Sign in to follow this  
nomis1963

Virus relating to XMLKA - or other infection - help please!

Recommended Posts

Hi,

 

I think two logs were saved to the desktop (both below) one as 'FRST text' and the other as 'addition text'

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by Simon (administrator) on MORRISPC on 29-12-2014 10:16:06
Running from C:\Documents and Settings\Simon\Desktop
Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(HP) C:\WINDOWS\system32\HPZipm12.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [skyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-05-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [7700288 2014-12-18] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\...\Policies\Explorer: [NoDrives] 0x00000000
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {3CAB56CE-65D6-4600-9759-158502D4925F} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en
SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {A9D61C09-603C-4350-9AEF-498C58C0C3F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} http://www.newstarsoccer.com/OSAKitPro.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} https://connect.kingfisher.com/postauthI/epi.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\l53n7bes.default-1419365226421
FF NewTab: hxxp://www.google.co.uk/
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-16]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec) [File not signed]
S3 BLKWGU(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTIAUSB; C:\WINDOWS\System32\DRIVERS\btiausb.sys [23808 2008-07-30] (iAnywhere Solutions)
S3 BTPROT; C:\WINDOWS\System32\DRIVERS\btprot.sys [453120 2008-08-02] (iAnywhere Solutions)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-10-09] (BitDefender LLC)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-27] (LG Electronics Inc.)
S3 Usblink; C:\WINDOWS\System32\Drivers\ulink.sys [37708 2005-04-29] () [File not signed]
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-25] (LG Electronics Inc.)
S3 USBSER34; C:\WINDOWS\System32\Drivers\USBSER34.SYS [35440 2005-12-27] (WCH) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 NgFilter; system32\DRIVERS\ngfilter.sys [X]
S3 NgLog; system32\DRIVERS\nglog.sys [X]
S3 NgVpn; system32\DRIVERS\ngvpn.sys [X]
S3 NgWfp; system32\DRIVERS\ngwfp.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 10:16 - 2014-12-29 10:17 - 00014994 _____ () C:\Documents and Settings\Simon\Desktop\FRST.txt
2014-12-28 19:27 - 2014-12-28 19:27 - 00000854 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-28 19:22 - 2014-12-28 19:22 - 00011966 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141228_192232.reg
2014-12-25 17:17 - 2014-12-25 17:17 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Adobe
2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla
2014-12-25 16:08 - 2014-12-25 16:08 - 00010310 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141225_160836.reg
2014-12-25 15:58 - 2014-12-25 15:58 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
2014-12-25 15:57 - 2014-12-25 15:59 - 00091728 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-25 15:57 - 2014-12-25 15:57 - 00000794 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Windows Media Player.lnk
2014-12-25 15:57 - 2014-12-25 15:57 - 00000773 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 15:57 - 2014-12-25 15:57 - 00000744 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Outlook Express.lnk
2014-12-25 15:57 - 2014-12-25 15:57 - 00000128 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 __SHD () C:\Documents and Settings\Guest\IETldCache
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Documents and Settings\Guest
2014-12-25 15:57 - 2006-11-22 13:22 - 00000178 ___SH () C:\Documents and Settings\Guest\ntuser.ini
2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\ATI
2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\ATI
2014-12-25 15:57 - 2006-11-22 12:46 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Macromedia
2014-12-25 15:57 - 2006-11-22 11:49 - 00000000 ___RD () C:\Documents and Settings\Guest\Start Menu\Programs\Accessories
2014-12-25 15:57 - 2006-11-22 11:46 - 00001605 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Remote Assistance.lnk
2014-12-25 15:10 - 2014-12-29 10:16 - 00000000 ____D () C:\FRST
2014-12-25 15:09 - 2014-12-27 19:03 - 01114624 _____ (Farbar) C:\Documents and Settings\Simon\Desktop\FRST.exe
2014-12-24 16:27 - 2014-12-27 19:06 - 00000000 ____D () C:\Documents and Settings\Simon\Desktop\Lava help stuff
2014-12-24 06:56 - 2014-12-24 06:56 - 00000000 ____D () C:\Program Files\ESET
2014-12-24 06:46 - 2014-12-25 09:06 - 00000000 ____D () C:\AdwCleaner
2014-12-23 21:07 - 2014-12-23 21:07 - 00000000 __SHD () C:\found.001
