nomis1963

Members
  • Content Count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral

About nomis1963

  • Rank
    Member
  1. Ok, many thanks again for your fantastic support and advice - much appreciated.
  2. Hi, One last query from me - . Removal of ComboFix and all system restore points since they might be infected. Press Windows-key + R Copy and paste this line: ComboFix /Uninstall This doesn't work and is not found on my PC following a manual search. Did we use it?!
  3. Thanks - I seem to be back to where I was before the last step. I don't think un-checking Ad Aware made a huge difference to boot up, so I guess I will just have to be patient amd allow a bit more time when using this PC. I've had no virus warnings recently and no threats have been found on scans that I have run etc.
  4. Help! That was a bit of a disaster! It loaded lots of 'other' icons and slowed everything down! When I boot up now I get a 'system configuration utility' message telling me that I am in diagnostic or selective modes and telling me to switch to 'normal mode'. This is what I previously did I think and it loads 'all device drivers and settings' Can you get me back to where I was before we did the last step please?!
  5. sadly yes! Its quick to do the initial boot up/log ins, but Ad aware takes ages to load and I would say its around 10 mins from turning it on to getting online :-(
  6. Hi, All instructions carried out - please see log below, Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014 Ran by Simon at 2014-12-30 09:01:10 Run:6 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File S4 IntelIde; No ImagePath S2 StarOpen; No ImagePath AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn => value deleted successfully. HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully. HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => Key deleted successfully. IntelIde => Service deleted successfully. StarOpen => Service deleted successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully. ==== End of Fixlog 09:02:03 ====
  7. Hi, Eset scan log below, C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BabMaint.exe.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
  8. Hi, I think two logs were saved to the desktop (both below) one as 'FRST text' and the other as 'addition text' Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014 Ran by Simon (administrator) on MORRISPC on 29-12-2014 10:16:06 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (HP) C:\WINDOWS\system32\HPZipm12.exe () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [skyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-05-10] () HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [7700288 2014-12-18] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\...\Policies\Explorer: [NoDrives] 0x00000000 SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {3CAB56CE-65D6-4600-9759-158502D4925F} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {A9D61C09-603C-4350-9AEF-498C58C0C3F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} http://www.newstarsoccer.com/OSAKitPro.CAB DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} https://connect.kingfisher.com/postauthI/epi.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\l53n7bes.default-1419365226421 FF NewTab: hxxp://www.google.co.uk/ FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-16] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] () R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited) R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec) [File not signed] S3 BLKWGU(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation) R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.) R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.) R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.) S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.) R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.) S3 BTIAUSB; C:\WINDOWS\System32\DRIVERS\btiausb.sys [23808 2008-07-30] (iAnywhere Solutions) S3 BTPROT; C:\WINDOWS\System32\DRIVERS\btprot.sys [453120 2008-08-02] (iAnywhere Solutions) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-10-09] (BitDefender LLC) S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.) S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-27] (LG Electronics Inc.) S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-27] (LG Electronics Inc.) S3 Usblink; C:\WINDOWS\System32\Drivers\ulink.sys [37708 2005-04-29] () [File not signed] S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-25] (LG Electronics Inc.) S3 USBSER34; C:\WINDOWS\System32\Drivers\USBSER34.SYS [35440 2005-12-27] (WCH) [File not signed] R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.) S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S4 IntelIde; No ImagePath S3 LVUSBSta; system32\drivers\lvusbsta.sys [X] S3 NgFilter; system32\DRIVERS\ngfilter.sys [X] S3 NgLog; system32\DRIVERS\nglog.sys [X] S3 NgVpn; system32\DRIVERS\ngvpn.sys [X] S3 NgWfp; system32\DRIVERS\ngwfp.sys [X] S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S2 StarOpen; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 10:16 - 2014-12-29 10:17 - 00014994 _____ () C:\Documents and Settings\Simon\Desktop\FRST.txt 2014-12-28 19:27 - 2014-12-28 19:27 - 00000854 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-28 19:22 - 2014-12-28 19:22 - 00011966 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141228_192232.reg 2014-12-25 17:17 - 2014-12-25 17:17 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Adobe 2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla 2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla 2014-12-25 16:08 - 2014-12-25 16:08 - 00010310 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141225_160836.reg 2014-12-25 15:58 - 2014-12-25 15:58 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer 2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp 2014-12-25 15:57 - 2014-12-25 15:59 - 00091728 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-25 15:57 - 2014-12-25 15:57 - 00000794 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Windows Media Player.lnk 2014-12-25 15:57 - 2014-12-25 15:57 - 00000773 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk 2014-12-25 15:57 - 2014-12-25 15:57 - 00000744 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Outlook Express.lnk 2014-12-25 15:57 - 2014-12-25 15:57 - 00000128 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 __SHD () C:\Documents and Settings\Guest\IETldCache 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Documents and Settings\Guest 2014-12-25 15:57 - 2006-11-22 13:22 - 00000178 ___SH () C:\Documents and Settings\Guest\ntuser.ini 2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\ATI 2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\ATI 2014-12-25 15:57 - 2006-11-22 12:46 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Macromedia 2014-12-25 15:57 - 2006-11-22 11:49 - 00000000 ___RD () C:\Documents and Settings\Guest\Start Menu\Programs\Accessories 2014-12-25 15:57 - 2006-11-22 11:46 - 00001605 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Remote Assistance.lnk 2014-12-25 15:10 - 2014-12-29 10:16 - 00000000 ____D () C:\FRST 2014-12-25 15:09 - 2014-12-27 19:03 - 01114624 _____ (Farbar) C:\Documents and Settings\Simon\Desktop\FRST.exe 2014-12-24 16:27 - 2014-12-27 19:06 - 00000000 ____D () C:\Documents and Settings\Simon\Desktop\Lava help stuff 2014-12-24 06:56 - 2014-12-24 06:56 - 00000000 ____D () C:\Program Files\ESET 2014-12-24 06:46 - 2014-12-25 09:06 - 00000000 ____D () C:\AdwCleaner 2014-12-23 21:07 - 2014-12-23 21:07 - 00000000 __SHD () C:\found.001 2014-12-23 20:38 - 2014-12-23 20:38 - 00465464 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141223_203845.reg 2014-12-23 20:21 - 2014-12-23 20:21 - 00000260 _____ () C:\WINDOWS\_delis32.ini 2014-12-23 20:17 - 2014-12-23 20:18 - 00000630 _____ () C:\Documents and Settings\Simon\Installer.log 2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Mozilla 2014-12-22 22:58 - 2014-12-22 22:58 - 00000736 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-22 22:58 - 2014-12-22 22:58 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-12-22 18:30 - 2014-12-22 18:30 - 00000450 _____ () C:\Documents and Settings\Simon\My Documents\fixlist.txt 2014-12-21 22:12 - 2014-12-28 19:27 - 00952840 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-12-21 18:09 - 2014-12-21 18:09 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\LavasoftStatistics 2014-12-21 18:08 - 2014-12-21 18:08 - 00000246 _____ () C:\prefs.js 2014-12-21 18:08 - 2014-12-21 18:08 - 00000000 ____D () C:\searchplugins 2014-12-21 18:07 - 2014-12-21 18:12 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Lavasoft 2014-12-21 18:07 - 2014-12-21 18:07 - 00004104 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini 2014-12-21 18:07 - 2014-12-21 18:07 - 00002128 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2014-12-21 18:06 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll 2014-12-21 18:01 - 2014-12-29 10:02 - 00002050 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk 2014-12-21 18:00 - 2014-12-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft 2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-12-21 17:56 - 2014-12-21 17:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$ 2014-12-21 12:11 - 2014-12-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-21 11:23 - 2014-12-21 17:39 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DEF6EE2F-DCA5-4533-9083-67BB84C619B4} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 10:17 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Temp 2014-12-29 10:03 - 2006-11-21 22:44 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-29 10:00 - 2007-02-05 18:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-29 10:00 - 2007-02-05 18:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-29 09:59 - 2006-11-22 11:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-28 19:27 - 2007-02-02 18:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-12-28 19:27 - 2007-02-02 13:52 - 00000278 ___SH () C:\Documents and Settings\Simon\ntuser.ini 2014-12-28 19:27 - 2006-11-22 11:49 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-28 19:21 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon 2014-12-28 19:20 - 2007-02-17 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\National Lottery Ticket Checker 2014-12-28 19:20 - 2007-02-03 11:09 - 00000000 ___RD () C:\Documents and Settings\Simon\Desktop\Dad's garb 2014-12-25 18:37 - 2011-02-27 12:43 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-12-25 17:12 - 2007-02-03 10:55 - 00008224 _____ () C:\Documents and Settings\Hilary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-25 17:12 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary\Local Settings\Temp 2014-12-25 16:55 - 2006-11-22 12:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-12-25 16:54 - 2009-12-25 11:01 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Amazon 2014-12-25 16:54 - 2009-12-25 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Amazon 2014-12-25 16:53 - 2008-11-01 10:55 - 00000000 ____D () C:\Program Files\New Star Soccer 2014-12-25 15:12 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2014-12-25 15:11 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp 2014-12-25 15:10 - 2007-02-10 11:49 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-25 09:25 - 2007-02-02 13:52 - 00091728 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-25 09:22 - 2006-11-22 12:40 - 00338648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-23 20:35 - 2013-10-28 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-12-23 20:26 - 2008-12-10 