tomtatsfield Posted December 7, 2013 ID:761727 Share Posted December 7, 2013 Hello, help if possible please, Have got to the point where help needed, the computer was very sluggish, having now improved that problem it will be possible to deal with any help available, I believe that several BHO's have taken over my normal search programs, one of which is the isearch coupled with AVG, Any help to eliminate this problem and assist with a clean up will be welcome. The HJT report is below: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:23:45, on 05/12/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\btbb_wcm\McciTrayApp.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ICO.EXEC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Logitech\Vid HD\Vid.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\BT Broadband Talk Softphone\BTAgile.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exeC:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exeC:\Documents and Settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exeC:\WINDOWS\system32\Pelmiced.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Documents and Settings\Louise Lee\Desktop\SysinternalsSuite\autoruns.exeC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={DEEFA64F-BEB9-4943-AE5F-F8A5058577B9}&mid=2edddb3104773f3c418ae7f90ae8483f-ae53dab08457cda185b6b43c068d28c21e4f8280〈=us&ds=AVG&pr=fr&d=2012-02-14 12:28:11&v=15.2.0.5&pid=avg&sg=0&sap=hpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/?fr=fp-bt-odtbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60195R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60195R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/?fr=fp-bt-odtbR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60195R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60195R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcomeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/products/startup_code.html?PopSelected=0845-08456630221R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by BT Yahoo!R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.localR3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)O2 - BHO: (no name) - AutorunsDisabled - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllO3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hideO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmodeO4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exeO4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: AutorunsDisabledO4 - Global Startup: AutorunsDisabledO4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dllO18 - Filter: AutorunsDisabled - (no CLSID) - (no file)O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE --End of file - 16678 bytes many thanks for any interest Tom Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2013 Root Admin ID:762892 Share Posted December 10, 2013 Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 10, 2013 Author ID:762933 Share Posted December 10, 2013 Hi, thanks for interest log below: ComboFix 13-12-08.01 - Louise Lee 10/12/2013 13:27:09.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT 0:00]Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\xmlF5.tmpc:\documents and settings\All Users\Application Data\xmlF6.tmpc:\documents and settings\Louise Lee\WINDOWSc:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.infc:\windows\system32\Cachec:\windows\system32\Cache\26c630d098e22dd5.fbc:\windows\system32\Cache\272512937d9e61a4.fbc:\windows\system32\Cache\287204568329e189.fbc:\windows\system32\Cache\28bc8f716fd76a47.fbc:\windows\system32\Cache\29f2617fa58da5fc.fbc:\windows\system32\Cache\2c53092c95605355.fbc:\windows\system32\Cache\31a0997e9a5b5eb3.fbc:\windows\system32\Cache\32c84fe32bb74d60.fbc:\windows\system32\Cache\3917078cb68ec657.fbc:\windows\system32\Cache\590ba23ce359fd0c.fbc:\windows\system32\Cache\5cfdbacb8e12bbbe.fbc:\windows\system32\Cache\610289e025a3ee9a.fbc:\windows\system32\Cache\651c5d3cdbfb8bd1.fbc:\windows\system32\Cache\67284cc75b9890c9.fbc:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbc:\windows\system32\Cache\6d03dad1035885d3.fbc:\windows\system32\Cache\7c65f477e9ef4ffd.fbc:\windows\system32\Cache\7d6770cb9d3de5cc.fbc:\windows\system32\Cache\83adb2226c20152a.fbc:\windows\system32\Cache\84f677799a0a8387.fbc:\windows\system32\Cache\857e5d27d688cb21.fbc:\windows\system32\Cache\95f567698be8a182.fbc:\windows\system32\Cache\a8556537add6dfc5.fbc:\windows\system32\Cache\ad10a52aff5e038d.fbc:\windows\system32\Cache\b0fffbacae2bcc67.fbc:\windows\system32\Cache\c1fa887b03019701.fbc:\windows\system32\Cache\c4d28dca2e7648be.fbc:\windows\system32\Cache\d201ef9910cd39de.fbc:\windows\system32\Cache\d23782dc0222f15e.fbc:\windows\system32\Cache\d2e94710a5708128.fbc:\windows\system32\Cache\d79b9dfe81484ec4.fbc:\windows\system32\Cache\e0de16f883bea794.fbc:\windows\system32\Cache\e6c9ad164634e981.fbc:\windows\system32\Cache\eae8753a3150741e.fbc:\windows\system32\Cache\eccd321a4c175451.fbc:\windows\system32\Cache\ee9fd946b6cde908.fbc:\windows\system32\Cache\f39de21b04b2c8c4.fbc:\windows\system32\Cache\f998975c9cc711ee.fbc:\windows\system32\SET4F.tmpc:\windows\system32\SET54.tmpc:\windows\TEMP\logishrd\LVPrcInj02.dll..((((((((((((((((((((((((( Files Created from 2013-11-10 to 2013-12-10 )))))))))))))))))))))))))))))))..2013-12-10 13:52 . 2013-12-10 13:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes2013-12-09 20:57 . 2013-11-07 17:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1996D44-5943-4988-9ADA-8D1E840C6E16}\mpengine.dll2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-12-05 10:10 . 2013-12-05 10:10 -------- d-----w- c:\program files\Trend Micro2013-12-04 18:04 . 2013-12-04 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 17:44 . 2013-12-04 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-12-04 17:44 . 2013-12-04 17:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2013-12-03 19:45 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll2013-12-03 19:45 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll2013-12-03 19:44 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-12-03 19:43 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys2013-12-03 19:42 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys2013-12-03 19:40 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys2013-12-03 19:40 . 2008-04-13 19:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys2013-12-03 19:38 . 2008-04-14 01:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe2013-12-03 19:37 . 2008-04-13 19:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys2013-12-03 19:34 . 2008-04-13 19:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys2013-12-03 19:34 . 2008-04-13 19:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys2013-12-03 19:34 . 2008-04-13 19:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys2013-12-03 19:31 . 2008-04-13 19:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys2013-12-03 19:31 . 2008-04-13 19:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys2013-12-03 19:30 . 2008-04-14 01:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll2013-12-03 19:30 . 2008-04-14 01:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll2013-12-03 19:29 . 2008-04-13 19:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys2013-12-03 19:28 . 2008-04-13 19:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys2013-12-03 19:28 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll2013-12-03 19:28 . 2008-04-14 01:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll2013-12-03 19:27 . 2008-04-13 19:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys2013-12-03 19:27 . 2008-04-13 19:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys2013-12-03 19:27 . 2008-04-14 01:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll2013-12-03 19:27 . 2008-04-13 19:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys2013-12-03 19:27 . 2008-04-14 01:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll2013-12-03 19:27 . 2008-04-13 19:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys2013-12-03 19:25 . 2008-04-13 19:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys2013-12-03 19:24 . 2008-04-13 19:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys2013-12-03 19:22 . 2008-04-13 19:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys2013-12-03 19:22 . 2008-04-13 19:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys2013-12-03 19:21 . 2008-04-13 19:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys2013-12-03 19:21 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys2013-12-03 19:20 . 2008-04-13 19:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys2013-12-03 19:20 . 2008-04-13 19:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys2013-12-03 19:19 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys2013-12-03 19:19 . 2008-04-14 01:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll2013-12-03 19:19 . 2008-04-14 01:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll2013-12-03 19:18 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll2013-12-03 19:17 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-12-03 19:17 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-12-03 19:17 . 2008-04-13 19:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys2013-12-03 19:15 . 2008-04-14 01:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll2013-12-03 19:13 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll2013-12-03 19:13 . 2008-04-13 19:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys2013-12-03 19:13 . 2008-04-13 19:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys2013-12-03 19:13 . 2008-04-13 19:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys2013-12-03 19:13 . 2008-04-13 19:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys2013-12-03 19:09 . 2008-04-13 19:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys2013-12-03 19:09 . 2008-04-13 19:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys2013-12-03 19:07 . 2008-04-14 01:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll2013-12-03 19:07 . 2008-04-13 19:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys2013-12-03 19:07 . 2008-04-13 19:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys2013-12-03 19:06 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys2013-12-03 19:06 . 2008-04-14 01:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll2013-12-03 19:05 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys2013-12-03 19:05 . 2008-04-13 19:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys2013-12-03 19:05 . 2008-04-13 19:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys2013-12-03 19:05 . 2008-04-13 19:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys2013-12-03 19:03 . 2008-04-13 19:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-12-03 19:03 . 2008-04-13 19:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-12-03 19:03 . 2008-04-13 19:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-12-03 17:27 . 2013-12-03 17:27 -------- d-----w- c:\program files\Speccy2013-12-01 17:34 . 2013-12-01 17:41 -------- d-----w- C:\8db07bf26ed4429d4cee488d537b...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-13 07:25 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-13 07:25 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2004-08-10 11:50 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-09-27 09:53 . 2013-09-27 09:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB}"= "c:\program files\Autism Awareness\Toolbar.dll" [2009-01-22 1257472].[HKEY_CLASSES_ROOT\clsid\{bcf5b7b1-103a-4cfc-9794-af3f958a43cb}][HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3][HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}][HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB}"= "c:\program files\Autism Awareness\Toolbar.dll" [2009-01-22 1257472].[HKEY_CLASSES_ROOT\clsid\{bcf5b7b1-103a-4cfc-9794-af3f958a43cb}][HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3][HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}][HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:UDP"= 5353:UDP:Bonjour Port 5353.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 23:18 97008]R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [21/08/2013 07:08 330960]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 23:18 148688]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 23:18 222416]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/12/2013 16:54 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2013 16:54 701512]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 23:18 1435928]R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 3275136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/12/2013 16:53 22856]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [19/06/2007 01:21 18560]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408].--- Other Services/Drivers In Memory ---.*NewlyCreated* - RAPPORTIASO*Deregistered* - RapportIaso.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08HPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2013-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57].2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 15:54].2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 15:54].2005-08-13 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12].2013-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]..------- Supplementary Scan -------.uStart Page = about:blankmSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.htmluInternet Settings,ProxyOverride = 127.0.0.1;*.localIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)HKLM-Run-hpqSRMon - (no file)c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Jacquie Lawson Advent Calendar.lnk - c:\program files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exec:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Jacquie Lawson London Advent Calendar.lnk - c:\program files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exec:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe -bootc:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe -check...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-10 13:51Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"NoChange"="1""Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(676)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(5736)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\pelscrll.dllc:\windows\system32\PELCOMM.dllc:\windows\system32\PELHOOKS.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\ICO.EXEc:\windows\system32\Pelmiced.exec:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2013-12-10 14:01:49 - machine was rebootedComboFix-quarantined-files.txt 2013-12-10 14:01.Pre-Run: 115,276,259,328 bytes freePost-Run: 116,961,710,080 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - 37A204BEDF1F975ABB2180CE65AC54E3B16A2359F4962B0C622D81A1C1F4B703 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 11, 2013 Root Admin ID:763175 Share Posted December 11, 2013 Did you set that 127.0.0.1 internet proxy yourself ? Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 12, 2013 Author ID:763680 Share Posted December 12, 2013 Sorry for delay computer running extremely slow, first log seems to have aborted after some 6 hrs of running? Logs from Anti-Rootkit: Step 03 Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2013.12.11.02 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: LOUISE [administrator] 11/12/2013 11:53:25mbar-log-2013-12-11 (11-53-25).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 56203Time elapsed: 6 hour(s), 57 minute(s), 52 second(s) [aborted] Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 2145370112, free: 1167253504 Downloaded database version: v2013.12.11.02Downloaded database version: v2013.10.11.02=======================================Initializing...------------ Kernel report ------------ 12/11/2013 11:51:47------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSintelide.sysMountMgr.sysftdisk.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysMpFilter.sysdrvmcdb.sysPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysRapportKELL.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\ialmnt5.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\e100b325.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\drivers\sscdbhk5.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\smwdm.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\senfilt.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\i2omgmt.SYS\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\drivers\ssrtln.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsl0d1c3ac2.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ialmdnt5.dll\SystemRoot\System32\ialmrnt5.dll\SystemRoot\System32\ialmdev5.DLL\SystemRoot\System32\ialmdd5.DLL\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\drvnddm.sys\SystemRoot\system32\dla\tfsndres.sys\SystemRoot\system32\dla\tfsnifs.sys\SystemRoot\system32\dla\tfsnopio.sys\SystemRoot\system32\dla\tfsnpool.sys\SystemRoot\system32\dla\tfsnboio.sys\SystemRoot\system32\dla\tfsncofs.sys\SystemRoot\system32\dla\tfsndrct.sys\SystemRoot\system32\dla\tfsnudf.sys\SystemRoot\system32\dla\tfsnudfa.sys\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\ASCTRM.SYS\SystemRoot\system32\DRIVERS\dsunidrv.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\LVPr2Mon.sys\SystemRoot\System32\Drivers\ZDPSp50.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsle5981980.sys\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a7e1ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\Lower Device Object: 0xffffffff8a7e2d98Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a7ef2a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a7e2d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: D0F4738C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 80325 Numsec = 306263160 Partition file system is NTFS Partition is bootable Partition 2 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 306343485 Numsec = 6152895 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...Done!Scan InterruptedScan was aborted.======================================= Removal queue found; removal startedRemoving C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_80325_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 2145370112, free: 1102073856 Downloaded database version: v2013.12.11.05Downloaded database version: v2013.10.11.02=======================================Initializing...------------ Kernel report ------------ 12/11/2013 18:53:46------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSintelide.sysMountMgr.sysftdisk.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysMpFilter.sysdrvmcdb.sysPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysRapportKELL.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\ialmnt5.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\e100b325.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\drivers\sscdbhk5.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\smwdm.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\senfilt.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\i2omgmt.SYS\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\drivers\ssrtln.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsl0d1c3ac2.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ialmdnt5.dll\SystemRoot\System32\ialmrnt5.dll\SystemRoot\System32\ialmdev5.DLL\SystemRoot\System32\ialmdd5.DLL\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\drvnddm.sys\SystemRoot\system32\dla\tfsndres.sys\SystemRoot\system32\dla\tfsnifs.sys\SystemRoot\system32\dla\tfsnopio.sys\SystemRoot\system32\dla\tfsnpool.sys\SystemRoot\system32\dla\tfsnboio.sys\SystemRoot\system32\dla\tfsncofs.sys\SystemRoot\system32\dla\tfsndrct.sys\SystemRoot\system32\dla\tfsnudf.sys\SystemRoot\system32\dla\tfsnudfa.sys\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\ASCTRM.SYS\SystemRoot\system32\DRIVERS\dsunidrv.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\LVPr2Mon.sys\SystemRoot\System32\Drivers\ZDPSp50.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a7e1ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\Lower Device Object: 0xffffffff8a7e2d98Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a7ef2a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a7e2d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: D0F4738C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 80325 Numsec = 306263160 Partition file system is NTFS Partition is bootable Partition 2 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 306343485 Numsec = 6152895 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...Done!---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 2145370112, free: 1764814848 ======================================= Continuing with step 04 Link to post Share on other sites More sharing options...