2014-12-23 20:38 - 2014-12-23 20:38 - 00465464 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141223_203845.reg
2014-12-23 20:21 - 2014-12-23 20:21 - 00000260 _____ () C:\WINDOWS\_delis32.ini
2014-12-23 20:17 - 2014-12-23 20:18 - 00000630 _____ () C:\Documents and Settings\Simon\Installer.log
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Mozilla
2014-12-22 22:58 - 2014-12-22 22:58 - 00000736 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-22 22:58 - 2014-12-22 22:58 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-12-22 18:30 - 2014-12-22 18:30 - 00000450 _____ () C:\Documents and Settings\Simon\My Documents\fixlist.txt
2014-12-21 22:12 - 2014-12-28 19:27 - 00952840 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-12-21 18:09 - 2014-12-21 18:09 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\LavasoftStatistics
2014-12-21 18:08 - 2014-12-21 18:08 - 00000246 _____ () C:\prefs.js
2014-12-21 18:08 - 2014-12-21 18:08 - 00000000 ____D () C:\searchplugins
2014-12-21 18:07 - 2014-12-21 18:12 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Lavasoft
2014-12-21 18:07 - 2014-12-21 18:07 - 00004104 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
2014-12-21 18:07 - 2014-12-21 18:07 - 00002128 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-12-21 18:06 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2014-12-21 18:01 - 2014-12-29 10:02 - 00002050 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-12-21 18:00 - 2014-12-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-21 17:56 - 2014-12-21 17:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-12-21 12:11 - 2014-12-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-21 11:23 - 2014-12-21 17:39 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DEF6EE2F-DCA5-4533-9083-67BB84C619B4}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 10:17 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Temp
2014-12-29 10:03 - 2006-11-21 22:44 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-29 10:00 - 2007-02-05 18:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-29 10:00 - 2007-02-05 18:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-29 09:59 - 2006-11-22 11:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-28 19:27 - 2007-02-02 18:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-12-28 19:27 - 2007-02-02 13:52 - 00000278 ___SH () C:\Documents and Settings\Simon\ntuser.ini
2014-12-28 19:27 - 2006-11-22 11:49 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-28 19:21 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon
2014-12-28 19:20 - 2007-02-17 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\National Lottery Ticket Checker
2014-12-28 19:20 - 2007-02-03 11:09 - 00000000 ___RD () C:\Documents and Settings\Simon\Desktop\Dad's garb
2014-12-25 18:37 - 2011-02-27 12:43 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-25 17:12 - 2007-02-03 10:55 - 00008224 _____ () C:\Documents and Settings\Hilary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-25 17:12 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary\Local Settings\Temp
2014-12-25 16:55 - 2006-11-22 12:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-25 16:54 - 2009-12-25 11:01 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Amazon
2014-12-25 16:54 - 2009-12-25 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
2014-12-25 16:53 - 2008-11-01 10:55 - 00000000 ____D () C:\Program Files\New Star Soccer
2014-12-25 15:12 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-12-25 15:11 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-12-25 15:10 - 2007-02-10 11:49 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-12-25 09:25 - 2007-02-02 13:52 - 00091728 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-25 09:22 - 2006-11-22 12:40 - 00338648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-23 20:35 - 2013-10-28 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-12-23 20:26 - 2008-12-10 13:57 - 00000000 ____D () C:\Program Files\Sony
2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Research In Motion
2014-12-23 20:22 - 2010-12-01 20:42 - 00000000 ____D () C:\Program Files\Research In Motion
2014-12-23 20:22 - 2007-02-06 17:33 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-12-23 20:22 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-23 20:18 - 2007-02-06 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Labtec
2014-12-23 20:17 - 2009-07-22 18:32 - 00000000 ____D () C:\Program Files\Panda Security
2014-12-23 20:14 - 2008-09-11 15:46 - 00000000 ____D () C:\Program Files\Safari
2014-12-23 20:12 - 2007-03-17 11:04 - 00001856 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-12-23 20:11 - 2006-11-22 12:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-23 20:11 - 2006-11-22 12:46 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-12-23 19:27 - 2012-11-11 17:16 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 19:27 - 2012-11-11 17:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 19:13 - 2009-07-20 18:09 - 00000000 ____D () C:\WINDOWS\pss
