isearch

tomtatsfield · December 7, 2013

Hello, help if possible please,

Have got to the point where help needed, the computer was very sluggish, having now improved that problem it will be possible to deal with any help available, I believe that several BHO's have taken over my normal search programs, one of which is the isearch coupled with AVG, Any help to eliminate this problem and assist with a clean up will be welcome.

The HJT report is below:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:23:45, on 05/12/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

C:\Documents and Settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Documents and Settings\Louise Lee\Desktop\SysinternalsSuite\autoruns.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={DEEFA64F-BEB9-4943-AE5F-F8A5058577B9}&mid=2edddb3104773f3c418ae7f90ae8483f-ae53dab08457cda185b6b43c068d28c21e4f8280〈=us&ds=AVG&pr=fr&d=2012-02-14 12:28:11&v=15.2.0.5&pid=avg&sg=0&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com/?fr=fp-bt-odtb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60195

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60195

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/?fr=fp-bt-odtb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60195

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60195

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/products/startup_code.html?PopSelected=0845-08456630221

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by BT Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode

O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe

O4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--

End of file - 16678 bytes

many thanks for any interest Tom

AdvancedSetup · December 10, 2013

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

tomtatsfield · December 10, 2013

Hi, thanks for interest log below:

ComboFix 13-12-08.01 - Louise Lee 10/12/2013 13:27:09.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT 0:00]

Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\xmlF5.tmp

c:\documents and settings\All Users\Application Data\xmlF6.tmp

c:\documents and settings\Louise Lee\WINDOWS

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\Cache

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\29f2617fa58da5fc.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\5cfdbacb8e12bbbe.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\67284cc75b9890c9.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\7c65f477e9ef4ffd.fb

c:\windows\system32\Cache\7d6770cb9d3de5cc.fb

c:\windows\system32\Cache\83adb2226c20152a.fb

c:\windows\system32\Cache\84f677799a0a8387.fb

c:\windows\system32\Cache\857e5d27d688cb21.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b0fffbacae2bcc67.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d23782dc0222f15e.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\e6c9ad164634e981.fb

c:\windows\system32\Cache\eae8753a3150741e.fb

c:\windows\system32\Cache\eccd321a4c175451.fb

c:\windows\system32\Cache\ee9fd946b6cde908.fb

c:\windows\system32\Cache\f39de21b04b2c8c4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\SET4F.tmp

c:\windows\system32\SET54.tmp

c:\windows\TEMP\logishrd\LVPrcInj02.dll

.

((((((((((((((((((((((((( Files Created from 2013-11-10 to 2013-12-10 )))))))))))))))))))))))))))))))

.

2013-12-10 13:52 . 2013-12-10 13:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod

2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes

2013-12-09 20:57 . 2013-11-07 17:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1996D44-5943-4988-9ADA-8D1E840C6E16}\mpengine.dll

2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository

2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google

2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs

2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner

2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client

2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-12-05 10:10 . 2013-12-05 10:10 -------- d-----w- c:\program files\Trend Micro

2013-12-04 18:04 . 2013-12-04 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2013-12-04 17:44 . 2013-12-04 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-12-04 17:44 . 2013-12-04 17:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2013-12-03 19:45 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-12-03 19:45 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-12-03 19:44 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2013-12-03 19:43 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2013-12-03 19:42 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2013-12-03 19:40 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2013-12-03 19:40 . 2008-04-13 19:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys

2013-12-03 19:38 . 2008-04-14 01:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe

2013-12-03 19:37 . 2008-04-13 19:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys

2013-12-03 19:34 . 2008-04-13 19:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys

2013-12-03 19:34 . 2008-04-13 19:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys

2013-12-03 19:34 . 2008-04-13 19:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2013-12-03 19:31 . 2008-04-13 19:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys

2013-12-03 19:31 . 2008-04-13 19:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys

2013-12-03 19:30 . 2008-04-14 01:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll

2013-12-03 19:30 . 2008-04-14 01:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll

2013-12-03 19:29 . 2008-04-13 19:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys

2013-12-03 19:28 . 2008-04-13 19:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2013-12-03 19:28 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll

2013-12-03 19:28 . 2008-04-14 01:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll

2013-12-03 19:27 . 2008-04-13 19:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2013-12-03 19:27 . 2008-04-13 19:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys

2013-12-03 19:27 . 2008-04-14 01:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2013-12-03 19:27 . 2008-04-13 19:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys

2013-12-03 19:27 . 2008-04-14 01:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll

2013-12-03 19:27 . 2008-04-13 19:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys

2013-12-03 19:25 . 2008-04-13 19:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2013-12-03 19:24 . 2008-04-13 19:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys

2013-12-03 19:22 . 2008-04-13 19:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2013-12-03 19:22 . 2008-04-13 19:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2013-12-03 19:21 . 2008-04-13 19:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2013-12-03 19:21 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2013-12-03 19:20 . 2008-04-13 19:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys

2013-12-03 19:20 . 2008-04-13 19:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys

2013-12-03 19:19 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2013-12-03 19:19 . 2008-04-14 01:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2013-12-03 19:19 . 2008-04-14 01:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2013-12-03 19:18 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2013-12-03 19:17 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2013-12-03 19:17 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2013-12-03 19:17 . 2008-04-13 19:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys

2013-12-03 19:15 . 2008-04-14 01:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2013-12-03 19:13 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2013-12-03 19:13 . 2008-04-13 19:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys

2013-12-03 19:13 . 2008-04-13 19:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys

2013-12-03 19:13 . 2008-04-13 19:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys

2013-12-03 19:13 . 2008-04-13 19:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys

2013-12-03 19:09 . 2008-04-13 19:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys

2013-12-03 19:09 . 2008-04-13 19:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2013-12-03 19:07 . 2008-04-14 01:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll

2013-12-03 19:07 . 2008-04-13 19:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys

2013-12-03 19:07 . 2008-04-13 19:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys

2013-12-03 19:06 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2013-12-03 19:06 . 2008-04-14 01:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll

2013-12-03 19:05 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys

2013-12-03 19:05 . 2008-04-13 19:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys

2013-12-03 19:05 . 2008-04-13 19:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys

2013-12-03 19:05 . 2008-04-13 19:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys

2013-12-03 19:03 . 2008-04-13 19:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys

2013-12-03 19:03 . 2008-04-13 19:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys

2013-12-03 19:03 . 2008-04-13 19:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2013-12-03 17:27 . 2013-12-03 17:27 -------- d-----w- c:\program files\Speccy

2013-12-01 17:34 . 2013-12-01 17:41 -------- d-----w- C:\8db07bf26ed4429d4cee488d537b

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-13 07:25 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-13 07:25 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-13 06:57 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec

2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59 . 2004-08-10 11:50 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 01:14 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-09-27 09:53 . 2013-09-27 09:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB}"= "c:\program files\Autism Awareness\Toolbar.dll" [2009-01-22 1257472]

.

[HKEY_CLASSES_ROOT\clsid\{bcf5b7b1-103a-4cfc-9794-af3f958a43cb}]

[HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]

[HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB}"= "c:\program files\Autism Awareness\Toolbar.dll" [2009-01-22 1257472]

.

[HKEY_CLASSES_ROOT\clsid\{bcf5b7b1-103a-4cfc-9794-af3f958a43cb}]

[HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]

[HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]

"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]

"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\

Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]

ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 23:18 97008]

R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [21/08/2013 07:08 330960]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 23:18 148688]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 23:18 222416]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/12/2013 16:54 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2013 16:54 701512]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 23:18 1435928]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 3275136]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/12/2013 16:53 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [19/06/2007 01:21 18560]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTIASO

*Deregistered* - RapportIaso

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

HPService REG_MULTI_SZ HPSLPSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 15:54]

.