tomtatsfield Posted December 12, 2013 Author ID:763688 Share Posted December 12, 2013 JRT log Step 04 Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Microsoft Windows XP x86Ran by Louise Lee on 12/12/2013 at 10:30:18.79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhookSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbhoSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondarySuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inboxSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayerSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.FCTB000041534PosSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.FCTB000041534Pos.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbarSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.FCTB000041534PosSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.FCTB000041534Pos.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbar.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbar.3Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6245355D-8486-406B-BDFF-81F6DA71E28E}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{810628c2-2ea7-4111-a5f0-ede9c660d94b}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{810628c2-2ea7-4111-a5f0-ede9c660d94b}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"Successfully deleted: [Folder] "C:\Program Files\coupons"Successfully deleted: [Folder] "C:\Program Files\viewpoint" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 12/12/2013 at 11:04:49.93End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
tomtatsfield Posted December 12, 2013 Author ID:763721 Share Posted December 12, 2013 Report Step 05: # AdwCleaner v3.015 - Report created 12/12/2013 at 12:03:21# Updated 10/12/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Louise Lee - LOUISE# Running from : C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB35C569-5624-4CFC-8043-E5139F55A073}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : HKCU\Software\MyWaySAKey Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\Software\MyWaySAKey Deleted : HKLM\Software\TENCENTKey Deleted : HKLM\Software\ViewpointKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstallKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [searchAssistant]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] -\\ Google Chrome v31.0.1650.63 [ File : C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4927 octets] - [12/12/2013 11:57:05]AdwCleaner[s0].txt - [4818 octets] - [12/12/2013 12:03:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4878 octets] ########## Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.12.12.04 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Louise Lee :: LOUISE [administrator] Protection: Enabled 12/12/2013 12:14:28mbam-log-2013-12-12 (12-14-28).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 248229Time elapsed: 1 hour(s), 32 minute(s), 28 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Now moving on to Step 06 Link to post Share on other sites More sharing options...
tomtatsfield Posted December 12, 2013 Author ID:763747 Share Posted December 12, 2013 Report Step 06 Eset report: C:\Documents and Settings\Louise Lee\My Documents\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D applicationC:\Documents and Settings\Louise Lee\My Documents\Downloads\spsetup124.exe Win32/Bundled.Toolbar.Google.D application Link to post Share on other sites More sharing options...
tomtatsfield Posted December 12, 2013 Author ID:763759 Share Posted December 12, 2013 Reports Step 07: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013Ran by Louise Lee (administrator) on LOUISE on 12-12-2013 16:23:31Running from C:\Documents and Settings\Louise Lee\DesktopMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe() C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\WINDOWS\system32\ico.exe [53248 2008-04-02] (Primax Electronics Ltd.)HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\realplay.exe [26112 2005-08-10] (RealNetworks, Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-09-14] (Alcatel-Lucent)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-12] ()Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)HKCU\...\Run: [bTAgile] - C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe [61440 2007-06-18] ()HKU\Administrator\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupHKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /startHKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnkShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()Startup: C:\Documents and Settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcomeHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/?fr=fp-bt-odtbHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.htmlSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {3CAAB66A-D417-4608-ADF1-F7B774728B39} URL = http://www.flickr.com/search/?q={searchTerms}SearchScopes: HKCU - {4A854408-3E27-4343-AA36-1CBDF9B3AB5E} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7SearchScopes: HKCU - {58A7CA70-8734-4895-92DF-D4C753293510} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-bt-odtbSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {76F51BDE-5511-46F1-AAFE-369973FDCC5D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrwsBHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)BHO: No Name - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No FileBHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileToolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileToolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU - Autism Awareness - {BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - C:\Program Files\Autism Awareness\Toolbar.dll ()DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dllDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: AutorunsDisabled - No CLSID Value - No FileFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR HomePage: CHR DefaultSearchKeyword: google.co.ukCHR DefaultSearchProvider: GoogleCHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No FileCHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No FileCHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0CHR Extension: (Google Wallet) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ========================== Services (Whitelisted) ================= S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-12] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-08-10] (Windows ® 2000 DDK provider)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2007-06-19] (LeapFrog)R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-05-04] (Motive, Inc.)S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-05-29] (Motive, Inc.)R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [17792 2008-04-22] (Primax Electronics Ltd.)S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [19072 2008-06-02] (Primax Electronics Ltd.)S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)R4 RapportCerberus_56758; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-21] ()R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-12] ()R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38937 2005-03-24] (Service & Quality Technology.)R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)R3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))S3 bvrp_pci; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-12 16:23 - 2013-12-12 16:24 - 00024279 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-12 16:23 - 2013-12-12 16:23 - 00000000 ____D C:\FRST2013-12-12 16:19 - 2013-12-12 16:19 - 01060373 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-12 14:00 - 2013-12-12 14:00 - 00000000 ____D C:\Program Files\ESET2013-12-12 12:10 - 2013-12-12 12:10 - 00000856 _____ C:\Documents and Settings\Louise Lee\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 - 2013-12-12 12:03 - 00000000 ____D C:\AdwCleaner2013-12-12 11:54 - 2013-12-12 11:55 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:39 - 2013-12-12 11:40 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:26 - 2013-12-12 10:27 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:09 - 2013-12-12 03:10 - 00013727 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:08 - 2013-12-12 03:09 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:02 - 2013-12-12 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-11 15:50 - 2013-12-12 03:09 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-11 15:50 - 2013-12-12 03:03 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-11 15:50 - 2013-12-12 03:02 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-11 15:49 - 2013-12-12 03:02 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 11:52 - 2013-12-11 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 - 2013-12-11 18:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 11:43 - 2013-12-11 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 11:41 - 2013-12-11 11:43 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 13:23 - 2013-12-01 19:30 - 00000211 _____ C:\Boot.bak2013-12-10 13:23 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2013-12-10 13:21 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe2013-12-10 13:21 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe2013-12-10 13:21 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe2013-12-10 13:20 - 2013-12-10 14:01 - 00000000 ____D C:\Qoobox2013-12-10 13:19 - 2013-12-10 13:57 - 00000000 ____D C:\WINDOWS\erdnt2013-12-10 13:06 - 2013-12-10 13:07 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 20:44 - 2013-12-09 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-09 19:52 - 2013-12-09 19:56 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:31 - 2013-12-12 03:10 - 00043111 _____ C:\WINDOWS\FaxSetup.log2013-12-09 19:31 - 2013-12-12 03:10 - 00020692 _____ C:\WINDOWS\ocgen.log2013-12-09 19:31 - 2013-12-12 03:10 - 00016514 _____ C:\WINDOWS\tsoc.log2013-12-09 19:31 - 2013-12-12 03:10 - 00013988 _____ C:\WINDOWS\comsetup.log2013-12-09 19:31 - 2013-12-12 03:10 - 00008623 _____ C:\WINDOWS\ntdtcsetup.log2013-12-09 19:31 - 2013-12-12 03:10 - 00006870 _____ C:\WINDOWS\iis6.log2013-12-09 19:31 - 2013-12-12 03:10 - 00002394 _____ C:\WINDOWS\ocmsn.log2013-12-09 19:31 - 2013-12-12 03:10 - 00002163 _____ C:\WINDOWS\msgsocm.log2013-12-09 19:31 - 2013-12-12 03:10 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-09 19:31 - 2013-12-12 03:09 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-09 19:29 - 2013-12-09 19:31 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:28 - 2013-12-12 03:10 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-09 19:28 - 2013-12-09 19:34 - 00007316 _____ C:\WINDOWS\spupdsvc.log2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:38 - 2013-12-09 19:31 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-08 19:33 - 2013-12-10 09:44 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-08 18:53 - 2013-12-12 03:10 - 00055047 _____ C:\WINDOWS\setupapi.log2013-12-08 18:53 - 2013-12-11 18:47 - 00000075 _____ C:\WINDOWS\setupact.log2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-12-08 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2013-12-08 15:30 - 2013-12-11 11:17 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-08 14:29 - 2013-12-12 12:15 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-08 14:24 - 2013-11-19 10:21 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:18 - 2013-12-08 14:19 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 19:45 - 2008-04-14 01:12 - 00116224 _____ (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll2013-12-03 19:45 - 2008-04-14 01:12 - 00018944 _____ () C:\WINDOWS\system32\dllcache\xrxscnui.dll2013-12-03 19:44 - 2008-04-14 01:12 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll2013-12-03 19:43 - 2008-04-13 19:36 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys2013-12-03 19:42 - 2008-04-13 19:45 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys2013-12-03 19:38 - 2008-04-14 01:12 - 00082944 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe2013-12-03 19:37 - 2008-04-13 19:40 - 00149376 _____ (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys2013-12-03 19:34 - 2008-04-13 19:40 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00016000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys2013-12-03 19:31 - 2008-04-13 19:45 - 00011520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys2013-12-03 19:31 - 2008-04-13 19:40 - 00043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys2013-12-03 19:30 - 2008-04-14 01:12 - 00029696 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll2013-12-03 19:30 - 2008-04-14 01:12 - 00027648 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll2013-12-03 19:29 - 2008-04-13 19:40 - 00079104 _____ (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys2013-12-03 19:28 - 2008-04-14 01:12 - 00363520 _____ C:\WINDOWS\system32\dllcache\psisdecd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00033280 _____ C:\WINDOWS\system32\dllcache\psisrndr.ax2013-12-03 19:28 - 2008-04-13 19:40 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys2013-12-03 19:27 - 2008-04-14 01:10 - 00259328 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll2013-12-03 19:27 - 2008-04-14 01:10 - 00211584 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll2013-12-03 19:27 - 2008-04-13 19:44 - 00028032 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys2013-12-03 19:27 - 2008-04-13 19:44 - 00027904 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys2013-12-03 19:27 - 2008-04-13 19:41 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys2013-12-03 19:27 - 2008-04-13 19:40 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys2013-12-03 19:25 - 2008-04-13 19:46 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys2013-12-03 19:24 - 2008-04-13 19:54 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys2013-12-03 19:22 - 2008-04-13 19:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys2013-12-03 19:22 - 2008-04-13 19:46 - 00049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys2013-12-03 19:21 - 2008-04-14 01:12 - 00056832 _____ C:\WINDOWS\system32\dllcache\msdvbnp.ax2013-12-03 19:21 - 2008-04-13 19:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys2013-12-03 19:21 - 2008-04-13 19:46 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys2013-12-03 19:20 - 2008-04-13 19:41 - 00026112 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys2013-12-03 19:20 - 2008-04-13 19:40 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys2013-12-03 19:19 - 2008-04-14 01:11 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll2013-12-03 19:19 - 2008-04-14 01:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll2013-12-03 19:19 - 2008-04-13 19:40 - 00034688 _____ (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys2013-12-03 19:18 - 2008-04-14 01:09 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll2013-12-03 19:17 - 2008-04-14 01:12 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe2013-12-03 19:17 - 2008-04-14 01:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll2013-12-03 19:17 - 2008-04-13 19:54 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys2013-12-03 19:15 - 2008-04-14 01:11 - 00702845 _____ (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll2013-12-03 19:13 - 2008-04-14 01:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll2013-12-03 19:13 - 2008-04-13 19:45 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys2013-12-03 19:13 - 2008-04-13 19:45 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys2013-12-03 19:13 - 2008-04-13 19:40 - 00028288 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys2013-12-03 19:13 - 2008-04-13 19:36 - 00020352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys2013-12-03 19:10 - 2008-04-14 01:12 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax2013-12-03 19:09 - 2008-04-13 19:40 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys2013-12-03 19:09 - 2008-04-13 19:39 - 00206976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys2013-12-03 19:07 - 2008-04-14 01:11 - 00249856 _____ (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll2013-12-03 19:07 - 2008-04-13 19:36 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys2013-12-03 19:07 - 2008-04-13 19:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys2013-12-03 19:06 - 2008-04-14 01:11 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll2013-12-03 19:06 - 2008-04-13 19:40 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys2013-12-03 19:05 - 2008-04-14 01:12 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax2013-12-03 19:05 - 2008-04-13 19:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00013696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys2013-12-03 19:05 - 2008-04-13 19:36 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys2013-12-03 19:03 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 17:34 - 2013-12-01 17:41 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b ==================== One Month Modified Files and Folders ======= 2013-12-12 16:24 - 2013-12-12 16:23 - 00024279 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-12 16:23 - 2013-12-12 16:23 - 00000000 ____D C:\FRST2013-12-12 16:19 - 2013-12-12 16:19 - 01060373 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-12 16:05 - 2010-03-21 15:54 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-12-12 14:05 - 2004-08-10 12:08 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt2013-12-12 14:00 - 2013-12-12 14:00 - 00000000 ____D C:\Program Files\ESET2013-12-12 12:24 - 2004-08-10 12:02 - 01281554 _____ C:\WINDOWS\WindowsUpdate.log2013-12-12 12:15 - 2013-12-08 14:29 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-12 12:10 - 2013-12-12 12:10 - 00000856 _____ C:\Documents and Settings\Louise Lee\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 12:10 - 2013-08-21 07:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2013-12-12 12:08 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-12-12 12:06 - 2004-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-12-12 12:06 - 2004-08-10 11:59 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-12-12 12:05 - 2010-03-21 15:54 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-12-12 12:05 - 2005-08-13 16:28 - 00000278 ___SH C:\Documents and Settings\Louise Lee\ntuser.ini2013-12-12 12:05 - 2005-08-13 16:28 - 00000000 ____D C:\Documents and Settings\Louise Lee2013-12-12 12:05 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-12-12 12:03 - 2013-12-12 11:56 - 00000000 ____D C:\AdwCleaner2013-12-12 11:55 - 2013-12-12 11:54 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:40 - 2013-12-12 11:39 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:27 - 2013-12-12 10:26 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:27 - 2004-08-10 11:57 - 00235168 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-12-12 03:10 - 2013-12-12 03:09 - 00013727 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-12 03:10 - 2013-12-09 19:31 - 00043111 _____ C:\WINDOWS\FaxSetup.log2013-12-12 03:10 - 2013-12-09 19:31 - 00020692 _____ C:\WINDOWS\ocgen.log2013-12-12 03:10 - 2013-12-09 19:31 - 00016514 _____ C:\WINDOWS\tsoc.log2013-12-12 03:10 - 2013-12-09 19:31 - 00013988 _____ C:\WINDOWS\comsetup.log2013-12-12 03:10 - 2013-12-09 19:31 - 00008623 _____ C:\WINDOWS\ntdtcsetup.log2013-12-12 03:10 - 2013-12-09 19:31 - 00006870 _____ C:\WINDOWS\iis6.log2013-12-12 03:10 - 2013-12-09 19:31 - 00002394 _____ C:\WINDOWS\ocmsn.log2013-12-12 03:10 - 2013-12-09 19:31 - 00002163 _____ C:\WINDOWS\msgsocm.log2013-12-12 03:10 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-12 03:10 - 2013-12-09 19:28 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-12 03:10 - 2013-12-08 18:53 - 00055047 _____ C:\WINDOWS\setupapi.log2013-12-12 03:10 - 2009-09-22 12:35 - 00000000 ____D C:\WINDOWS\ie8updates2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:09 - 2013-12-12 03:08 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:09 - 2013-12-11 15:50 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-12 03:09 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-12 03:09 - 2007-02-18 22:01 - 00892346 ____C C:\WINDOWS\system32\TZLog.log2013-12-12 03:08 - 2013-07-29 20:19 - 00000000 ____D C:\WINDOWS\system32\MRT2013-12-12 03:03 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:03 - 2013-12-11 15:50 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-12 03:03 - 2005-09-23 18:10 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-12 03:02 - 2013-12-11 15:50 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-12 03:02 - 2013-12-11 15:49 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 18:54 - 2013-12-11 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 18:52 - 2013-12-11 11:44 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 18:52 - 2013-12-11 11:43 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 18:47 - 2013-12-08 18:53 - 00000075 _____ C:\WINDOWS\setupact.log2013-12-11 16:38 - 2011-07-11 15:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2013-12-11 11:43 - 2013-12-11 11:41 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-11 11:17 - 2013-12-08 15:30 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt2013-12-10 14:01 - 2013-12-10 13:20 - 00000000 ____D C:\Qoobox2013-12-10 13:57 - 2013-12-10 13:19 - 00000000 ____D C:\WINDOWS\erdnt2013-12-10 13:52 - 2004-08-10 11:51 - 00000243 _____ C:\WINDOWS\system.ini2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 13:23 - 2005-08-10 00:22 - 00000327 __RSH C:\boot.ini2013-12-10 13:07 - 2013-12-10 13:06 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:14 - 2009-07-28 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple2013-12-10 09:44 - 2013-12-08 19:33 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 20:45 - 2009-09-22 09:44 - 00000000 ____D C:\Documents and Settings\Administrator2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\NetworkService2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\LocalService2013-12-09 20:45 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\Registration2013-12-09 20:44 - 2013-12-09 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-09 20:44 - 2010-07-08 07:36 - 00000000 ___HD C:\WINDOWS\msdownld.tmp2013-12-09 20:44 - 2005-08-10 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe2013-12-09 20:44 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX2013-12-09 19:56 - 2013-12-09 19:52 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:51 - 2009-05-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live2013-12-09 19:34 - 2013-12-09 19:28 - 00007316 _____ C:\WINDOWS\spupdsvc.log2013-12-09 19:31 - 2013-12-09 19:29 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:31 - 2013-12-09 16:38 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-09 19:29 - 2005-08-10 00:32 - 00000000 ___HD C:\WINDOWS\$hf_mig$2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 17:06 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Adobe2013-12-09 16:47 - 2007-07-01 14:24 - 00000000 ____D C:\Program Files\Google2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:36 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-12-08 20:00 - 2005-08-10 00:18 - 00000000 ____D C:\i3862013-12-08 19:32 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Adobe2013-12-08 19:31 - 2005-08-29 18:52 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-12-08 19:30 - 2005-08-10 00:39 - 00000000 ____D C:\Program Files\Adobe2013-12-08 19:10 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\AdobeUM2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 18:39 - 2010-03-21 15:09 - 00000000 ____D C:\Documents and Settings\Louise Lee\Tracing2013-12-08 18:38 - 2008-11-27 23:01 - 00000000 ____D C:\WINDOWS\Minidump2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:54 - 2013-12-08 16:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 16:32 - 2007-07-01 14:24 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Skype2013-12-08 15:31 - 2013-02-13 04:00 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2013-12-08 15:07 - 2011-06-09 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:19 - 2013-12-08 14:18 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-08 13:49 - 2010-06-17 21:08 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk2013-12-08 13:37 - 2008-08-10 16:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:51 - 2009-09-22 09:44 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 18:00 - 2006-12-27 21:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926255$2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-03 16:56 - 2010-03-21 15:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:58 - 2004-08-10 11:57 - 00504528 ____C C:\WINDOWS\system32\PerfStringBackup.INI2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:49 - 2011-06-09 20:50 - 00023469 ____C C:\WINDOWS\system32\lvcoinst.log2013-12-01 20:46 - 2010-06-04 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 19:30 - 2013-12-10 13:23 - 00000211 _____ C:\Boot.bak2013-12-01 19:30 - 2004-08-10 11:51 - 00000649 _____ C:\WINDOWS\win.ini2013-12-01 19:25 - 2009-05-25 14:45 - 00000000 ____D C:\WINDOWS\pss2013-12-01 17:55 - 2007-07-01 14:24 - 00000000 ___RD C:\Program Files\Skype2013-12-01 17:55 - 2007-07-01 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-12-01 17:41 - 2013-12-01 17:34 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b2013-12-01 16:21 - 2005-11-13 10:23 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Unused Desktop Shortcuts2013-11-19 10:21 - 2013-12-08 14:24 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2013-11-13 02:59 - 2004-08-10 11:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll2013-11-13 02:59 - 2004-08-10 11:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imagehlp.dll2013-11-13 01:13 - 2007-01-29 08:58 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe Some content of TEMP:====================C:\Documents and Settings\Louise Lee\Local Settings\temp\Install_HOSTS_Anti-Adware.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013Ran by Louise Lee at 2013-12-12 16:26:30Running from C:\Documents and Settings\Louise Lee\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.4)Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)Adobe AIR (Version: 3.2.0.2070)Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)Adobe Flash Player 10 Plugin (Version: 10.3.183.7)Adobe Reader 6.0.1 (Version: 006.000.001)Adobe Shockwave Player 11.5 (Version: 11.5.1.601)Amazon Cloud Drive (HKCU Version: 2.1.2013.1340)Apple Application Support (Version: 2.3.6)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (Version: 2.1.3.127)ARTEuro (Version: 1.00.0000)Atheros USB Wireless LAN Driver Installer (Version: 1.00.7323)Autism Awareness 1.400 (Version: 1.400)B110 (Version: 140.0.283.000)Big Fish Games: Game Manager (Version: 3.0.1.60)Bonjour (Version: 3.0.0.10)BT Broadband Desktop Help (Version: 5.8.22.asst_classic.asst_install)BT Broadband Talk Softphone 3.1BT Yahoo! ApplicationsBTHomeHubBufferChm (Version: 140.0.212.000)CCleaner (Version: 4.08)Classic PhoneTools (Version: 4.24)Coupon Printer for Windows (Version: 5.0.0.0)Critical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolder (Version: 1.00.0000)Defenders of Law: The Rosendale FileDefraggler (Version: 2.08)Dell Driver Reset Tool (Version: 1.02.0000)Dell Media Experience (Version: 3.0)Dell Media Experience UpdateDell Picture Studio v3.0 (Version: 3.0.0)Dell Support Center (Version: 2.0.07311)Dell System Restore (Version: 2.00.0000)DellSupport (Version: 6.0.3062)DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)DJ_AIO_03_F2200_Software (Version: 100.0.206.000)DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)EPSON Printer SoftwareeSupportQFolder (Version: 1.00.0000)F2200 (Version: 100.0.206.000)F2200_Help (Version: 100.0.206.000)Fun School 6 - MagiclandG15A922EN (Version: 1.0.0.0)Google Chrome (Version: 31.0.1650.63)Google Earth (Version: 7.1.1.1888)Google Toolbar for Internet Explorer (Version: 1.0.0)Google Update Helper (Version: 1.3.22.3)GPBaseService (Version: 100.0.187.000)GPBaseService2 (Version: 130.0.371.000)Harry Potter Print Studio (Version: 1.0.7)Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)HiJackThis (Version: 1.0.0)HP Customer Participation Program 14.0 (Version: 14.0)HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)HP Laser Mobile Mouse Driver (Version: 1.1.0.0)HP Photo Creations (Version: 1.0.0.2024)HP Photosmart Essential 2.5 (Version: 1.02.0000)HP Photosmart Essential 2.5 (Version: 2.5)HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)HP Smart Web Printing 4.60 (Version: 4.60)HP Solution Center 14.0 (Version: 14.0)HP Update (Version: 5.002.005.003)HPAppStudio (Version: 140.0.95.000)HPProductAssistant (Version: 130.0.371.000)HPSSupply (Version: 100.0.170.000)Intel® 537EP V9x DFV PCI ModemIntel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)Intel® PRO Network Adapters and DriversIntel® PROSet for Wired Connections (Version: 8.00.5000)Internet Explorer Default Page (Version: 1.00.03)iTunes (Version: 11.1.3.8)Jasc Paint Shop Photo Album 5 (Version: 5.22)Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)Junk Mail filter update (Version: 14.0.8089.726)Kids Cam Show and Share Creativity Center (Version: )KODAK Share Button App (Version: 4.03.0000.0000)Learn2 Player (Uninstall Only)Logitech Legacy USB Camera Driver PackageLogitech Webcam Software (Version: 12.10.1113)Logitech Webcam Software Driver Package (Version: 12.10.1110)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Map Button (Windows Live Toolbar) (Version: 03.01.0146)MarketResearch (Version: 100.0.170.000)McDonald's Dragons (Version: )Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Choice Guard (Version: 2.0.48.0)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2000 Premium (Version: 9.00.2720)Microsoft Security Client (Version: 4.4.0304.0)Microsoft Security Essentials (Version: 4.4.304.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Works 7.0 (Version: 07.02.0620)MobileMe Control Panel (Version: 3.1.8.0)Modem Event MonitorModem Helper (Version: 2.40)Modem On Hold (Version: 1.12)MSNMSN Toolbar (Version: 4.0.0357.1)MSVCRT (Version: 14.0.1468.721)MSVCSetup (Version: 1.00.0000)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)My Way Search Assistant (Version: 1.0.256)MyDSC2 (Version: 1.00.000)Nero SuiteNetwork (Version: 140.0.215.000)Paint Shop Pro 7 Evaluation (Version: 7.0.0.0000)PowerDVD 5.5PS_AIO_07_B110_SW_Min (Version: 140.0.142.000)PSSWCORE (Version: 2.02.0000)QuickTime (Version: 7.74.80.86)QuickTransfer (Version: 140.0.98.000)Rapport (Version: 3.5.1304.15)RealPlayer BasicSafari (Version: 5.34.57.2)Scan (Version: 140.0.80.000)Segoe UI (Version: 14.0.4327.805)Serif DrawPlus 7.0 (Version: 7.0)Serif DrawPlus 7.0 Design CD (Version: 7.0)Shop for HP Supplies (Version: 14.0)Skype Click to Call (Version: 6.13.13771)Skype™ 6.3 (Version: 6.3.105)Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)SmartWebPrinting (Version: 140.0.186.000)SolutionCenter (Version: 130.0.373.000)Sonic DLA (Version: 4.98)Sonic MyDVD LE (Version: 6.1.1)Sonic RecordNow Audio (Version: 2.0.0)Sonic RecordNow Copy (Version: 2.0.0)Sonic RecordNow Data (Version: 2.0.0.1)Sonic Update Manager (Version: 3.0.0)Speccy (Version: 1.24)SUPERAntiSpyware Free Edition (Version: 4.29.0.1002)SystemMessages 1.0.0Toolbox (Version: 140.0.428.000)Trusteer Endpoint Protection (Version: 3.5.1304.15)UnloadSupport (Version: 10.0.