13:57 - 00000000 ____D () C:\Program Files\Sony 2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion 2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Research In Motion 2014-12-23 20:22 - 2010-12-01 20:42 - 00000000 ____D () C:\Program Files\Research In Motion 2014-12-23 20:22 - 2007-02-06 17:33 - 00000000 ____D () C:\Program Files\Common Files\Logitech 2014-12-23 20:22 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\twain_32 2014-12-23 20:18 - 2007-02-06 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Labtec 2014-12-23 20:17 - 2009-07-22 18:32 - 00000000 ____D () C:\Program Files\Panda Security 2014-12-23 20:14 - 2008-09-11 15:46 - 00000000 ____D () C:\Program Files\Safari 2014-12-23 20:12 - 2007-03-17 11:04 - 00001856 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2014-12-23 20:11 - 2006-11-22 12:47 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-12-23 20:11 - 2006-11-22 12:46 - 00000000 ____D () C:\Program Files\Microsoft Works 2014-12-23 19:27 - 2012-11-11 17:16 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-23 19:27 - 2012-11-11 17:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-23 19:13 - 2009-07-20 18:09 - 00000000 ____D () C:\WINDOWS\pss 2014-12-22 23:00 - 2008-01-12 12:02 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Mozilla 2014-12-22 22:58 - 2013-05-08 17:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-21 19:05 - 2007-02-02 18:16 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Lavasoft 2014-12-21 18:03 - 2008-02-04 10:01 - 00000000 ____D () C:\Program Files\Lavasoft 2014-12-21 18:02 - 2008-02-04 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft 2014-12-21 17:57 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\mui 2014-12-21 17:40 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary 2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-12-21 17:40 - 2006-11-22 11:45 - 00000000 ____D () C:\WINDOWS\Registration 2014-12-21 17:39 - 2006-11-21 22:44 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\{5B24C9B8-5E40-AE00-9000-917CADB209} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014 Ran by Simon at 2014-12-29 10:17:55 Running from C:\Documents and Settings\Simon\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7} FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft) Ad-Aware Web Companion (Version: 1.1.844.1586 - Lavasoft) Hidden AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden Adjunct Blaster 1.2 (HKLM\...\Adjunct Blaster_is1) (Version: - StudyLamp Software) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated) Adobe Reader 7.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A71000000002}) (Version: 7.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Control Center (HKLM\...\{27B6A08F-4C54-4659-B0CF-47B640B8CA00}) (Version: 1.2.2390.37472 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.282-060802a-035722C-ATI - ) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin) Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28 - Research In Motion Ltd.) Hidden Bluesoleil2.6.0.8 Release 070517 (HKLM\...\{438BB9B4-65FE-4626-91D9-A8F57B18001D}) (Version: 2.6.0.8 Release 070517 - IVT Corporation) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation) CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden D2300 (Version: 70.0.260.000 - Hewlett-Packard) Hidden D2300_Help (Version: 70.0.260.000 - Hewlett-Packard) Hidden Defraggler (HKLM\...\Defraggler) (Version: 1.17 - Piriform) DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Email Updater (HKLM\...\{2F1E5C4C-B20C-42C3-B5F1-1FE2CA207AFE}) (Version: 1.0.4 - Virgin Media) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP) HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP) HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}) (Version: 7.1 - HP) HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP) HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard) HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP) hph_ProductContext (Version: 70.0.260.000 - Hewlett-Packard) Hidden hph_readme (Version: 70.0.260.000 - Hewlett-Packard) Hidden hph_software (Version: 70.0.260.000 - Hewlett-Packard) Hidden hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.780 - InterVideo Inc.) iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - ) LavasoftTcpService (Version: 2.2.9.5 - Lavasoft) Hidden MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Creative Writer 2 (HKLM\...\Creative Writer 2) (Version: - ) Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation) Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSN (HKLM\...\MSNINST) (Version: - ) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation) Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - ) Nero Digital (HKLM\...\NeroVision!UninstallKey) (Version: - ) Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - ) NeroVision Express Content (HKLM\...\NVEContent!UninstallKey) (Version: - ) PASSAGE 1995 Edition (Freeware) (HKLM\...\Passage) (Version: - ) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.) PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.10213 - Sony Computer Entertainment Inc.) PrintMaster Gold 4.03 (HKLM\...\PrintMaster Gold 4.03) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Skype™ 5.1 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.) Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden Spotify (HKLM\...