2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 15:54]

.

2005-08-13 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

.

2013-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

HKLM-Run-hpqSRMon - (no file)

c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Jacquie Lawson Advent Calendar.lnk - c:\program files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe

c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Jacquie Lawson London Advent Calendar.lnk - c:\program files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe

c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe -boot

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe -check

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-12-10 13:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(5736)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\pelscrll.dll

c:\windows\system32\PELCOMM.dll

c:\windows\system32\PELHOOKS.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\ICO.EXE

c:\windows\system32\Pelmiced.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2013-12-10 14:01:49 - machine was rebooted

ComboFix-quarantined-files.txt 2013-12-10 14:01

.

Pre-Run: 115,276,259,328 bytes free

Post-Run: 116,961,710,080 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 37A204BEDF1F975ABB2180CE65AC54E3

B16A2359F4962B0C622D81A1C1F4B703

AdvancedSetup · December 11, 2013

Did you set that 127.0.0.1 internet proxy yourself ?

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

tomtatsfield · December 12, 2013

Sorry for delay computer running extremely slow, first log seems to have aborted after some 6 hrs of running?

Logs from Anti-Rootkit: Step 03

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

Database version: v2013.12.11.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

:: LOUISE [administrator]

11/12/2013 11:53:25

mbar-log-2013-12-11 (11-53-25).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 56203

Time elapsed: 6 hour(s), 57 minute(s), 52 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.660000 GHz

Memory total: 2145370112, free: 1167253504

Downloaded database version: v2013.12.11.02

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

12/11/2013 11:51:47

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

intelide.sys

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

MpFilter.sys

drvmcdb.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

RapportKELL.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\e100b325.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\sscdbhk5.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\senfilt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\i2omgmt.SYS

\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\drivers\ssrtln.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsl0d1c3ac2.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\drvnddm.sys

\SystemRoot\system32\dla\tfsndres.sys

\SystemRoot\system32\dla\tfsnifs.sys

\SystemRoot\system32\dla\tfsnopio.sys

\SystemRoot\system32\dla\tfsnpool.sys

\SystemRoot\system32\dla\tfsnboio.sys

\SystemRoot\system32\dla\tfsncofs.sys

\SystemRoot\system32\dla\tfsndrct.sys

\SystemRoot\system32\dla\tfsnudf.sys

\SystemRoot\system32\dla\tfsnudfa.sys

\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ASCTRM.SYS

\SystemRoot\system32\DRIVERS\dsunidrv.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\LVPr2Mon.sys

\SystemRoot\System32\Drivers\ZDPSp50.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsle5981980.sys

\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a7e1ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a7e2d98

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a7ef2a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a7e2d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.

Drivers scan is aborted.

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 306263160

Partition file system is NTFS

Partition is bootable

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 306343485 Numsec = 6152895

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...

Done!

Scan Interrupted

Scan was aborted.

=======================================

Removal queue found; removal started

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_80325_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.660000 GHz

Memory total: 2145370112, free: 1102073856

Downloaded database version: v2013.12.11.05

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

12/11/2013 18:53:46

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

intelide.sys

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

MpFilter.sys

drvmcdb.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

RapportKELL.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\e100b325.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\sscdbhk5.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\senfilt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\i2omgmt.SYS

\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\drivers\ssrtln.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{159D5A73-4E85-4440-AFDE-BEC823BEE1CB}\MpKsl0d1c3ac2.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\drvnddm.sys

\SystemRoot\system32\dla\tfsndres.sys

\SystemRoot\system32\dla\tfsnifs.sys

\SystemRoot\system32\dla\tfsnopio.sys

\SystemRoot\system32\dla\tfsnpool.sys

\SystemRoot\system32\dla\tfsnboio.sys

\SystemRoot\system32\dla\tfsncofs.sys

\SystemRoot\system32\dla\tfsndrct.sys

\SystemRoot\system32\dla\tfsnudf.sys

\SystemRoot\system32\dla\tfsnudfa.sys

\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ASCTRM.SYS

\SystemRoot\system32\DRIVERS\dsunidrv.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\LVPr2Mon.sys

\SystemRoot\System32\Drivers\ZDPSp50.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a7e1ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a7e2d98

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a7ef2a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a7e1ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a7e2d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.