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Windows Internet Explorer 8 (KB973874) (Version: 1)Update for Windows Internet Explorer 8 (KB976662) (Version: 1)Update for Windows Internet Explorer 8 (KB976749) (Version: 1)Update for Windows Internet Explorer 8 (KB980182) (Version: 1)Update for Windows Internet Explorer 8 (KB982632) (Version: 1)Update for Windows XP (KB2141007) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB2863058) (Version: 1)Update for Windows XP (KB2904266) (Version: 1)Update for Windows XP (KB951072-v2) (Version: 2)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB955839) (Version: 1)Update for Windows XP (KB961503) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB971737) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VideoToolkit01 (Version: 100.0.128.000)Wanadoo Europe Installer (Version: 1.02.008)WebFldrs XP (Version: 9.50.7523)WebReg (Version: 140.0.212.017)Windows Defender Signatures (Version: 1.20.0.0)Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.1)Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)Windows Imaging Component (Version: 3.0.0.0)Windows Internet Explorer 7 (Version: 20070813.185237)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Live Call (Version: 14.0.8064.0206)Windows Live Communications Platform (Version: 14.0.8098.930)Windows Live Essentials (Version: 14.0.8089.0726)Windows Live Essentials (Version: 14.0.8089.726)Windows Live Family Safety (Version: 14.0.8093.805)Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)Windows Live Mail (Version: 14.0.8089.0726)Windows Live Messenger (Version: 14.0.8089.0726)Windows Live Photo Gallery (Version: 14.0.8081.709)Windows Live Sign-in Assistant (Version: 5.000.818.6)Windows Live Sync (Version: 14.0.8089.726)Windows Live Toolbar (Version: 14.0.8064.206)Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)Windows Live Upload Tool (Version: 14.0.8014.1029)Windows Live Writer (Version: 14.0.8089.0726)Windows Media Format 11 runtimeWindows XP Service Pack 3 (Version: 20080414.031525)Yahoo! BrowserPlus 2.9.8Yahoo! Software UpdateZyDAS IEEE 802.11 b+g Wireless LAN - USB ==================== Restore Points ========================= 01-12-2013 17:34:17 Software Distribution Service 3.001-12-2013 20:11:26 Software Distribution Service 3.003-12-2013 20:20:41 Removed KODAK Share Button App.03-12-2013 18:24:02 System Checkpoint03-12-2013 19:49:06 Software Distribution Service 3.004-12-2013 03:00:41 Software Distribution Service 3.004-12-2013 11:21:47 Software Distribution Service 3.004-12-2013 21:05:55 Software Distribution Service 3.005-12-2013 09:51:05 Installed Rapport05-12-2013 10:10:13 Installed HiJackThis05-12-2013 10:36:14 Software Distribution Service 3.007-12-2013 16:18:45 Software Distribution Service 3.008-12-2013 13:32:39 pre removal of old restores08-12-2013 13:37:12 Removed Ad-Aware08-12-2013 14:11:25 Removed Tiscali Internet08-12-2013 14:24:41 Software Distribution Service 3.008-12-2013 14:55:33 Removed AVG Free 8.508-12-2013 15:00:51 Installed AVG Free 8.508-12-2013 16:35:10 Software Distribution Service 3.008-12-2013 18:35:27 pre cclean08-12-2013 18:40:39 Software Distribution Service 3.008-12-2013 22:03:58 Software Distribution Service 3.009-12-2013 15:01:33 Software Distribution Service 3.009-12-2013 16:35:48 Installed DirectX09-12-2013 16:47:30 Removed Google Earth.09-12-2013 19:28:21 Installed Windows Internet Explorer 8.09-12-2013 19:29:06 Software Distribution Service 3.009-12-2013 20:24:42 Restore Operation09-12-2013 20:32:38 Software Distribution Service 3.009-12-2013 20:36:48 Software Distribution Service 3.009-12-2013 20:39:28 Restore Operation09-12-2013 20:49:33 Software Distribution Service 3.009-12-2013 20:56:31 Software Distribution Service 3.010-12-2013 09:24:55 Software Distribution Service 3.010-12-2013 14:37:31 Software Distribution Service 3.011-12-2013 11:57:29 Software Distribution Service 3.012-12-2013 03:00:19 Software Distribution Service 3.012-12-2013 12:09:49 Installed Rapport12-12-2013 12:18:20 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2004-08-10 11:51 - 2013-12-12 12:10 - 00038987 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 08sr.combineads.info # hosts anti-adware / pups127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups127.0.0.1 2010-fr.com # hosts anti-adware / pups127.0.0.1 2012-new.biz # hosts anti-adware / pups127.0.0.1 212link.com # hosts anti-adware / pups127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups127.0.0.1 24h00business.com # hosts anti-adware / pups127.0.0.1 a.adorika.net # hosts anti-adware / pups127.0.0.1 a.ad-sys.com # hosts anti-adware / pups127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups127.0.0.1 ad.adn360.com # hosts anti-adware / pups127.0.0.1 adeartss.eu # hosts anti-adware / pups127.0.0.1 adesoeasy.eu # hosts anti-adware / pups127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups127.0.0.1 adm.soft365.com # hosts anti-adware / pups127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups127.0.0.1 ads.aff.co # hosts anti-adware / pups127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups127.0.0.1 ads.eorezo.com # hosts anti-adware / pups127.0.0.1 ads.hooqy.com # hosts anti-adware / pups127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups127.0.0.1 ads.realken.com # hosts anti-adware / pups127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups127.0.0.1 ads.tersecta.com # hosts anti-adware / pups There are 636 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exeTask: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00081920 _____ () C:\Program Files\BT Broadband Talk Softphone\APDIPhoneCtrl.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00077824 _____ () C:\Program Files\BT Broadband Talk Softphone\SnxHIDCtrl.dll2011-04-05 11:04 - 2006-05-08 12:06 - 00212992 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll2011-04-05 11:04 - 2006-09-01 10:13 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll2012-03-11 12:50 - 2013-12-12 12:13 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll2004-08-10 11:50 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2004-08-10 11:51 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2013-12-07 16:01 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll2013-12-07 16:01 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll2013-12-07 16:01 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Intel® 537EP V9x DFV PCI ModemDescription: Intel® 537EP V9x DFV PCI ModemClass Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}Manufacturer: Intel CorporationService: ModemProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (12/12/2013 01:58:48 PM) (Source: crypt32) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:17:03 PM) (Source: Application Hang) (User: )Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors:=============Error: (12/12/2013 03:00:47 AM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/11/2013 10:39:51 AM) (Source: DCOM) (User: LOUISE)Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout. Error: (12/11/2013 10:37:29 AM) (Source: DCOM) (User: LOUISE)Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout. Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )Description: The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053 Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. Error: (12/10/2013 02:37:42 PM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2013 09:26:13 AM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/09/2013 08:47:15 PM) (Source: Microsoft Antimalware) (User: )Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: %24 Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: %600 Microsoft Office Sessions:=========================Error: (12/12/2013 01:58:48 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:17:03 PM) (Source: Application Hang)(User: )Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 48%Total physical RAM: 2045.98 MBAvailable physical RAM: 1044.82 MBTotal Pagefile: 2659.38 MBAvailable Pagefile: 1702.18 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1941.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.04 GB) (Free:108.28 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 149 GB) (Disk ID: D0F4738C)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2013 Root Admin ID:763808 Share Posted December 12, 2013 Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version.fixlist.txt Link to post Share on other sites More sharing options...
tomtatsfield Posted December 13, 2013 Author ID:763949 Share Posted December 13, 2013 Report 07 (2) Fix Log Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01Ran by Louise Lee at 2013-12-13 09:48:24 Run:1Running from C:\Documents and Settings\Louise Lee\DesktopBoot Mode: Normal ============================================== Content of fixlist:*****************DeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientHKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://upload.facebo...toUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://upload.facebo...oUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exe ***************** "C:\Program Files\Windows Defender" => Not Found"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CAAB66A-D417-4608-ADF1-F7B774728B39} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{3CAAB66A-D417-4608-ADF1-F7B774728B39} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A854408-3E27-4343-AA36-1CBDF9B3AB5E} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{4A854408-3E27-4343-AA36-1CBDF9B3AB5E} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58A7CA70-8734-4895-92DF-D4C753293510} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{58A7CA70-8734-4895-92DF-D4C753293510} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76F51BDE-5511-46F1-AAFE-369973FDCC5D} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{76F51BDE-5511-46F1-AAFE-369973FDCC5D} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key deleted successfully.HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully.HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} => Key deleted successfully.HKCR\CLSID\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => Value deleted successfully.HKCR\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => Value deleted successfully.HKCR\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Value deleted successfully.HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value deleted successfully.HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully.HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} => Value deleted successfully.HKCR\CLSID\{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully.HKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83} => Key deleted successfully.HKCR\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} => Key deleted successfully.HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.HKCR\CLSID\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key deleted successfully.HKCR\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968} => Key deleted successfully.HKCR\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} => Key deleted successfully.HKCR\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key deleted successfully.HKCR\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key deleted successfully.C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\WINDOWS\Tasks\ISP signup reminder 1.job => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 13, 2013 Root Admin ID:763950 Share Posted December 13, 2013 Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then restart the computer and run the following Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
tomtatsfield Posted December 13, 2013 Author ID:764065 Share Posted December 13, 2013 Hello, I followed your instruction with TFC and have followed the instructions for resetting the browsers, but since doing that the computer has now gone back to working very sluggish, prior to the resets the computer was loading into a working state in approximately 2.5 to 3 minutes and the only problem was that IE would not load from the desktop Icon, now unfortunately the computer is taking over 4 minutes to load and all operations are extremely sluggish, probably 2 minutes into google from the desktop icon. Interestingly on every cold start updates are being installed or at least the update shield is evident in the task bar. Maybe I have upset something, are there any further checks possible? Thank you for your help so far. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 13, 2013 Root Admin ID:764082 Share Posted December 13, 2013 Actually I just ran into this issue myself sort of on a new install of Windows XP. It seems that Microsoft has broken Windows Update with one of their latest updates for XP. Let me see if I can find that article and information and post back for you. If I've not replied back within 24 hours please send me PM. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 16, 2013 Root Admin ID:765248 Share Posted December 16, 2013 Sorry for the delay and thank you for the PM reminder. From this article it appears that Microsoft broke the Windows update process on XP and this fix is supposed to fix it.Windows XP update locks machines with SVCHOST redlined at 100%: Fix it with KB 2879017 Please review that article and make sure you're not having this issue and that all your Windows updates are up to date and the svchost.exe is not consuming all your resources with Windows update. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 17, 2013 Author ID:765564 Share Posted December 17, 2013 Thanks things seem a little better, I have a bing bar update that is plaguing me constantly, but the update never imstalls? The redline with the CPU seems to have cleared. is there anything else to check? Thanks again Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 18, 2013 Root Admin ID:765637 Share Posted December 18, 2013 Please temporarily disable your antivirus and run a new DDS scan and post back the new logs. Please run the following scanner and send back the logs.Download DDS from one of the locations below and save to your Desktopdds.scrdds.comTemporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOnce downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr or dds.com to run the tool.Click the Run button if prompted with an Open File - Security Warning dialog box.A black DOS console should open and run for a moment.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply as an attachment: DDS.txt and Attach.txtYou can ignore the note about zipping the Attach.txt file and just post it or attach it. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 24, 2013 Author ID:768566 Share Posted December 24, 2013 Hello Ron, Seasons Greeting It appears that my sending of the two DDS files have gone AWOL, so below are a repeat sending of these files, sorry, was about to send a PM but checking before sending I discovered I hadn't sent them. my apologies. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702Run by Louise Lee at 21:06:07 on 2013-12-18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1195 [GMT 0:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ================.c:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\btbb_wcm\McciTrayApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\ICO.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\BT Broadband Talk Softphone\BTAgile.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\Pelmiced.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k HPServiceC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uWindow Title = Windows Internet Explorer provided by BT Yahoo!uProxyOverride = 127.0.0.1;*.localdURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: AutorunsDisabled - <orphaned>BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: Real.com: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dlluRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exeuRun: [bTAgile] c:\program files\bt broadband talk softphone\BTAgile.exemRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exemRun: [Mouse Suite 98 Daemon] ICO.EXEmRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hidemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\louise~1\startm~1\programs\startup\autoru~1\amazon~1.lnk - c:\documents and settings\louise lee\local settings\apps\2.0\zncx8eh3.30r\kvgxx92q.5oa\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeFilter: AutorunsDisabled - <Clsid value has no data>Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-12-12 340432]R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-21 54752]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-8 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-8 701512]R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-8 22856]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408].=============== File Associations ===============.ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE.=============== Created Last 30 ================.2013-12-18 21:02:00 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b52a01c-eeb9-4a51-b7cd-2f4119b8b829}\mpengine.dll2013-12-17 18:43:45 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-12-12 16:23:11 -------- d-----w- C:\FRST2013-12-12 12:10:17 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56:44 -------- d-----w- C:\AdwCleaner2013-12-12 10:30:15 -------- d-----w- c:\windows\ERUNT2013-12-11 11:52:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44:45 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-10 13:23:09 -------- d-sha-r- C:\cmdcons2013-12-10 13:21:02 98816 ----a-w- c:\windows\sed.exe2013-12-10 13:21:02 256000 ----a-w- c:\windows\PEV.exe2013-12-10 13:21:02 208896 ----a-w- c:\windows\MBR.exe2013-12-10 10:14:41 -------- d-----w- c:\program files\iPod2013-12-10 10:13:35 -------- d-----w- c:\program files\iTunes2013-12-10 10:13:35 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-09 20:45:45 -------- d-----w- c:\windows\system32\wbem\repository\FS2013-12-09 20:45:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44:23 -------- d-----w- C:\Google2013-12-09 16:31:10 -------- d-----w- c:\windows\Logs2013-12-08 17:33:19 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24:42 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18:24 -------- d-----w- c:\program files\Microsoft Security Client2013-12-05 10:10:15 388096 ----a-r- c:\documents and settings\louise lee\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2013-12-05 10:10:13 -------- d-----w- c:\program files\Trend Micro2013-12-03 19:45:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll2013-12-03 19:45:35 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll2013-12-03 19:44:24 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-12-03 19:43:25 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys2013-12-03 19:42:32 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys2013-12-03 19:40:33 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys2013-12-03 19:40:30 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys2013-12-03 19:38:22 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe2013-12-03 19:37:22 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys2013-12-03 19:34:42 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys2013-12-03 19:34:03 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys2013-12-03 19:34:02 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys2013-12-03 19:31:41 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys2013-12-03 19:31:12 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys2013-12-03 19:30:06 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll2013-12-03 19:30:04 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll2013-12-03 19:29:37 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys2013-12-03 19:28:45 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys2013-12-03 19:28:30 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll2013-12-03 19:28:18 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll2013-12-03 19:27:58 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys2013-12-03 19:27:52 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys2013-12-03 19:27:07 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll2013-12-03 19:27:05 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys2013-12-03 19:27:04 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll2013-12-03 19:27:03 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys2013-12-03 19:25:31 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys2013-12-03 19:24:45 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys2013-12-03 19:22:32 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys2013-12-03 19:22:10 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys2013-12-03 19:21:50 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys2013-12-03 19:21:27 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys2013-12-03 19:20:57 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys2013-12-03 19:20:14 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys2013-12-03 19:19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys2013-12-03 19:19:24 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll2013-12-03 19:19:23 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll2013-12-03 19:18:22 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll2013-12-03 19:17:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-12-03 19:17:54 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-12-03 19:17:53 88192 ----a-w- c:\windows\system32\dllcache\irda.sys2013-12-03 19:15:58 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll2013-12-03 19:13:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll2013-12-03 19:13:52 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys2013-12-03 19:13:31 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys2013-12-03 19:13:21 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys2013-12-03 19:13:20 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys2013-12-03 19:09:54 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys2013-12-03 19:09:41 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys2013-12-03 19:07:51 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll2013-12-03 19:07:30 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys2013-12-03 19:07:18 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys2013-12-03 19:06:58 8192 ----a-w- c:\windows\system32\dllcache\changer.sys2013-12-03 19:06:37 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll2013-12-03 19:05:25 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys2013-12-03 19:05:19 14208 ----a-w- c:\windows\system32\dllcache\battc.sys2013-12-03 19:05:09 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys2013-12-03 19:05:08 38912 ----a-w- c:\windows\system32\dllcache\avc.sys2013-12-03 19:03:44 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-12-03 19:03:44 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-12-03 19:03:41 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-12-03 17:27:01 -------- d-----w- c:\program files\Speccy2013-12-01 17:34:41 -------- d-----w- C:\8db07bf26ed4429d4cee488d537b.==================== Find3M ====================.2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec2013-10-25 02:34:18 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-10-23 23:45:49 172032 ------w- c:\windows\system32\scrrun.dll2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys.============= FINISH: 21:08:00.14 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 13/08/2005 17:27:45System Uptime: 18/12/2013 20:49:21 (1 hours ago).Motherboard: Dell Computer Corp. | | 0TC666Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2661/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 146 GiB total, 107.031 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}Description: Intel® 537EP V9x DFV PCI ModemDevice ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0Manufacturer: Intel CorporationName: Intel® 537EP V9x DFV PCI ModemPNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0Service: Modem.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Intel® PRO/100 VE Network ConnectionDevice ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0Manufacturer: IntelName: Intel® PRO/100 VE Network ConnectionPNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0Service: E100B.==== System Restore Points ===================.RP1854: 01/12/2013 17:34:17 - Software Distribution Service 3.0RP1855: 01/12/2013 20:11:26 - Software Distribution Service 3.0RP1856: 03/12/2013 20:20:41 - Removed KODAK Share Button App.RP1857: 03/12/2013 18:24:02 - System CheckpointRP1858: 03/12/2013 19:49:06 - Software Distribution Service 3.0RP1859: 04/12/2013 03:00:41 - Software Distribution Service 3.0RP1860: 04/12/2013 11:21:47 - Software Distribution Service 3.0RP1861: 04/12/2013 21:05:55 - Software Distribution Service 3.0RP1862: 05/12/2013 09:51:05 - Installed RapportRP1863: 05/12/2013 10:10:13 - Installed HiJackThisRP1864: 05/12/2013 10:36:14 - Software Distribution Service 3.0RP1865: 07/12/2013 16:18:45 - Software Distribution Service 3.0RP1866: 08/12/2013 13:32:39 - pre removal of old restoresRP1867: 08/12/2013 13:37:12 - Removed Ad-AwareRP1868: 08/12/2013 14:11:25 - Removed Tiscali InternetRP1869: 08/12/2013 14:24:41 - Software Distribution Service 3.0RP1870: 08/12/2013 14:55:33 - Removed AVG Free 8.5RP1871: 08/12/2013 15:00:51 - Installed AVG Free 8.5RP1872: 08/12/2013 16:35:10 - Software Distribution Service 3.0RP1873: 08/12/2013 18:35:27 - pre ccleanRP1874: 08/12/2013 18:40:39 - Software Distribution Service 3.0RP1875: 08/12/2013 22:03:58 - Software Distribution Service 3.0RP1876: 09/12/2013 15:01:33 - Software Distribution Service 3.0RP1877: 09/12/2013 16:35:48 - Installed DirectXRP1878: 09/12/2013 16:47:30 - Removed Google Earth.RP1879: 09/12/2013 19:28:21 - Installed Windows Internet Explorer 8.RP1880: 09/12/2013 19:29:06 - Software Distribution Service 3.0RP1881: 09/12/2013 20:24:42 - Restore OperationRP1882: 09/12/2013 20:32:38 - Software Distribution Service 3.0RP1883: 09/12/2013 20:36:48 - Software Distribution Service 3.0RP1884: 09/12/2013 20:39:28 - Restore OperationRP1885: 09/12/2013 20:49:33 - Software Distribution Service 3.0RP1886: 09/12/2013 20:56:31 - Software Distribution Service 3.0RP1887: 10/12/2013 09:24:55 - Software Distribution Service 3.0RP1888: 10/12/2013 14:37:31 - Software Distribution Service 3.0RP1889: 11/12/2013 11:57:29 - Software Distribution Service 3.0RP1890: 12/12/2013 03:00:19 - Software Distribution Service 3.0RP1891: 12/12/2013 12:09:49 - Installed RapportRP1892: 12/12/2013 12:18:20 - Software Distribution Service 3.0RP1893: 12/12/2013 18:51:11 - Software Distribution Service 3.0RP1894: 13/12/2013 09:52:54 - Software Distribution Service 3.0RP1895: 13/12/2013 14:23:22 - Software Distribution Service 3.0RP1896: 13/12/2013 14:28:55 - Software Distribution Service 3.0RP1897: 13/12/2013 18:23:34 - Software Distribution Service 3.0RP1898: 14/12/2013 12:34:39 - Software Distribution Service 3.0RP1899: 14/12/2013 16:41:07 - Software Distribution Service 3.0RP1900: 14/12/2013 17:56:51 - Software Distribution Service 3.0RP1901: 14/12/2013 18:16:27 - Software Distribution Service 3.0RP1902: 16/12/2013 11:50:25 - Software Distribution Service 3.0RP1903: 16/12/2013 20:40:21 - Software Distribution Service 3.0RP1904: 17/12/2013 18:42:32 - Software Distribution Service 3.0RP1905: 17/12/2013 18:50:26 - Installed Windows XP KB2879017.RP1906: 17/12/2013 18:56:00 - Software Distribution Service 3.0RP1907: 17/12/2013 19:06:45 - Software Distribution Service 3.0RP1908: 18/12/2013 21:01:16 - Software Distribution Service 3.0.==== Installed Programs ======================.32 Bit HP CIO Components InstallerAdobe Acrobat - Reader 6.0.2 UpdateAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 6.0.1Adobe Shockwave Player 11.5Amazon Cloud DriveApple Application SupportApple Mobile Device SupportApple Software UpdateARTEuroAtheros USB Wireless LAN Driver InstallerAutism Awareness 1.400B110Big Fish Games: Game ManagerBonjourBT Broadband Desktop HelpBT Broadband Talk Softphone 3.1BT Yahoo! ApplicationsBTHomeHubBufferChmCCleanerClassic PhoneToolsCoupon Printer for WindowsCritical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolderDefenders of Law: The Rosendale FileDefragglerDell Driver Reset ToolDell Media ExperienceDell Media Experience UpdateDell Picture Studio v3.0Dell Support CenterDell System RestoreDellSupportDJ_AIO_03_F2200_ProductContextDJ_AIO_03_F2200_SoftwareDJ_AIO_03_F2200_Software_MinEPSON Printer SoftwareeSupportQFolderF2200F2200_HelpFun School 6 - MagiclandG15A922ENGoogle ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperGPBaseServiceGPBaseService2Harry Potter Print StudioHighlight Viewer (Windows Live Toolbar)HiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB945060-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976002-v5)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Customer Participation Program 14.0HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3HP Laser Mobile Mouse DriverHP Photo CreationsHP Photosmart Essential 2.5HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPAppStudioHPProductAssistantHPSSupplyIntel® 537EP V9x DFV PCI ModemIntel® Extreme Graphics 2 DriverIntel® PRO Network Adapters and DriversIntel® PROSet for Wired ConnectionsInternet Explorer Default PageiTunesJasc Paint Shop Photo Album 5Jasc Paint Shop Pro Studio, Dell EditonJava 2 Runtime Environment, SE v1.4.2_03Junk Mail filter updateKids Cam Show and Share Creativity Center KODAK Share Button AppLearn2 Player (Uninstall Only)Logitech Legacy USB Camera Driver PackageLogitech Webcam SoftwareLogitech Webcam Software Driver PackageMalwarebytes Anti-Malware version 1.75.0.1300Map Button (Windows Live Toolbar)MarketResearchMcDonald's DragonsMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2000 PremiumMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Works 7.0MobileMe Control PanelModem Event MonitorModem HelperModem On HoldMSNMSN ToolbarMSVCRTMSVCSetupMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB954459)My Way Search AssistantMyDSC2Nero SuiteNetworkPaint Shop Pro 7 EvaluationPowerDVD 5.5PS_AIO_07_B110_SW_MinPSSWCOREQuickTimeQuickTransferRapportRealPlayer BasicSafariScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB2898785)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB2834904)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2892075)Security Update for Windows XP (KB2893294)Security Update for Windows XP (KB2893984)Security Update for Windows XP (KB2898715)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UISerif DrawPlus 7.0Serif DrawPlus 7.0 Design CDShop for HP SuppliesSkype Click to CallSkype™ 6.3Smart Menus (Windows Live Toolbar)SmartWebPrintingSolutionCenterSonic DLASonic MyDVD LESonic RecordNow AudioSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSpeccySUPERAntiSpyware Free EditionSystemMessages 1.0.0ToolboxTrusteer Endpoint ProtectionUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB973874)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Internet Explorer 8 (KB982632)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB2904266)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VideoToolkit01Wanadoo Europe InstallerWebFldrs XPWebRegWindows Defender SignaturesWindows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage v1.3.0254.0Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live Favorites for Windows Live ToolbarWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Toolbar Extension (Windows Live Toolbar)Windows Live Upload ToolWindows Live WriterWindows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3Yahoo! BrowserPlus 2.9.8Yahoo! Software UpdateZyDAS IEEE 802.11 b+g Wireless LAN - USB.==== Event Viewer Messages From Past Week ========.17/12/2013 19:15:25, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.17/12/2013 19:15:25, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.17/12/2013 19:15:25, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}14/12/2013 16:45:58, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1906.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 13/12/2013 14:10:06, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:06, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:06, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:06, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:06, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:05, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).13/12/2013 14:10:05, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.13/12/2013 14:10:05, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.13/12/2013 09:28:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HOSTS Anti-PUPs service to connect.13/12/2013 09:28:54, error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/12/2013 03:00:47, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808).11/12/2013 09:50:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.11/12/2013 09:50:09, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2013 Root Admin ID:769580 Share Posted December 27, 2013 Sorry for the delay but my web browser had this marked as read already. I may have had it open in a multi tab windows and accidentally closed it without a reply. The computer shows a proxy is set on your system as well as some other issues still. Let me have you run FRST again and post back a new log and we'll look at a few more cleanup routines. Thanks Link to post Share on other sites More sharing options...
