exe
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 21:35 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-28 21:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-28 20:22 - 2011-02-22 08:01 - 01361484 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-28 20:21 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-28 20:21 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-28 20:20 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-28 20:20 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-28 20:19 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 18:17 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-28 18:17 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-28 18:13 - 2014-07-20 20:09 - 00024858 _____ () C:\WINDOWS\setupact.log
2015-01-28 15:20 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed

...................................
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-28 21:36:30
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

aaquotes (HKLM\...\ST5UNST #1) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
ELIcon (Version: 1.00.0000 - Dell) Hidden
Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Scrabble (HKLM\...\Scrabble) (Version: - )
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points =========================

10-11-2014 22:00:19 System Checkpoint
11-11-2014 13:54:04 Software Distribution Service 3.0
12-11-2014 16:28:15 System Checkpoint
17-11-2014 11:40:28 System Checkpoint
18-11-2014 12:24:30 System Checkpoint
19-11-2014 12:54:30 System Checkpoint
21-11-2014 12:15:22 System Checkpoint
22-11-2014 14:28:39 System Checkpoint
24-11-2014 13:55:59 System Checkpoint
28-11-2014 16:52:19 System Checkpoint
29-11-2014 16:55:48 System Checkpoint
30-11-2014 17:02:35 System Checkpoint
05-12-2014 12:34:47 System Checkpoint
07-12-2014 03:01:58 System Checkpoint
09-12-2014 10:03:13 System Checkpoint
10-12-2014 09:51:25 Software Distribution Service 3.0
15-12-2014 11:19:34 System Checkpoint
17-12-2014 18:45:45 System Checkpoint
19-12-2014 10:27:10 System Checkpoint
21-12-2014 14:34:04 System Checkpoint
22-12-2014 13:51:03 Restore Operation
22-12-2014 13:58:35 Software Distribution Service 3.0
22-12-2014 15:46:26 Restore Operation
26-12-2014 18:52:22 Removed Across Lite
31-12-2014 13:27:45 System Checkpoint
03-01-2015 09:34:01 System Checkpoint
05-01-2015 08:42:34 System Checkpoint
06-01-2015 09:38:57 System Checkpoint
09-01-2015 15:00:45 System Checkpoint
10-01-2015 13:22:58 Installed HP Support Solutions Framework
10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
11-01-2015 10:19:22 Removed HP Software Update
12-01-2015 21:00:19 Installed HP Product Assistant
13-01-2015 20:16:10 Restore Operation
13-01-2015 20:22:04 Software Distribution Service 3.0
14-01-2015 12:51:09 Removed HP Support Solutions Framework
14-01-2015 12:53:52 Removed HP Update.
15-01-2015 09:59:35 Restore Operation
15-01-2015 10:14:15 Software Distribution Service 3.0
17-01-2015 05:06:29 System Checkpoint
18-01-2015 19:42:15 Installed HP Support Solutions Framework
18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
19-01-2015 08:38:01 Restore Operation
19-01-2015 08:51:23 Restore Operation
19-01-2015 09:06:37 Software Distribution Service 3.0
19-01-2015 10:13:08 Restore Operation
20-01-2015 10:58:48 System Checkpoint
20-01-2015 12:28:41 Installed HP Support Solutions Framework
22-01-2015 07:48:36 System Checkpoint
23-01-2015 08:24:59 Restore Operation
23-01-2015 08:49:34 Software Distribution Service 3.0
23-01-2015 10:34:38 Restore Operation
25-01-2015 16:13:08 System Checkpoint
26-01-2015 18:38:05 System Checkpoint
28-01-2015 08:10:41 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:51 - 2015-01-16 09:32 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2-2005-search.com
127.0.0.1 www.2-2005-search.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-viewer.com
127.0.0.1 www.2008-viewer.com
127.0.0.1 2008firefox.com
127.0.0.1 www.2008firefox.com
127.0.0.1 2008search-destroy.com
127.0.0.1 www.2008search-destroy.com
127.0.0.1 2009--access.com
127.0.0.1 www.2009--access.com
127.0.0.1 2009-edition.com
127.0.0.1 www.2009-edition.com
127.0.0.1 2009-phone.com
127.0.0.1 www.2009-phone.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2014-08-12 09:14 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-12 09:14 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-12 09:14 - 2012-04-03 16:06 - 00565640 ____C () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2005-10-05 03:12 - 2006-05-03 02:12 - 00098304 ____C () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2015-01-26 18:24 - 2015-01-26 18:25 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:SummaryInformation
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.


System errors:
=============
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_NIS
SymIRON
SYMTDI

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update neurowise service failed to start due to the following error:
%%3

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%3

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (01/28/2015 08:19:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007048f.

Error: (01/28/2015 05:19:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.