Drivers scan is aborted.

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 306263160

Partition file system is NTFS

Partition is bootable

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 306343485 Numsec = 6152895

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...

Done!

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.660000 GHz

Memory total: 2145370112, free: 1764814848

=======================================

Continuing with step 04

tomtatsfield · December 12, 2013

JRT log Step 04

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Louise Lee on 12/12/2013 at 10:30:18.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.FCTB000041534Pos

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.FCTB000041534Pos.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.IEToolbar.3

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.JSOptionsImpl

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000041534.JSOptionsImpl.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.FCTB000041534Pos

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.FCTB000041534Pos.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbar.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.IEToolbar.3

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.JSOptionsImpl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000041534.JSOptionsImpl.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6245355D-8486-406B-BDFF-81F6DA71E28E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{810628c2-2ea7-4111-a5f0-ede9c660d94b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{810628c2-2ea7-4111-a5f0-ede9c660d94b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 12/12/2013 at 11:04:49.93

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tomtatsfield · December 12, 2013

Report Step 05:

# AdwCleaner v3.015 - Report created 12/12/2013 at 12:03:21

# Updated 10/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Louise Lee - LOUISE

# Running from : C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB35C569-5624-4CFC-8043-E5139F55A073}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\MyWaySA

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\Software\MyWaySA

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [searchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4927 octets] - [12/12/2013 11:57:05]

AdwCleaner[s0].txt - [4818 octets] - [12/12/2013 12:03:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4878 octets] ##########

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.12.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Louise Lee :: LOUISE [administrator]

Protection: Enabled

12/12/2013 12:14:28

mbam-log-2013-12-12 (12-14-28).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 248229

Time elapsed: 1 hour(s), 32 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Now moving on to Step 06

tomtatsfield · December 12, 2013

Report Step 06

Eset report:

C:\Documents and Settings\Louise Lee\My Documents\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D application

C:\Documents and Settings\Louise Lee\My Documents\Downloads\spsetup124.exe Win32/Bundled.Toolbar.Google.D application

tomtatsfield · December 12, 2013

Reports Step 07:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013

Ran by Louise Lee (administrator) on LOUISE on 12-12-2013 16:23:31

Running from C:\Documents and Settings\Louise Lee\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe

() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

() C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)

HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)

HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)

HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)

HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)

HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)

HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\WINDOWS\system32\ico.exe [53248 2008-04-02] (Primax Electronics Ltd.)

HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\realplay.exe [26112 2005-08-10] (RealNetworks, Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)

HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)

HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )

HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-09-14] (Alcatel-Lucent)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-12] ()

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)

HKCU\...\Run: [bTAgile] - C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe [61440 2007-06-18] ()

HKU\Administrator\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup

HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB

HKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start

HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk

ShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

Startup: C:\Documents and Settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/?fr=fp-bt-odtb

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {3CAAB66A-D417-4608-ADF1-F7B774728B39} URL = http://www.flickr.com/search/?q={searchTerms}

SearchScopes: HKCU - {4A854408-3E27-4343-AA36-1CBDF9B3AB5E} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

SearchScopes: HKCU - {58A7CA70-8734-4895-92DF-D4C753293510} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-bt-odtb

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {76F51BDE-5511-46F1-AAFE-369973FDCC5D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

BHO: No Name - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No File

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File

Toolbar: HKCU - Autism Awareness - {BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - C:\Program Files\Autism Awareness\Toolbar.dll ()

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: AutorunsDisabled - No CLSID Value - No File

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:

=======

CHR HomePage:

CHR DefaultSearchKeyword: google.co.uk

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File

CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Google Wallet) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()

S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-12] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-08-10] (Windows ® 2000 DDK provider)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2007-06-19] (LeapFrog)

R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)

S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)

S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)

S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)

S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-05-04] (Motive, Inc.)