tomtatsfield Posted December 28, 2013 Author ID:770034 Share Posted December 28, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01Ran by Louise Lee (administrator) on LOUISE on 28-12-2013 18:59:14Running from C:\Documents and Settings\Louise Lee\DesktopMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe() C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\WINDOWS\system32\ico.exe [53248 2008-04-02] (Primax Electronics Ltd.)HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\realplay.exe [26112 2005-08-10] (RealNetworks, Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-09-14] (Alcatel-Lucent)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)HKCU\...\Run: [bTAgile] - C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe [61440 2007-06-18] ()HKU\Administrator\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupHKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /startHKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnkShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()Startup: C:\Documents and Settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcomeBHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: AutorunsDisabled - No CLSID Value - No FileFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No FileCHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No FileCHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0CHR Extension: (Google Wallet) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ========================== Services (Whitelisted) ================= S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-08-10] (Windows ® 2000 DDK provider)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2007-06-19] (LeapFrog)R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)R1 MpKsl01fc0df8; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB220330-A41E-4105-AA13-030BB40D874F}\MpKsl01fc0df8.sys [40392 2013-12-28] (Microsoft Corporation)S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-05-04] (Motive, Inc.)S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-05-29] (Motive, Inc.)R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [17792 2008-04-22] (Primax Electronics Ltd.)S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [19072 2008-06-02] (Primax Electronics Ltd.)S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-12] ()R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38937 2005-03-24] (Service & Quality Technology.)R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)R3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))S3 bvrp_pci; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-28 18:59 - 2013-12-28 18:59 - 00017994 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-18 21:08 - 2013-12-18 21:08 - 00030180 _____ C:\Documents and Settings\Louise Lee\Desktop\attach.txt2013-12-18 21:08 - 2013-12-18 21:08 - 00018858 _____ C:\Documents and Settings\Louise Lee\Desktop\dds.txt2013-12-18 21:03 - 2013-12-18 21:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\dds.com2013-12-17 18:46 - 2013-12-17 18:50 - 00005203 _____ C:\WINDOWS\KB2879017-IE8.log2013-12-16 16:57 - 2013-12-16 16:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk2013-12-16 16:57 - 2013-12-16 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-13 09:48 - 2013-12-28 18:55 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\FRST-OlderVersion2013-12-12 16:23 - 2013-12-28 18:55 - 00000000 ____D C:\FRST2013-12-12 16:19 - 2013-12-28 18:55 - 01064037 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 - 2013-12-12 12:03 - 00000000 ____D C:\AdwCleaner2013-12-12 11:54 - 2013-12-12 11:55 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:39 - 2013-12-12 11:40 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:26 - 2013-12-12 10:27 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:09 - 2013-12-13 18:26 - 00018597 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:08 - 2013-12-12 03:09 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:02 - 2013-12-12 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-11 15:50 - 2013-12-12 03:09 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-11 15:50 - 2013-12-12 03:03 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-11 15:50 - 2013-12-12 03:02 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-11 15:49 - 2013-12-12 03:02 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 11:52 - 2013-12-11 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 - 2013-12-11 18:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 11:43 - 2013-12-11 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 11:41 - 2013-12-11 11:43 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 13:23 - 2013-12-01 19:30 - 00000211 _____ C:\Boot.bak2013-12-10 13:23 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2013-12-10 13:21 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe2013-12-10 13:21 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe2013-12-10 13:21 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe2013-12-10 13:21 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe2013-12-10 13:20 - 2013-12-10 14:01 - 00000000 ____D C:\Qoobox2013-12-10 13:19 - 2013-12-10 13:57 - 00000000 ____D C:\WINDOWS\erdnt2013-12-10 13:06 - 2013-12-10 13:07 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 19:52 - 2013-12-09 19:56 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00049270 _____ C:\WINDOWS\FaxSetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00023648 _____ C:\WINDOWS\ocgen.log2013-12-09 19:31 - 2013-12-17 18:50 - 00018873 _____ C:\WINDOWS\tsoc.log2013-12-09 19:31 - 2013-12-17 18:50 - 00016018 _____ C:\WINDOWS\comsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00009871 _____ C:\WINDOWS\ntdtcsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00007851 _____ C:\WINDOWS\iis6.log2013-12-09 19:31 - 2013-12-17 18:50 - 00002736 _____ C:\WINDOWS\ocmsn.log2013-12-09 19:31 - 2013-12-17 18:50 - 00002472 _____ C:\WINDOWS\msgsocm.log2013-12-09 19:31 - 2013-12-17 18:50 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-09 19:31 - 2013-12-12 03:10 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-09 19:29 - 2013-12-09 19:31 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:28 - 2013-12-17 18:57 - 00007648 _____ C:\WINDOWS\spupdsvc.log2013-12-09 19:28 - 2013-12-12 03:10 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:38 - 2013-12-09 19:31 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-08 19:33 - 2013-12-13 16:35 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-08 18:53 - 2013-12-18 21:27 - 00095411 _____ C:\WINDOWS\setupapi.log2013-12-08 18:53 - 2013-12-11 18:47 - 00000075 _____ C:\WINDOWS\setupact.log2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-12-08 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2013-12-08 15:30 - 2013-12-17 18:59 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-08 14:29 - 2013-12-28 18:59 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-08 14:24 - 2013-11-19 10:21 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:18 - 2013-12-08 14:19 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 19:45 - 2008-04-14 01:12 - 00116224 _____ (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll2013-12-03 19:45 - 2008-04-14 01:12 - 00018944 _____ () C:\WINDOWS\system32\dllcache\xrxscnui.dll2013-12-03 19:44 - 2008-04-14 01:12 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll2013-12-03 19:43 - 2008-04-13 19:36 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys2013-12-03 19:42 - 2008-04-13 19:45 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys2013-12-03 19:38 - 2008-04-14 01:12 - 00082944 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe2013-12-03 19:37 - 2008-04-13 19:40 - 00149376 _____ (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys2013-12-03 19:34 - 2008-04-13 19:40 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00016000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys2013-12-03 19:31 - 2008-04-13 19:45 - 00011520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys2013-12-03 19:31 - 2008-04-13 19:40 - 00043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys2013-12-03 19:30 - 2008-04-14 01:12 - 00029696 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll2013-12-03 19:30 - 2008-04-14 01:12 - 00027648 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll2013-12-03 19:29 - 2008-04-13 19:40 - 00079104 _____ (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys2013-12-03 19:28 - 2008-04-14 01:12 - 00363520 _____ C:\WINDOWS\system32\dllcache\psisdecd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00033280 _____ C:\WINDOWS\system32\dllcache\psisrndr.ax2013-12-03 19:28 - 2008-04-13 19:40 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys2013-12-03 19:27 - 2008-04-14 01:10 - 00259328 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll2013-12-03 19:27 - 2008-04-14 01:10 - 00211584 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll2013-12-03 19:27 - 2008-04-13 19:44 - 00028032 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys2013-12-03 19:27 - 2008-04-13 19:44 - 00027904 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys2013-12-03 19:27 - 2008-04-13 19:41 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys2013-12-03 19:27 - 2008-04-13 19:40 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys2013-12-03 19:25 - 2008-04-13 19:46 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys2013-12-03 19:24 - 2008-04-13 19:54 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys2013-12-03 19:22 - 2008-04-13 19:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys2013-12-03 19:22 - 2008-04-13 19:46 - 00049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys2013-12-03 19:21 - 2008-04-14 01:12 - 00056832 _____ C:\WINDOWS\system32\dllcache\msdvbnp.ax2013-12-03 19:21 - 2008-04-13 19:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys2013-12-03 19:21 - 2008-04-13 19:46 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys2013-12-03 19:20 - 2008-04-13 19:41 - 00026112 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys2013-12-03 19:20 - 2008-04-13 19:40 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys2013-12-03 19:19 - 2008-04-14 01:11 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll2013-12-03 19:19 - 2008-04-14 01:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll2013-12-03 19:19 - 2008-04-13 19:40 - 00034688 _____ (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys2013-12-03 19:18 - 2008-04-14 01:09 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll2013-12-03 19:17 - 2008-04-14 01:12 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe2013-12-03 19:17 - 2008-04-14 01:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll2013-12-03 19:17 - 2008-04-13 19:54 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys2013-12-03 19:15 - 2008-04-14 01:11 - 00702845 _____ (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll2013-12-03 19:13 - 2008-04-14 01:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll2013-12-03 19:13 - 2008-04-13 19:45 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys2013-12-03 19:13 - 2008-04-13 19:45 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys2013-12-03 19:13 - 2008-04-13 19:40 - 00028288 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys2013-12-03 19:13 - 2008-04-13 19:36 - 00020352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys2013-12-03 19:10 - 2008-04-14 01:12 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax2013-12-03 19:09 - 2008-04-13 19:40 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys2013-12-03 19:09 - 2008-04-13 19:39 - 00206976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys2013-12-03 19:07 - 2008-04-14 01:11 - 00249856 _____ (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll2013-12-03 19:07 - 2008-04-13 19:36 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys2013-12-03 19:07 - 2008-04-13 19:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys2013-12-03 19:06 - 2008-04-14 01:11 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll2013-12-03 19:06 - 2008-04-13 19:40 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys2013-12-03 19:05 - 2008-04-14 01:12 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax2013-12-03 19:05 - 2008-04-13 19:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00013696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys2013-12-03 19:05 - 2008-04-13 19:36 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys2013-12-03 19:03 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 17:34 - 2013-12-01 17:41 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b ==================== One Month Modified Files and Folders ======= 2013-12-28 18:59 - 2013-12-28 18:59 - 00017994 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-28 18:59 - 2013-12-08 14:29 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-28 18:56 - 2004-08-10 12:02 - 01801666 _____ C:\WINDOWS\WindowsUpdate.log2013-12-28 18:55 - 2013-12-13 09:48 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\FRST-OlderVersion2013-12-28 18:55 - 2013-12-12 16:23 - 00000000 ____D C:\FRST2013-12-28 18:55 - 2013-12-12 16:19 - 01064037 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-28 18:53 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-12-28 18:50 - 2004-08-10 11:59 - 00000157 _____ C:\WINDOWS\wiadebug.log2013-12-28 18:50 - 2004-08-10 11:59 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-12-28 18:49 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-12-27 20:40 - 2005-08-13 16:28 - 00000278 ___SH C:\Documents and Settings\Louise Lee\ntuser.ini2013-12-27 20:40 - 2004-08-10 12:08 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt2013-12-18 21:27 - 2013-12-08 18:53 - 00095411 _____ C:\WINDOWS\setupapi.log2013-12-18 21:08 - 2013-12-18 21:08 - 00030180 _____ C:\Documents and Settings\Louise Lee\Desktop\attach.txt2013-12-18 21:08 - 2013-12-18 21:08 - 00018858 _____ C:\Documents and Settings\Louise Lee\Desktop\dds.txt2013-12-18 21:03 - 2013-12-18 21:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\dds.com2013-12-17 18:59 - 2013-12-08 15:30 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-17 18:57 - 2013-12-09 19:28 - 00007648 _____ C:\WINDOWS\spupdsvc.log2013-12-17 18:57 - 2011-06-09 20:50 - 00026595 ____C C:\WINDOWS\system32\lvcoinst.log2013-12-17 18:50 - 2013-12-17 18:46 - 00005203 _____ C:\WINDOWS\KB2879017-IE8.log2013-12-17 18:50 - 2013-12-09 19:31 - 00049270 _____ C:\WINDOWS\FaxSetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00023648 _____ C:\WINDOWS\ocgen.log2013-12-17 18:50 - 2013-12-09 19:31 - 00018873 _____ C:\WINDOWS\tsoc.log2013-12-17 18:50 - 2013-12-09 19:31 - 00016018 _____ C:\WINDOWS\comsetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00009871 _____ C:\WINDOWS\ntdtcsetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00007851 _____ C:\WINDOWS\iis6.log2013-12-17 18:50 - 2013-12-09 19:31 - 00002736 _____ C:\WINDOWS\ocmsn.log2013-12-17 18:50 - 2013-12-09 19:31 - 00002472 _____ C:\WINDOWS\msgsocm.log2013-12-17 18:50 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-16 16:57 - 2013-12-16 16:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk2013-12-16 16:57 - 2013-12-16 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-16 16:56 - 2007-07-01 14:24 - 00000000 ____D C:\Program Files\Google2013-12-13 18:26 - 2013-12-12 03:09 - 00018597 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-13 16:36 - 2005-08-10 00:22 - 00000327 __RSH C:\boot.ini2013-12-13 16:36 - 2004-08-10 11:51 - 00000649 _____ C:\WINDOWS\win.ini2013-12-13 16:36 - 2004-08-10 11:51 - 00000243 _____ C:\WINDOWS\system.ini2013-12-13 16:35 - 2013-12-08 19:33 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-13 16:35 - 2009-05-25 14:45 - 00000000 ____D C:\WINDOWS\pss2013-12-13 14:11 - 2005-08-13 16:28 - 00000000 ____D C:\Documents and Settings\Louise Lee2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 12:10 - 2013-08-21 07:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2013-12-12 12:03 - 2013-12-12 11:56 - 00000000 ____D C:\AdwCleaner2013-12-12 11:55 - 2013-12-12 11:54 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:40 - 2013-12-12 