Microsoft Office Sessions:
=========================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 2045.98 MB
Available physical RAM: 1124.4 MB
Total Pagefile: 3431.36 MB
Available Pagefile: 2234.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:52.7 GB) (Free:33.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)

==================== End Of Log ============================
 
Hi Katy1,

You're doing just fine with posting the logs. :)

Important information regarding Windows XP

Microsoft will no longer offer support for Windows XP beginning on April 8, 2014

If you are running Windows XP, please take the time to read the information provided at these links.
= = = = = = = = = = = = = = = = = = = =

Did you set this proxy?
ProxyEnable: [S-1-5-21-1226216386-1621485569-1288477537-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1226216386-1621485569-1288477537-1006] => localhost:21320

= = = = = = = = = = = = = = = = = = = =

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:

  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • How is the computer running?
 
Hi OCD,

I got lost retrieving Fixlog.txt and got then FRST sent me to the Windows XP repair center/Mcafee with popups for media player. Many apologies.

AdwCleaner [SO] txt# AdwCleaner v4.109 - Report created 29/01/2015 at 13:57:27
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Katy - D5TBBCB1
# Running from : C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : AVG Security Toolbar Service
[#] Service Deleted : Update neurowise
[#] Service Deleted : Update Jotzey

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\pastaleads
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SearchAssist
Folder Deleted : C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Katy\Application Data\Viewpoint
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\config\pastalea.evt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\8ed8dab538ef42
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2187784
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3892 octets] - [29/01/2015 13:51:21]
AdwCleaner[S0].txt - [3833 octets] - [29/01/2015 13:57:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3893 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 29-01-2015 14:27:47
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:27 - 2015-01-29 14:28 - 00015375 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-29 14:27 - 2015-01-29 09:14 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-29 14:05 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:49 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:30 - 2015-01-29 13:30 - 00002468 _____ () C:\Documents and Settings\Katy\Desktop\fixlist.txt
2015-01-29 13:26 - 2015-01-29 13:26 - 00006900 _____ () C:\Documents and Settings\Katy\Desktop\OCD Atuziinstructions Thursday 1 29 15.txt
2015-01-29 13:24 - 2015-01-29 13:25 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-29 13:24 - 2015-01-29 13:24 - 00000294 _____ () C:\Documents and Settings\Katy\Desktop\did you set this proxy.txt
2015-01-28 21:34 - 2015-01-29 14:27 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:28 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-29 14:25 - 2011-02-22 08:01 - 01387421 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-29 14:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:24 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-29 14:23 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-29 14:23 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-29 14:23 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-29 14:23 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 14:22 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 14:22 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-29 14:01 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-29 09:23 - 2014-07-20 20:09 - 00024978 _____ () C:\WINDOWS\setupact.log
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
http://thisisudax.org/downloads/JRT.exe

JRT.tXT stopped after a few minutes at my startup (which is empty0

Also SPYBOT wouldn't let me close itself; so antivirus was running.

Computer is running verrrrry sloooow.

Katy
 
Hi Katy1,

You seem to have overlooked the FRST script from my previous post. Please run the script again as outlined above (or if you can, locate the log), then run a new FRST scan.

In your next post provide:
Fixlog.txt
FRST.txt
 
Hi OCD,

Thank you! Here are FRST.txt and Fixlog.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 29-01-2015 14:27:47
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:27 - 2015-01-29 14:28 - 00015375 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-29 14:27 - 2015-01-29 09:14 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-29 14:05 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:49 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:30 - 2015-01-29 13:30 - 00002468 _____ () C:\Documents and Settings\Katy\Desktop\fixlist.txt
2015-01-29 13:26 - 2015-01-29 13:26 - 00006900 _____ () C:\Documents and Settings\Katy\Desktop\OCD Atuziinstructions Thursday 1 29 15.txt
2015-01-29 13:24 - 2015-01-29 13:25 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-29 13:24 - 2015-01-29 13:24 - 00000294 _____ () C:\Documents and Settings\Katy\Desktop\did you set this proxy.txt
2015-01-28 21:34 - 2015-01-29 14:27 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:28 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-29 14:25 - 2011-02-22 08:01 - 01387421 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-29 14:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:24 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-29 14:23 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-29 14:23 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-29 14:23 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-29 14:23 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 14:22 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 14:22 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-29 14:01 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-29 09:23 - 2014-07-20 20:09 - 00024978 _____ () C:\WINDOWS\setupact.log
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
EmptyTemp:
 
Hi Katy1,

You're welcome. :bigthumb:

Some items from the previous FRST script did not remove the items targeted, so let's run this new script.