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-05-29] (Motive, Inc.)

R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [17792 2008-04-22] (Primax Electronics Ltd.)

S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [19072 2008-06-02] (Primax Electronics Ltd.)

S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)

S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)

R4 RapportCerberus_56758; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-21] ()

R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-12] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38937 2005-03-24] (Service & Quality Technology.)

R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)

R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)

R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)

R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)

R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)

R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)

R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)

R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)

R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)

R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)

R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)

S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)

R3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 bvrp_pci; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

S3 wanatw; system32\DRIVERS\wanatw4.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 16:23 - 2013-12-12 16:24 - 00024279 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt

2013-12-12 16:23 - 2013-12-12 16:23 - 00000000 ____D C:\FRST

2013-12-12 16:19 - 2013-12-12 16:19 - 01060373 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe

2013-12-12 14:00 - 2013-12-12 14:00 - 00000000 ____D C:\Program Files\ESET

2013-12-12 12:10 - 2013-12-12 12:10 - 00000856 _____ C:\Documents and Settings\Louise Lee\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk

2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs

2013-12-12 11:56 - 2013-12-12 12:03 - 00000000 ____D C:\AdwCleaner

2013-12-12 11:54 - 2013-12-12 11:55 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe

2013-12-12 11:39 - 2013-12-12 11:40 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url

2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt

2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-12 10:26 - 2013-12-12 10:27 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe

2013-12-12 03:09 - 2013-12-12 03:10 - 00013727 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 03:08 - 2013-12-12 03:09 - 00005982 _____ C:\WINDOWS\KB2904266.log

2013-12-12 03:02 - 2013-12-12 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-11 15:50 - 2013-12-12 03:09 - 00012397 _____ C:\WINDOWS\KB2898715.log

2013-12-11 15:50 - 2013-12-12 03:03 - 00011222 _____ C:\WINDOWS\KB2893294.log

2013-12-11 15:50 - 2013-12-12 03:02 - 00011972 _____ C:\WINDOWS\KB2893984.log

2013-12-11 15:49 - 2013-12-12 03:02 - 00010676 _____ C:\WINDOWS\KB2892075.log

2013-12-11 11:52 - 2013-12-11 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-11 11:44 - 2013-12-11 18:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-11 11:43 - 2013-12-11 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar

2013-12-11 11:41 - 2013-12-11 11:43 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe

2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt

2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons

2013-12-10 13:23 - 2013-12-01 19:30 - 00000211 _____ C:\Boot.bak

2013-12-10 13:23 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr

2013-12-10 13:21 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-12-10 13:21 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-12-10 13:21 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-12-10 13:21 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-12-10 13:20 - 2013-12-10 14:01 - 00000000 ____D C:\Qoobox

2013-12-10 13:19 - 2013-12-10 13:57 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-10 13:06 - 2013-12-10 13:07 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe

2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk

2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

2013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod

2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Program Files\iTunes

2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing

2013-12-09 20:44 - 2013-12-09 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

2013-12-09 19:52 - 2013-12-09 19:56 - 00000716 _____ C:\WINDOWS\wmsetup.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00043111 _____ C:\WINDOWS\FaxSetup.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00016514 _____ C:\WINDOWS\tsoc.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00013988 _____ C:\WINDOWS\comsetup.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00008623 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00006870 _____ C:\WINDOWS\iis6.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-09 19:31 - 2013-12-12 03:10 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-09 19:31 - 2013-12-12 03:09 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-09 19:29 - 2013-12-09 19:31 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log