11:39 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:27 - 2013-12-12 10:26 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:27 - 2004-08-10 11:57 - 00235168 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-12-12 03:10 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-12 03:10 - 2013-12-09 19:28 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-12 03:10 - 2009-09-22 12:35 - 00000000 ____D C:\WINDOWS\ie8updates2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:09 - 2013-12-12 03:08 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:09 - 2013-12-11 15:50 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-12 03:09 - 2007-02-18 22:01 - 00892346 ____C C:\WINDOWS\system32\TZLog.log2013-12-12 03:08 - 2013-07-29 20:19 - 00000000 ____D C:\WINDOWS\system32\MRT2013-12-12 03:03 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:03 - 2013-12-11 15:50 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-12 03:03 - 2005-09-23 18:10 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-12 03:02 - 2013-12-11 15:50 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-12 03:02 - 2013-12-11 15:49 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 18:54 - 2013-12-11 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 18:52 - 2013-12-11 11:44 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 18:52 - 2013-12-11 11:43 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 18:47 - 2013-12-08 18:53 - 00000075 _____ C:\WINDOWS\setupact.log2013-12-11 11:43 - 2013-12-11 11:41 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt2013-12-10 14:01 - 2013-12-10 13:20 - 00000000 ____D C:\Qoobox2013-12-10 13:57 - 2013-12-10 13:19 - 00000000 ____D C:\WINDOWS\erdnt2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 13:07 - 2013-12-10 13:06 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:14 - 2009-07-28 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple2013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 20:45 - 2009-09-22 09:44 - 00000000 ____D C:\Documents and Settings\Administrator2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\NetworkService2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\LocalService2013-12-09 20:45 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\Registration2013-12-09 20:44 - 2005-08-10 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe2013-12-09 20:44 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX2013-12-09 19:56 - 2013-12-09 19:52 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:51 - 2009-05-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live2013-12-09 19:31 - 2013-12-09 19:29 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:31 - 2013-12-09 16:38 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-09 19:29 - 2005-08-10 00:32 - 00000000 ___HD C:\WINDOWS\$hf_mig$2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 17:06 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Adobe2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:36 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-12-08 20:00 - 2005-08-10 00:18 - 00000000 ____D C:\i3862013-12-08 19:32 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Adobe2013-12-08 19:31 - 2005-08-29 18:52 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-12-08 19:30 - 2005-08-10 00:39 - 00000000 ____D C:\Program Files\Adobe2013-12-08 19:10 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\AdobeUM2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 18:39 - 2010-03-21 15:09 - 00000000 ____D C:\Documents and Settings\Louise Lee\Tracing2013-12-08 18:38 - 2008-11-27 23:01 - 00000000 ____D C:\WINDOWS\Minidump2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:54 - 2013-12-08 16:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 16:32 - 2007-07-01 14:24 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Skype2013-12-08 15:31 - 2013-02-13 04:00 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2013-12-08 15:07 - 2011-06-09 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:19 - 2013-12-08 14:18 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-08 13:49 - 2010-06-17 21:08 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk2013-12-08 13:37 - 2008-08-10 16:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:51 - 2009-09-22 09:44 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 18:00 - 2006-12-27 21:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926255$2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-03 16:56 - 2010-03-21 15:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:58 - 2004-08-10 11:57 - 00504528 ____C C:\WINDOWS\system32\PerfStringBackup.INI2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:46 - 2010-06-04 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 19:30 - 2013-12-10 13:23 - 00000211 _____ C:\Boot.bak2013-12-01 17:55 - 2007-07-01 14:24 - 00000000 ___RD C:\Program Files\Skype2013-12-01 17:55 - 2007-07-01 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-12-01 17:41 - 2013-12-01 17:34 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b2013-12-01 16:21 - 2005-11-13 10:23 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Unused Desktop Shortcuts ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Not sure if you need this file, additions from first run on 12-12-2013? Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013Ran by Louise Lee at 2013-12-12 16:26:30Running from C:\Documents and Settings\Louise Lee\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.4)Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)Adobe AIR (Version: 3.2.0.2070)Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)Adobe Flash Player 10 Plugin (Version: 10.3.183.7)Adobe Reader 6.0.1 (Version: 006.000.001)Adobe Shockwave Player 11.5 (Version: 11.5.1.601)Amazon Cloud Drive (HKCU Version: 2.1.2013.1340)Apple Application Support (Version: 2.3.6)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (Version: 2.1.3.127)ARTEuro (Version: 1.00.0000)Atheros USB Wireless LAN Driver Installer (Version: 1.00.7323)Autism Awareness 1.400 (Version: 1.400)B110 (Version: 140.0.283.000)Big Fish Games: Game Manager (Version: 3.0.1.60)Bonjour (Version: 3.0.0.10)BT Broadband Desktop Help (Version: 5.8.22.asst_classic.asst_install)BT Broadband Talk Softphone 3.1BT Yahoo! ApplicationsBTHomeHubBufferChm (Version: 140.0.212.000)CCleaner (Version: 4.08)Classic PhoneTools (Version: 4.24)Coupon Printer for Windows (Version: 5.0.0.0)Critical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolder (Version: 1.00.0000)Defenders of Law: The Rosendale FileDefraggler (Version: 2.08)Dell Driver Reset Tool (Version: 1.02.0000)Dell Media Experience (Version: 3.0)Dell Media Experience UpdateDell Picture Studio v3.0 (Version: 3.0.0)Dell Support Center (Version: 2.0.07311)Dell System Restore (Version: 2.00.0000)DellSupport (Version: 6.0.3062)DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)DJ_AIO_03_F2200_Software (Version: 100.0.206.000)DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)EPSON Printer SoftwareeSupportQFolder (Version: 1.00.0000)F2200 (Version: 100.0.206.000)F2200_Help (Version: 100.0.206.000)Fun School 6 - MagiclandG15A922EN (Version: 1.0.0.0)Google Chrome (Version: 31.0.1650.63)Google Earth (Version: 7.1.1.1888)Google Toolbar for Internet Explorer (Version: 1.0.0)Google Update Helper (Version: 1.3.22.3)GPBaseService (Version: 100.0.187.000)GPBaseService2 (Version: 130.0.371.000)Harry Potter Print Studio (Version: 1.0.7)Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)HiJackThis (Version: 1.0.0)HP Customer Participation Program 14.0 (Version: 14.0)HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)HP Laser Mobile Mouse Driver (Version: 1.1.0.0)HP Photo Creations (Version: 1.0.0.2024)HP Photosmart Essential 2.5 (Version: 1.02.0000)HP Photosmart Essential 2.5 (Version: 2.5)HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)HP Smart Web Printing 4.60 (Version: 4.60)HP Solution Center 14.0 (Version: 14.0)HP Update (Version: 5.002.005.003)HPAppStudio (Version: 140.0.95.000)HPProductAssistant (Version: 130.0.371.000)HPSSupply (Version: 100.0.170.000)Intel® 537EP V9x DFV PCI ModemIntel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)Intel® PRO Network Adapters and DriversIntel® PROSet for Wired Connections (Version: 8.00.5000)Internet Explorer Default Page (Version: 1.00.03)iTunes (Version: 11.1.3.8)Jasc Paint Shop Photo Album 5 (Version: 5.22)Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)Junk Mail filter update (Version: 14.0.8089.726)Kids Cam Show and Share Creativity Center (Version: )KODAK Share Button App (Version: 4.03.0000.0000)Learn2 Player (Uninstall Only)Logitech Legacy USB Camera Driver PackageLogitech Webcam Software (Version: 12.10.1113)Logitech Webcam Software Driver Package (Version: 12.10.1110)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Map Button (Windows Live Toolbar) (Version: 03.01.0146)MarketResearch (Version: 100.0.170.000)McDonald's Dragons (Version: )Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Choice Guard (Version: 2.0.48.0)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2000 Premium (Version: 9.00.2720)Microsoft Security Client (Version: 4.4.0304.0)Microsoft Security Essentials (Version: 4.4.304.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Works 7.0 (Version: 07.02.0620)MobileMe Control Panel (Version: 3.1.8.0)Modem Event MonitorModem Helper (Version: 2.40)Modem On Hold (Version: 1.12)MSNMSN Toolbar (Version: 4.0.0357.1)MSVCRT (Version: 14.0.1468.721)MSVCSetup (Version: 1.00.0000)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)My Way Search Assistant (Version: 1.0.256)MyDSC2 (Version: 1.00.000)Nero SuiteNetwork (Version: 140.0.215.000)Paint Shop Pro 7 Evaluation (Version: 7.0.0.0000)PowerDVD 5.5PS_AIO_07_B110_SW_Min (Version: 140.0.142.000)PSSWCORE (Version: 2.02.0000)QuickTime (Version: 7.74.80.86)QuickTransfer (Version: 140.0.98.000)Rapport (Version: 3.5.1304.15)RealPlayer BasicSafari (Version: 5.34.57.2)Scan (Version: 140.0.80.000)Segoe UI (Version: 14.0.4327.805)Serif DrawPlus 7.0 (Version: 7.0)Serif DrawPlus 7.0 Design CD (Version: 7.0)Shop for HP Supplies (Version: 14.0)Skype Click to Call (Version: 6.13.13771)Skype™ 6.3 (Version: 6.3.105)Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)SmartWebPrinting (Version: 140.0.186.000)SolutionCenter (Version: 130.0.373.000)Sonic DLA (Version: 4.98)Sonic MyDVD LE (Version: 6.1.1)Sonic RecordNow Audio (Version: 2.0.0)Sonic RecordNow Copy (Version: 2.0.0)Sonic RecordNow Data (Version: 2.0.0.1)Sonic Update Manager (Version: 3.0.0)Speccy (Version: 1.24)SUPERAntiSpyware Free Edition (Version: 4.29.0.1002)SystemMessages 1.0.0Toolbox (Version: 140.0.428.000)Trusteer Endpoint Protection (Version: 3.5.1304.15)UnloadSupport (Version: 10.0.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Windows Internet Explorer 8 (KB973874) (Version: 1)Update for Windows Internet Explorer 8 (KB976662) (Version: 1)Update for Windows Internet Explorer 8 (KB976749) (Version: 1)Update for Windows Internet Explorer 8 (KB980182) (Version: 1)Update for Windows Internet Explorer 8 (KB982632) (Version: 1)Update for Windows XP (KB2141007) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB2863058) (Version: 1)Update for Windows XP (KB2904266) (Version: 1)Update for Windows XP (KB951072-v2) (Version: 2)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB955839) (Version: 1)Update for Windows XP (KB961503) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB971737) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VideoToolkit01 (Version: 100.0.128.000)Wanadoo Europe Installer (Version: 1.02.008)WebFldrs XP (Version: 9.50.7523)WebReg (Version: 140.0.212.017)Windows Defender Signatures (Version: 1.20.0.0)Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.1)Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)Windows Imaging Component (Version: 3.0.0.0)Windows Internet Explorer 7 (Version: 20070813.185237)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Live Call (Version: 14.0.8064.0206)Windows Live Communications Platform (Version: 14.0.8098.930)Windows Live Essentials (Version: 14.0.8089.0726)Windows Live Essentials (Version: 14.0.8089.726)Windows Live Family Safety (Version: 14.0.8093.805)Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)Windows Live Mail (Version: 14.0.8089.0726)Windows Live Messenger (Version: 14.0.8089.0726)Windows Live Photo Gallery (Version: 14.0.8081.709)Windows Live Sign-in Assistant (Version: 5.000.818.6)Windows Live Sync (Version: 14.0.8089.726)Windows Live Toolbar (Version: 14.0.8064.206)Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)Windows Live Upload Tool (Version: 14.0.8014.1029)Windows Live Writer (Version: 14.0.8089.0726)Windows Media Format 11 runtimeWindows XP Service Pack 3 (Version: 20080414.031525)Yahoo! BrowserPlus 2.9.8Yahoo! Software UpdateZyDAS IEEE 802.11 b+g Wireless LAN - USB ==================== Restore Points ========================= 01-12-2013 17:34:17 Software Distribution Service 3.001-12-2013 20:11:26 Software Distribution Service 3.003-12-2013 20:20:41 Removed KODAK Share Button App.03-12-2013 18:24:02 System Checkpoint03-12-2013 19:49:06 Software Distribution Service 3.004-12-2013 03:00:41 Software Distribution Service 3.004-12-2013 11:21:47 Software Distribution Service 3.004-12-2013 21:05:55 Software Distribution Service 3.005-12-2013 09:51:05 Installed Rapport05-12-2013 10:10:13 Installed HiJackThis05-12-2013 10:36:14 Software Distribution Service 3.007-12-2013 16:18:45 Software Distribution Service 3.008-12-2013 13:32:39 pre removal of old restores08-12-2013 13:37:12 Removed Ad-Aware08-12-2013 14:11:25 Removed Tiscali Internet08-12-2013 14:24:41 Software Distribution Service 3.008-12-2013 14:55:33 Removed AVG Free 8.508-12-2013 15:00:51 Installed AVG Free 8.508-12-2013 16:35:10 Software Distribution Service 3.008-12-2013 18:35:27 pre cclean08-12-2013 18:40:39 Software Distribution Service 3.008-12-2013 22:03:58 Software Distribution Service 3.009-12-2013 15:01:33 Software Distribution Service 3.009-12-2013 16:35:48 Installed DirectX09-12-2013 16:47:30 Removed Google Earth.09-12-2013 19:28:21 Installed Windows Internet Explorer 8.09-12-2013 19:29:06 Software Distribution Service 3.009-12-2013 20:24:42 Restore Operation09-12-2013 20:32:38 Software Distribution Service 3.009-12-2013 20:36:48 Software Distribution Service 3.009-12-2013 20:39:28 Restore Operation09-12-2013 20:49:33 Software Distribution Service 3.009-12-2013 20:56:31 Software Distribution Service 3.010-12-2013 09:24:55 Software Distribution Service 3.010-12-2013 14:37:31 Software Distribution Service 3.011-12-2013 11:57:29 Software Distribution Service 3.012-12-2013 03:00:19 Software Distribution Service 3.012-12-2013 12:09:49 Installed Rapport12-12-2013 12:18:20 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2004-08-10 11:51 - 2013-12-12 12:10 - 00038987 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 08sr.combineads.info # hosts anti-adware / pups127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups127.0.0.1 2010-fr.com # hosts anti-adware / pups127.0.0.1 2012-new.biz # hosts anti-adware / pups127.0.0.1 212link.com # hosts anti-adware / pups127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups127.0.0.1 24h00business.com # hosts anti-adware / pups127.0.0.1 a.adorika.net # hosts anti-adware / pups127.0.0.1 a.ad-sys.com # hosts anti-adware / pups127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups127.0.0.1 ad.adn360.com # hosts anti-adware / pups127.0.0.1 adeartss.eu # hosts anti-adware / pups127.0.0.1 adesoeasy.eu # hosts anti-adware / pups127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups127.0.0.1 adm.soft365.com # hosts anti-adware / pups127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups127.0.0.1 ads.aff.co # hosts anti-adware / pups127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups127.0.0.1 ads.eorezo.com # hosts anti-adware / pups127.0.0.1 ads.hooqy.com # hosts anti-adware / pups127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups127.0.0.1 ads.realken.com # hosts anti-adware / pups127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups127.0.0.1 ads.tersecta.com # hosts anti-adware / pups There are 636 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exeTask: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00081920 _____ () C:\Program Files\BT Broadband Talk Softphone\APDIPhoneCtrl.