2014-12-22 23:00 - 2008-01-12 12:02 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Mozilla
2014-12-22 22:58 - 2013-05-08 17:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-21 19:05 - 2007-02-02 18:16 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Lavasoft
2014-12-21 18:03 - 2008-02-04 10:01 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-21 18:02 - 2008-02-04 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-12-21 17:57 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-12-21 17:40 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary
2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-21 17:40 - 2006-11-22 11:45 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-21 17:39 - 2006-11-21 22:44 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\{5B24C9B8-5E40-AE00-9000-917CADB209}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Simon at 2014-12-29 10:17:55
Running from C:\Documents and Settings\Simon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adjunct Blaster 1.2 (HKLM\...\Adjunct Blaster_is1) (Version: - StudyLamp Software)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader 7.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A71000000002}) (Version: 7.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{27B6A08F-4C54-4659-B0CF-47B640B8CA00}) (Version: 1.2.2390.37472 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.282-060802a-035722C-ATI - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28 - Research In Motion Ltd.) Hidden
Bluesoleil2.6.0.8 Release 070517 (HKLM\...\{438BB9B4-65FE-4626-91D9-A8F57B18001D}) (Version: 2.6.0.8 Release 070517 - IVT Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D2300 (Version: 70.0.260.000 - Hewlett-Packard) Hidden
D2300_Help (Version: 70.0.260.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 1.17 - Piriform)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Email Updater (HKLM\...\{2F1E5C4C-B20C-42C3-B5F1-1FE2CA207AFE}) (Version: 1.0.4 - Virgin Media)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}) (Version: 7.1 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
hph_ProductContext (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.780 - InterVideo Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LavasoftTcpService (Version: 2.2.9.5 - Lavasoft) Hidden
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Creative Writer 2 (HKLM\...\Creative Writer 2) (Version: - )
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
Nero Digital (HKLM\...\NeroVision!UninstallKey) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
NeroVision Express Content (HKLM\...\NVEContent!UninstallKey) (Version: - )
PASSAGE 1995 Edition (Freeware) (HKLM\...\Passage) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.10213 - Sony Computer Entertainment Inc.)
PrintMaster Gold 4.03 (HKLM\...\PrintMaster Gold 4.03) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 5.1 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spotify (HKLM\...\Spotify) (Version: 0.4.3 - )
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Web Companion (HKLM\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{156ACF3D-3BB5-328B-8682-CED029D43C01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{1DB47FBB-7AC1-3880-8AAE-4297395A7876}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{236A05F6-385C-3B02-A1E4-1714BAA11BA0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{2CCAE74C-424B-3F5B-8CDE-D443542BB33D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{369E689F-3511-341F-AD83-CCE40620775E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{86E6A200-3173-31C5-B4A9-206733589FF7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{8999D250-5337-37A2-890A-50B98505A511}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{93ED95FB-B4EE-399C-AF77-A19F1250A4B8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{94C900E8-824F-3340-9926-99298FDD976E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9B5997C1-125F-39D7-B6F1-2F9F8D862D9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9ED30511-AF2B-3E23-8D7D-CDE7DFD994E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{A87ACD9A-94E4-3F0F-A414-228C4B3460BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{ABF3F743-D1CA-3D70-B2F8-7259FCD53CFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{B334831F-99BC-3DFB-9758-64EE98D92BDE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C6DB4841-51DD-33FE-862A-678F9B7FC91C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C87166D1-9E22-3D59-85DA-F96CA8A2004B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)