2013-12-09 19:28 - 2013-12-12 03:10 - 00004354 _____ C:\WINDOWS\updspapi.log

2013-12-09 19:28 - 2013-12-09 19:34 - 00007316 _____ C:\WINDOWS\spupdsvc.log

2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log

2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google

2013-12-09 16:38 - 2013-12-09 19:31 - 00074967 _____ C:\WINDOWS\ie8_main.log

2013-12-08 19:33 - 2013-12-10 09:44 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools

2013-12-08 18:53 - 2013-12-12 03:10 - 00055047 _____ C:\WINDOWS\setupapi.log

2013-12-08 18:53 - 2013-12-11 18:47 - 00000075 _____ C:\WINDOWS\setupact.log

2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner

2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-08 16:53 - 2013-12-08 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-12-08 16:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-12-08 15:30 - 2013-12-11 11:17 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk

2013-12-08 14:29 - 2013-12-12 12:15 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-12-08 14:24 - 2013-11-19 10:21 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif

2013-12-08 14:18 - 2013-12-08 14:19 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro

2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis

2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2013-12-03 19:45 - 2008-04-14 01:12 - 00116224 _____ (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2013-12-03 19:45 - 2008-04-14 01:12 - 00018944 _____ () C:\WINDOWS\system32\dllcache\xrxscnui.dll

2013-12-03 19:44 - 2008-04-14 01:12 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll

2013-12-03 19:43 - 2008-04-13 19:36 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys

2013-12-03 19:42 - 2008-04-13 19:45 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys

2013-12-03 19:40 - 2008-04-13 19:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys

2013-12-03 19:40 - 2008-04-13 19:45 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys

2013-12-03 19:38 - 2008-04-14 01:12 - 00082944 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe

2013-12-03 19:37 - 2008-04-13 19:40 - 00149376 _____ (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys

2013-12-03 19:34 - 2008-04-13 19:40 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys

2013-12-03 19:34 - 2008-04-13 19:36 - 00016000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys

2013-12-03 19:34 - 2008-04-13 19:36 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys

2013-12-03 19:31 - 2008-04-13 19:45 - 00011520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys

2013-12-03 19:31 - 2008-04-13 19:40 - 00043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys

2013-12-03 19:30 - 2008-04-14 01:12 - 00029696 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll

2013-12-03 19:30 - 2008-04-14 01:12 - 00027648 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll

2013-12-03 19:29 - 2008-04-13 19:40 - 00079104 _____ (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys

2013-12-03 19:28 - 2008-04-14 01:12 - 00363520 _____ C:\WINDOWS\system32\dllcache\psisdecd.dll

2013-12-03 19:28 - 2008-04-14 01:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll

2013-12-03 19:28 - 2008-04-14 01:12 - 00033280 _____ C:\WINDOWS\system32\dllcache\psisrndr.ax

2013-12-03 19:28 - 2008-04-13 19:40 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys

2013-12-03 19:27 - 2008-04-14 01:10 - 00259328 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll

2013-12-03 19:27 - 2008-04-14 01:10 - 00211584 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll

2013-12-03 19:27 - 2008-04-13 19:44 - 00028032 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys

2013-12-03 19:27 - 2008-04-13 19:44 - 00027904 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys

2013-12-03 19:27 - 2008-04-13 19:41 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys

2013-12-03 19:27 - 2008-04-13 19:40 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys

2013-12-03 19:25 - 2008-04-13 19:46 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys

2013-12-03 19:24 - 2008-04-13 19:54 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys

2013-12-03 19:22 - 2008-04-13 19:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys

2013-12-03 19:22 - 2008-04-13 19:46 - 00049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys

2013-12-03 19:21 - 2008-04-14 01:12 - 00056832 _____ C:\WINDOWS\system32\dllcache\msdvbnp.ax

2013-12-03 19:21 - 2008-04-13 19:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys

2013-12-03 19:21 - 2008-04-13 19:46 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys