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt
 
Hi OCD,

Thank you....:)

......................Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}" => Key deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => value deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => value deleted successfully.
HKCR\CLSID\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
"HKCR\PROTOCOLS\Handler\junomsg" => Key deleted successfully.
HKCR\CLSID\{C4D10830-379D-11d4-9B2D-00C04F1579A5} => Key not found.
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:27:36 ====
 
Hi Katy1,

That looks better! :bigthumb:

Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S1].txt
  • FRST.txt
  • Any change in performance?
 
Hi OCD,

Here are the logs:
..........# AdwCleaner v4.109 - Report created 31/01/2015 at 12:02:37
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Katy - D5TBBCB1
# Running from : C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3892 octets] - [29/01/2015 13:51:21]
AdwCleaner[R1].txt - [909 octets] - [31/01/2015 11:57:55]
AdwCleaner[S0].txt - [3973 octets] - [29/01/2015 13:57:27]
AdwCleaner[S1].txt - [831 octets] - [31/01/2015 12:02:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [890 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 12:07:02
Running from C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 11:57 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-31 11:52 - 2015-01-31 11:52 - 00001911 _____ () C:\Documents and Settings\Katy\Desktop\ocd 1 31 15.txt
2015-01-30 11:17 - 2015-01-30 11:17 - 00003848 _____ () C:\Documents and Settings\Katy\Desktop\ocd fri 1 30 15.txt
2015-01-30 07:21 - 2015-01-30 07:22 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re Atuzi Thur 1 29 15
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:50 - 2015-01-31 12:02 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:24 - 2015-01-31 12:07 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-28 21:34 - 2015-01-31 12:07 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 12:07 - 2011-02-22 08:01 - 01428669 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-31 12:07 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-31 12:06 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-31 12:05 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-31 12:05 - 2012-08-27 16:05 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-31 12:05 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-31 12:05 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-31 12:04 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-31 12:04 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 12:03 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-31 11:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-31 11:14 - 2014-07-20 20:09 - 00025218 _____ () C:\WINDOWS\setupact.log
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-30 11:25 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-30 07:40 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Hi OCD,

Sorry I'm so confused. My fault.
.......Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}" => Key deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => value deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => value deleted successfully.
HKCR\CLSID\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
"HKCR\PROTOCOLS\Handler\junomsg" => Key deleted successfully.
HKCR\CLSID\{C4D10830-379D-11d4-9B2D-00C04F1579A5} => Key not found.
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:27:36 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 21:37:05
Running from C:\Documents and Settings\Katy\My Documents\Downloads
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 11:57 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-31 12:02 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-28 21:34 - 2015-01-31 21:37 - 00000000 ___DC () C:\FRST
2015-01-28 20:44 - 2015-01-28 20:44 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
2015-01-28 17:54 - 2015-01-28 17:54 - 00852573 _____ () C:\Documents and Settings\Katy\Desktop\SecurityCheck(3).exe
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-31 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:37 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-31 21:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-31 20:52 - 2014-07-20 20:09 - 00025278 _____ () C:\WINDOWS\setupact.log
2015-01-31 20:50 - 2011-02-22 08:01 - 01433747 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-31 20:49 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-31 20:49 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-31 20:49 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-31 20:49 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-31 20:48 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 18:35 - 2012-08-27 16:05 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-31 18:35 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-31 17:34 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-31 12:03 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-30 11:25 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Hi Katy1,

You seem to be running FRST from multiple locations. In order for FRST to work as designed the program (FRST) and the FRST scripts must be located in the same directory. That is why I asked you to save both the tools and the scripts to your Desktop.

Your last FRST script fix:
Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop

Your last FRST scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 21:37:05
Running from C:\Documents and Settings\Katy\My Documents\Downloads

=========================

You have several Chrome browser extensions that have no name. Do you know what they are? Do you use Chrome?

=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
  • Select type of scan to perform:
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • Answers about Chrome.
 
Last edited:
Hi OCD,

>>You seem to be running FRST from multiple locations. In order for FRST to work as designed the program (FRST) and the FRST scripts must be located in the same directory. That is why I asked you to save both the tools and the scripts to your Desktop.<<

I have been saving each days message in it's own dated file with your instructions on my desktop, then go back into the tools in different files. I thought I was saving time and I'm mucking it up! Not on purpose, please believe me.

Katy1
 
Hi Katy1 ,

You are doing just fine. :bigthumb: Remember to save any tools I ask you to run directly to your Desktop. If I provide you with a script, it too must be saved to your Desktop. This is the way the tools are designed, so that the program and the script are in the same directory. We request that you use the Desktop because it is easier to locate the programs and the scripts.

Run the scans previously requested when you can, and post the corresponding logs they generate.

If you have any questions about any of the steps I ask you to run don't hesitate to ask.
 
Status
Not open for further replies.
Back
Top