\Spotify) (Version: 0.4.3 - ) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - ) Unload (Version: 7.0.0 - Hewlett-Packard) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Web Companion (HKLM\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinZip (HKLM\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{156ACF3D-3BB5-328B-8682-CED029D43C01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{1DB47FBB-7AC1-3880-8AAE-4297395A7876}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{236A05F6-385C-3B02-A1E4-1714BAA11BA0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{2CCAE74C-424B-3F5B-8CDE-D443542BB33D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{369E689F-3511-341F-AD83-CCE40620775E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{86E6A200-3173-31C5-B4A9-206733589FF7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{8999D250-5337-37A2-890A-50B98505A511}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{93ED95FB-B4EE-399C-AF77-A19F1250A4B8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{94C900E8-824F-3340-9926-99298FDD976E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9B5997C1-125F-39D7-B6F1-2F9F8D862D9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9ED30511-AF2B-3E23-8D7D-CDE7DFD994E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{A87ACD9A-94E4-3F0F-A414-228C4B3460BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{ABF3F743-D1CA-3D70-B2F8-7259FCD53CFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{B334831F-99BC-3DFB-9758-64EE98D92BDE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C6DB4841-51DD-33FE-862A-678F9B7FC91C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C87166D1-9E22-3D59-85DA-F96CA8A2004B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS) CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation) ==================== Restore Points ========================= 21-11-2014 10:10:48 System Checkpoint 22-11-2014 12:58:35 avast! antivirus system restore point 27-11-2014 20:19:52 System Checkpoint 04-12-2014 18:38:05 System Checkpoint 21-12-2014 15:38:57 System Checkpoint 21-12-2014 17:38:05 Restore Operation 21-12-2014 17:56:51 Installed Windows XP KB942288-v3. 21-12-2014 17:57:26 AA11 21-12-2014 18:02:50 LavasoftWeCompanion 22-12-2014 18:18:05 Removed Java 7 Update 67 22-12-2014 18:20:18 Removed Java SE Runtime Environment 6 Update 1 22-12-2014 18:21:11 Removed J2SE Runtime Environment 5.0 Update 3 22-12-2014 22:32:08 avast! antivirus system restore point 23-12-2014 20:11:31 Removed Microsoft Works 23-12-2014 20:13:08 Removed Java 6 Update 2 23-12-2014 20:14:30 Removed Safari 23-12-2014 20:17:56 Removed Labtec WebCam 23-12-2014 20:19:29 Removed Bing Bar 23-12-2014 20:22:54 Removed BlackBerry® Media Sync 23-12-2014 20:26:13 Removed PlayStation®Network Downloader. 25-12-2014 16:55:09 Configured EZ Label Xpress Lite 28-12-2014 18:40:07 AA11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-21 22:44 - 2008-02-17 10:29 - 00224678 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.1001-search.info 127.0.0.1 1001-search.info 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com 127.0.0.1 123topsearch.com 127.0.0.1 www.132.com 127.0.0.1 132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 www.139mm.com 127.0.0.1 139mm.com 127.0.0.1 www.163ns.com 127.0.0.1 163ns.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-18 14:45 - 2014-12-18 14:45 - 00662544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe 2014-12-18 15:20 - 2014-12-18 15:20 - 00090456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00110432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 10552144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00635224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00409432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00640840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00104768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00760664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00691560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00865096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00207688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00796504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 01018176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00857432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00671056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 02364240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 02665296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00990032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00046944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00766272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00298824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 02123608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00969536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00766784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00759112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00923496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00121664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll 2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 07700288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe 2014-12-18 15:20 - 2014-12-18 15:20 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 01624896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll 2014-12-18 15:20 - 2014-12-18 15:20 - 00641856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll 2012-03-24 19:15 - 2012-03-24 19:15 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8ed399c6\mscorlib.dll 2012-06-21 08:29 - 2012-06-21 08:29 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e6857051\system.windows.forms.dll 2012-03-24 19:14 - 2012-03-24 19:14 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a73297d9\system.dll 2012-03-24 19:15 - 2012-03-24 19:15 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_10607ec5\system.xml.dll 2012-06-21 08:29 - 2012-06-21 08:29 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7c8b89c2\system.drawing.