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00077824 _____ () C:\Program Files\BT Broadband Talk Softphone\SnxHIDCtrl.dll2011-04-05 11:04 - 2006-05-08 12:06 - 00212992 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll2011-04-05 11:04 - 2006-09-01 10:13 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll2012-03-11 12:50 - 2013-12-12 12:13 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll2004-08-10 11:50 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2004-08-10 11:51 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2013-12-07 16:01 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll2013-12-07 16:01 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll2013-12-07 16:01 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Intel® 537EP V9x DFV PCI ModemDescription: Intel® 537EP V9x DFV PCI ModemClass Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}Manufacturer: Intel CorporationService: ModemProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (12/12/2013 01:58:48 PM) (Source: crypt32) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/09/2013 08:17:03 PM) (Source: Application Hang) (User: )Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors:=============Error: (12/12/2013 03:00:47 AM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/11/2013 10:39:51 AM) (Source: DCOM) (User: LOUISE)Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout. Error: (12/11/2013 10:37:29 AM) (Source: DCOM) (User: LOUISE)Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout. Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )Description: The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053 Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. Error: (12/10/2013 02:37:42 PM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2013 09:26:13 AM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/09/2013 08:47:15 PM) (Source: Microsoft Antimalware) (User: )Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: %24 Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: %600 Microsoft Office Sessions:=========================Error: (12/12/2013 01:58:48 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/09/2013 08:17:03 PM) (Source: Application Hang)(User: )Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 48%Total physical RAM: 2045.98 MBAvailable physical RAM: 1044.82 MBTotal Pagefile: 2659.38 MBAvailable Pagefile: 1702.18 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1941.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.04 GB) (Free:108.28 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 149 GB) (Disk ID: D0F4738C)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:770110 Share Posted December 28, 2013 Please uninstall ALL versions of Java. The logs show some old Java there still.Then run this toolRun JavaRaPlease download JavaRa and unzip it in a folder on your desktop.Double-click on JavaRa.exe to start the program.Click on Settings and Place a checkmark beside Create a log file. Click on Back.Click on Update JavaRa Definitions. Click on download. When this is done click on Back.Choose Remove JRE, since you already uninstalled Java, please click on Next.Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.When that's succesfully done, please click OK to close the message.Click on Next. Since you already downloaded the latest version of Java, please click on Next.Now click on Close this wizard and click Finish.From the main menu please choose Additional TasksPlace a checkmark beside Remove Outdated JRE Firefox Extentions and click Run. Mozilla Firefox should be closed before running this task.When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".A log file should be created in the same directory as JavaRa.Please post the log in your next reply.Close JavaRa by clicking the red cross button. Then download a new fresh copy of combofix. Delete your current copy. Then run a new scan and post back the new log. Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 29, 2013 Author ID:770192 Share Posted December 29, 2013 Log from run JavaRa User initialised redundant data purge....................... Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}Removed registry subkey tree: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}Removed registry subkey tree: Low RightsRemoved registry subkey tree: Browser Helper ObjectsRemoval routine completed successfully. 4 items have been deleted. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 29, 2013 Author ID:770200 Share Posted December 29, 2013 Combofix report ComboFix 13-12-26.01 - Louise Lee 29/12/2013 13:07:48.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1143 [GMT 0:00]Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-29 )))))))))))))))))))))))))))))))..2013-12-29 11:08 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBF227EA-ED9C-4885-BA18-40F57B2DF9E3}\mpengine.dll2013-12-27 20:26 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-12-12 16:23 . 2013-12-28 18:55 -------- d-----w- C:\FRST2013-12-12 12:10 . 2013-12-12 12:10 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 . 2013-12-12 12:03 -------- d-----w- C:\AdwCleaner2013-12-12 10:30 . 2013-12-12 10:30 -------- d-----w- c:\windows\ERUNT2013-12-11 11:52 . 2013-12-11 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 . 2013-12-11 18:52 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-12-05 10:10 . 2013-12-05 10:10 -------- d-----w- c:\program files\Trend Micro2013-12-04 18:04 . 2013-12-04 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 17:44 . 2013-12-04 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-12-04 17:44 . 2013-12-04 17:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2013-12-03 19:45 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll2013-12-03 19:45 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll2013-12-03 19:44 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-12-03 19:43 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys2013-12-03 19:42 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys2013-12-03 19:40 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys2013-12-03 19:40 . 2008-04-13 19:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys2013-12-03 19:38 . 2008-04-14 01:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe2013-12-03 19:37 . 2008-04-13 19:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys2013-12-03 19:34 . 2008-04-13 19:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys2013-12-03 19:34 . 2008-04-13 19:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys2013-12-03 19:34 . 2008-04-13 19:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys2013-12-03 19:31 . 2008-04-13 19:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys2013-12-03 19:31 . 2008-04-13 19:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys2013-12-03 19:30 . 2008-04-14 01:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll2013-12-03 19:30 . 2008-04-14 01:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll2013-12-03 19:29 . 2008-04-13 19:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys2013-12-03 19:28 . 2008-04-13 19:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys2013-12-03 19:28 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll2013-12-03 19:28 . 2008-04-14 01:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll2013-12-03 19:27 . 2008-04-13 19:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys2013-12-03 19:27 . 2008-04-13 19:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys2013-12-03 19:27 . 2008-04-14 01:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll2013-12-03 19:27 . 2008-04-13 19:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys2013-12-03 19:27 . 2008-04-14 01:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll2013-12-03 19:27 . 2008-04-13 19:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys2013-12-03 19:25 . 2008-04-13 19:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys2013-12-03 19:24 . 2008-04-13 19:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys2013-12-03 19:22 . 2008-04-13 19:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys2013-12-03 19:22 . 2008-04-13 19:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys2013-12-03 19:21 . 2008-04-13 19:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys2013-12-03 19:21 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys2013-12-03 19:20 . 2008-04-13 19:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys2013-12-03 19:20 . 2008-04-13 19:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys2013-12-03 19:19 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys2013-12-03 19:19 . 2008-04-14 01:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll2013-12-03 19:19 . 2008-04-14 01:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll2013-12-03 19:18 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll2013-12-03 19:17 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-12-03 19:17 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-12-03 19:17 . 2008-04-13 19:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys2013-12-03 19:15 . 2008-04-14 01:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll2013-12-03 19:13 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll2013-12-03 19:13 . 2008-04-13 19:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys2013-12-03 19:13 . 2008-04-13 19:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys2013-12-03 19:13 . 2008-04-13 19:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys2013-12-03 19:13 . 2008-04-13 19:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys2013-12-03 19:09 . 2008-04-13 19:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys2013-12-03 19:09 . 2008-04-13 19:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys2013-12-03 19:07 . 2008-04-14 01:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll2013-12-03 19:07 . 2008-04-13 19:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys2013-12-03 19:07 . 2008-04-13 19:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys2013-12-03 19:06 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys2013-12-03 19:06 . 2008-04-14 01:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll2013-12-03 19:05 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys2013-12-03 19:05 . 2008-04-13 19:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys2013-12-03 19:05 . 2008-04-13 19:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys2013-12-03 19:05 . 2008-04-13 19:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys2013-12-03 19:03 . 2008-04-13 19:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-12-03 19:03 . 2008-04-13 19:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-12-03 19:03 . 2008-04-13 19:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-12-03 17:27 . 2013-12-03 17:27 -------- d-----w- c:\program files\Speccy2013-12-01 17:34 . 2013-12-01 17:41 -------- d-----w- C:\8db07bf26ed4429d4cee488d537b...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-13 02:59 . 2004-08-10 11:51 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-10 11:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2004-08-10 11:51 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-29 07:57 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 07:57 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 00:45 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec2013-10-25 02:34 . 2013-10-25 02:34 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-10-23 23:45 . 2004-08-10 11:51 172032 ------w- c:\windows\system32\scrrun.dll2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2004-08-10 11:50 603136 ----a-w- c:\windows\system32\crypt32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:UDP"= 5353:UDP:Bonjour Port 5353.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/10/2013 02:34 108816]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [12/12/2013 12:13 340432]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/10/2013 02:34 157264]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/10/2013 02:34 230448]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/10/2013 02:34 1444120]R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 3275136]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [19/06/2007 01:21 18560]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08HPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2013-12-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = 127.0.0.1;*.localTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-29 13:26Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"NoChange"="1""Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(676)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(3144)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\pelscrll.dllc:\windows\system32\PELCOMM.dllc:\windows\system32\PELHOOKS.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Google\Update\GoogleUpdate.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\ICO.EXEc:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\Pelmiced.exe.**************************************************************************.Completion time: 2013-12-29 13:33:50 - machine was rebootedComboFix-quarantined-files.txt 2013-12-29 13:33ComboFix2.txt 2013-12-10 14:01.Pre-Run: 120,437,010,432 bytes freePost-Run: 120,579,883,008 bytes free.- - End Of File - - F3B6E7D75F1A7F91730C33D98451B9C3B16A2359F4962B0C622D81A1C1F4B703 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 29, 2013 Root Admin ID:770396 Share Posted December 29, 2013 I'm visiting the Grand kids today so I'll check on this later tonight or tomorrow and get back to you. We'll run some other tests to see what's going on. Please go ahead and run this antivirus scan and post back the results. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MBNOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.Shutdown your antivirus to avoid any conflicts while scanning.Once the scans have completed please re-enable your antivirus.If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection ModulesIf needed you can also temporarily disable it from starting with WindowsTemporarily turn off any other security add-ons or applications you may also have.Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.If it does not have a Digital Signature then do not run it.Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.Click on the Yes button to start the installer.Click OK to scan your computer in the Enhanced Protection ModeClick on the check box to agree to participate in their software improvement program.Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.Then click on the Start scanning button.If a threat is found you can click on the Action column in the program.Your options will be Cure or IgnoreIf you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.Then click on the Neutralize button.Once completed click on the green Open Report link. It will open the report in NOTEPADSave the report to your desktop. The report will be called Cureit.logClose Dr.Web Cureit!Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, attach the log Cureit.log you saved previously in your next reply.Re-Enable your antivirus and other security programs when all done. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 30, 2013 Author ID:770573 Share Posted December 30, 2013 Sorry experiencing a problem posting the full report, have managed to post the final 5 lines, will keep trying to find out why unable to post the full report. Hope you enjoyed your visit to grand children, lovely time of year to share time with them. Total 16923459521 bytes in 15185 files scanned (18261 objects)Total 15169 files (18241 objects) are cleanThere are no infected objects detectedTotal 20 files are raised error conditionScan time is 00:40:19.453 Link to post Share on other sites More sharing options...
Recommended Posts