==================== Restore Points =========================

21-11-2014 10:10:48 System Checkpoint
22-11-2014 12:58:35 avast! antivirus system restore point
27-11-2014 20:19:52 System Checkpoint
04-12-2014 18:38:05 System Checkpoint
21-12-2014 15:38:57 System Checkpoint
21-12-2014 17:38:05 Restore Operation
21-12-2014 17:56:51 Installed Windows XP KB942288-v3.
21-12-2014 17:57:26 AA11
21-12-2014 18:02:50 LavasoftWeCompanion
22-12-2014 18:18:05 Removed Java 7 Update 67
22-12-2014 18:20:18 Removed Java SE Runtime Environment 6 Update 1
22-12-2014 18:21:11 Removed J2SE Runtime Environment 5.0 Update 3
22-12-2014 22:32:08 avast! antivirus system restore point
23-12-2014 20:11:31 Removed Microsoft Works
23-12-2014 20:13:08 Removed Java 6 Update 2
23-12-2014 20:14:30 Removed Safari
23-12-2014 20:17:56 Removed Labtec WebCam
23-12-2014 20:19:29 Removed Bing Bar
23-12-2014 20:22:54 Removed BlackBerry® Media Sync
23-12-2014 20:26:13 Removed PlayStation®Network Downloader.
25-12-2014 16:55:09 Configured EZ Label Xpress Lite
28-12-2014 18:40:07 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-21 22:44 - 2008-02-17 10:29 - 00224678 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 14:45 - 2014-12-18 14:45 - 00662544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:20 - 2014-12-18 15:20 - 00090456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00110432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 10552144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00635224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00409432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00640840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00104768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00760664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00691560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00865096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00207688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00796504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 01018176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00857432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00671056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02364240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02665296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00990032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00046944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00298824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02123608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00969536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00759112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00923496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00121664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 07700288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:20 - 2014-12-18 15:20 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 01624896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00641856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2012-03-24 19:15 - 2012-03-24 19:15 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8ed399c6\mscorlib.dll
2012-06-21 08:29 - 2012-06-21 08:29 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e6857051\system.windows.forms.dll
2012-03-24 19:14 - 2012-03-24 19:14 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a73297d9\system.dll
2012-03-24 19:15 - 2012-03-24 19:15 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_10607ec5\system.xml.dll
2012-06-21 08:29 - 2012-06-21 08:29 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7c8b89c2\system.drawing.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk => C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^David^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogitechVideoRepair => C:\Program Files\Logitech\Video\ISStart.exe
MSCONFIG\startupreg: LogitechVideoTray => C:\Program Files\Logitech\Video\LogiTray.exe
MSCONFIG\startupreg: LVCOMSX => C:\WINDOWS\system32\LVCOMSX.EXE
MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe
MSCONFIG\startupreg: Spotify => "C:\Program Files\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-2284049915-3903095038-2347252828-500 - Administrator - Enabled)
Guest (S-1-5-21-2284049915-3903095038-2347252828-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2284049915-3903095038-2347252828-1006 - Limited - Disabled)
Hilary (S-1-5-21-2284049915-3903095038-2347252828-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Hilary
Simon (S-1-5-21-2284049915-3903095038-2347252828-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Simon
SUPPORT_388945a0 (S-1-5-21-2284049915-3903095038-2347252828-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC)
Description: Open of service failed.

Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.

Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


Reinstall Fax service using Repair mode.
Win32 error code: 13.
This error code indicates the cause of the error.