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk => C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^David^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkStartup MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogitechVideoRepair => C:\Program Files\Logitech\Video\ISStart.exe MSCONFIG\startupreg: LogitechVideoTray => C:\Program Files\Logitech\Video\LogiTray.exe MSCONFIG\startupreg: LVCOMSX => C:\WINDOWS\system32\LVCOMSX.EXE MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent MSCONFIG\startupreg: Malwarebytes' Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe MSCONFIG\startupreg: QuickTime Task => MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe MSCONFIG\startupreg: Spotify => "C:\Program Files\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide ========================= Accounts: ========================== Administrator (S-1-5-21-2284049915-3903095038-2347252828-500 - Administrator - Enabled) Guest (S-1-5-21-2284049915-3903095038-2347252828-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest HelpAssistant (S-1-5-21-2284049915-3903095038-2347252828-1006 - Limited - Disabled) Hilary (S-1-5-21-2284049915-3903095038-2347252828-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Hilary Simon (S-1-5-21-2284049915-3903095038-2347252828-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Simon SUPPORT_388945a0 (S-1-5-21-2284049915-3903095038-2347252828-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC) Description: Open of service failed. Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error. Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error. Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources. Reinstall Fax service using Repair mode. Win32 error code: 13. This error code indicates the cause of the error. System errors: ============= Error: (12/29/2014 10:02:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The StarOpen service failed to start due to the following error: %%2 Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The StarOpen service failed to start due to the following error: %%2 Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The iPod Service service failed to start due to the following error: %%1053 Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect. Error: (12/28/2014 06:13:45 PM) (Source: DCOM) (EventID: 10005) (User: MORRISPC) Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The StarOpen service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC) Description: Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: ) Description: 13 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.06GHz Percentage of memory in use: 79% Total physical RAM: 447.36 MB Available physical RAM: 89.98 MB Total Pagefile: 1054.59 MB Available Pagefile: 439.21 MB Total Virtual: 2047.88 MB Available Virtual: 1930.29 MB ==================== Drives ================================ Drive c: (468385) (Fixed) (Total:149.05 GB) (Free:109.52 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CB2C7EC7) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. Hi, My PC reacts as follows; On boot up - Quick to get to 'welcome/log in' screen. Quick to get from there to my desktop Slow for Ad Aware and Web Companion to load (can I cancel WC from starting at boot up?)., at this point I am unable to do anything. Once I have waited for these two progs to load and the Ad Aware tray icon to turn orange, Firefox loads fairly quickly, and I am also able to carry out routine tasks at a reasonable speed too. I REALLY appreciate your help - do you think we have gone as far as we can go? Have all viruses/malware now been removed?
  10. Hi, Here is the log, Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014 Ran by Simon at 2014-12-27 19:04:08 Run:5 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu ***************** ========================= Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu ======================== Directory Not Found ==== End of Fixlog 19:04:09 ====
  11. Hi, Please see log below, Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014 Ran by Simon at 2014-12-27 08:37:04 Run:4 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** 2014-12-21 15:59 - 2014-12-21 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\JudwUcbu ***************** "C:\Documents and Settings\All Users\Application Data\JudwUcbu" => File/Directory not found. ==== End of Fixlog 08:37:04 ====
  12. Sorry - please see new link below, https://www.virustotal.com/en/file/0af1bc88230113079414885e862b9866883e7c29f96562e5a2ed1df03d21d7c0/analysis/1419595351/
  13. Please see link below - https://www.virustotal.com/en/file/7667bcd1f2e845a3d00cea17b7acfeeea5937b1efc1411f8cf047b0b2baf350f/analysis/1419587888/
  14. Hi, Results of log below - Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014 Ran by Simon at 2014-12-25 16:29:36 Run:2 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** File: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb ***************** ========================= File: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb ======================== MD5: 7f698b89b47de3f0473fddce90e967dd Creation and modification date: 2014-12-21 15:59 - 2014-12-21 15:59 Size: 0267376 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ==== End of Fixlog 16:29:37 ====
  15. Sorry - my mistake - not sure what I ran before - please see FRST log below! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014 Ran by Simon at 2014-12-25 15:11:48 Run:1 Running from C:\Documents and Settings\Simon\Desktop Loaded Profile: Simon (Available profiles: Simon & Hilary & David & Aaron) Boot Mode: Normal ============================================== Content of fixlist: ***************** Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu EmptyTemp: ***************** ========================= Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu ======================== 2014-12-21 15:59 - 2014-12-21 15:59 - 0267376 _____ () C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb ====== End of Folder: ====== EmptyTemp: => Removed 1.6 GB temporary data. The system needed a reboot. ==== End of Fixlog 15:13:44 ====