System errors:
=============
Error: (12/29/2014 10:02:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Error: (12/28/2014 06:13:45 PM) (Source: DCOM) (EventID: 10005) (User: MORRISPC)
Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC)
Description:

Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13

Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
Description: 13


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 79%
Total physical RAM: 447.36 MB
Available physical RAM: 89.98 MB
Total Pagefile: 1054.59 MB
Available Pagefile: 439.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.29 MB

==================== Drives ================================

Drive c: (468385) (Fixed) (Total:149.05 GB) (Free:109.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CB2C7EC7)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi,

 

Eset scan log below,

 

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BabMaint.exe.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined

 

Share this post


Link to post
Share on other sites

Hi,

 

1. Please, run Avast Uninstall Utility since there are pieces of Avast in the logs.

https://www.avast.com/uninstall-utility

 

2. This file can sometimes be an indication of a bad hard disk:

2014-12-23 21:07 - 2014-12-23 21:07 - 00000000 __SHD () C:\found.001

 

3. Have you installed Panda antivirus program, too?

If yes, you have to follow the instructions on http://www.pandasecurity.com/usa/homeusers/support/card/?id=55509

 

4. Please, update your outdated programs, see http://www.lavasoftsupport.com/index.php?/topic/34144-virus-relating-to-xmlka-or-other-infection-help-please/#entry147370

 

 

5. Please, start Notepad.

Copy all text that is in the box:

SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
S4 IntelIde; No ImagePath
S2 StarOpen; No ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites

Hi,

 

All instructions carried out - please see log below,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Simon at 2014-12-30 09:01:10 Run:6
Running from C:\Documents and Settings\Simon\Desktop
Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
S4 IntelIde; No ImagePath
S2 StarOpen; No ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn => value deleted successfully.
HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => Key deleted successfully.
IntelIde => Service deleted successfully.
StarOpen => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog 09:02:03 ====

Share this post


Link to post
Share on other sites

Does the computer still need very long time from login to working?

Share this post


Link to post
Share on other sites

sadly yes! Its quick to do the initial boot up/log ins, but Ad aware takes ages to load and I would say its around 10 mins from turning it on to getting online :-(

Share this post


Link to post
Share on other sites

Start menu - Run - msconfig - OK

Startup tab

Unselect Ad-Aware.

Restart the computer.

How is it now?

Share this post


Link to post
Share on other sites

Help! That was a bit of a disaster! It loaded lots of 'other' icons and slowed everything down! When I boot up now I get a 'system configuration utility' message telling me that I am in diagnostic or selective modes and telling me to switch to 'normal mode'. This is what I previously did I think and it loads 'all device drivers and settings' Can you get me back to where I was before we did the last step please?!

Share this post


Link to post
Share on other sites

Please, select Ad-Aware in the Startup tab of msconfig.

When the 'system configuration utility' is displayed, select the little box before clicking OK.

Share this post


Link to post
Share on other sites

Thanks - I seem to be back to where I was before the last step. I don't think un-checking Ad Aware made a huge difference to boot up, so I guess I will just have to be patient amd allow a bit more time when using this PC. I've had no virus warnings recently and no threats have been found on scans that I have run etc. :D

Share this post


Link to post
Share on other sites

You're welcome :)

 

Time for final clean-up.

 

1. Removal of ComboFix and all system restore points since they might be infected.

Press Windows-key + R

Copy and paste this line:

ComboFix /Uninstall

 

Note the space before /

Click on OK.

 

2. Removal of AdwCleaner

Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

 

2. Removal of FRST

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

 

3. Improve the security in the computer

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Hi,

 

One last query from me -

 

. Removal of ComboFix and all system restore points since they might be infected.
Press Windows-key + R
Copy and paste this line:
ComboFix /Uninstall

 

This doesn't work and is not found on my PC following a manual search. Did we use it?!

Share this post


Link to post
Share on other sites

Hi,

 

Sorry, too much copy and paste. Please, skip it.

  • Like 1

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this