2013-12-03 19:20 - 2008-04-13 19:41 - 00026112 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys

2013-12-03 19:20 - 2008-04-13 19:40 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys

2013-12-03 19:19 - 2008-04-14 01:11 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll

2013-12-03 19:19 - 2008-04-14 01:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll

2013-12-03 19:19 - 2008-04-13 19:40 - 00034688 _____ (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys

2013-12-03 19:18 - 2008-04-14 01:09 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll

2013-12-03 19:17 - 2008-04-14 01:12 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe

2013-12-03 19:17 - 2008-04-14 01:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll

2013-12-03 19:17 - 2008-04-13 19:54 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys

2013-12-03 19:15 - 2008-04-14 01:11 - 00702845 _____ (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll

2013-12-03 19:13 - 2008-04-14 01:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll

2013-12-03 19:13 - 2008-04-13 19:45 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys

2013-12-03 19:13 - 2008-04-13 19:45 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys

2013-12-03 19:13 - 2008-04-13 19:40 - 00028288 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys

2013-12-03 19:13 - 2008-04-13 19:36 - 00020352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys

2013-12-03 19:10 - 2008-04-14 01:12 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax

2013-12-03 19:09 - 2008-04-13 19:40 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys

2013-12-03 19:09 - 2008-04-13 19:39 - 00206976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys

2013-12-03 19:07 - 2008-04-14 01:11 - 00249856 _____ (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll

2013-12-03 19:07 - 2008-04-13 19:36 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys

2013-12-03 19:07 - 2008-04-13 19:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys

2013-12-03 19:06 - 2008-04-14 01:11 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll

2013-12-03 19:06 - 2008-04-13 19:40 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys

2013-12-03 19:05 - 2008-04-14 01:12 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax

2013-12-03 19:05 - 2008-04-13 19:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys

2013-12-03 19:05 - 2008-04-13 19:46 - 00013696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys

2013-12-03 19:05 - 2008-04-13 19:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys

2013-12-03 19:05 - 2008-04-13 19:36 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys

2013-12-03 19:03 - 2008-04-13 19:46 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys

2013-12-03 19:03 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys

2013-12-03 19:03 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys

2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy

2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$

2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$

2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$

2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$

2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

2013-12-01 17:34 - 2013-12-01 17:41 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b

==================== One Month Modified Files and Folders =======

2013-12-12 16:24 - 2013-12-12 16:23 - 00024279 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt

2013-12-12 16:23 - 2013-12-12 16:23 - 00000000 ____D C:\FRST

2013-12-12 16:19 - 2013-12-12 16:19 - 01060373 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe

2013-12-12 16:05 - 2010-03-21 15:54 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-12 14:05 - 2004-08-10 12:08 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-12 14:00 - 2013-12-12 14:00 - 00000000 ____D C:\Program Files\ESET

2013-12-12 12:24 - 2004-08-10 12:02 - 01281554 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-12 12:15 - 2013-12-08 14:29 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-12-12 12:10 - 2013-12-12 12:10 - 00000856 _____ C:\Documents and Settings\Louise Lee\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk

2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs

2013-12-12 12:10 - 2013-08-21 07:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

2013-12-12 12:08 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-12-12 12:06 - 2004-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-12 12:06 - 2004-08-10 11:59 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-12 12:05 - 2010-03-21 15:54 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-12 12:05 - 2005-08-13 16:28 - 00000278 ___SH C:\Documents and Settings\Louise Lee\ntuser.ini

2013-12-12 12:05 - 2005-08-13 16:28 - 00000000 ____D C:\Documents and Settings\Louise Lee

2013-12-12 12:05 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-12 12:03 - 2013-12-12 11:56 - 00000000 ____D C:\AdwCleaner

2013-12-12 11:55 - 2013-12-12 11:54 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe

2013-12-12 11:40 - 2013-12-12 11:39 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url

2013-12-12 11:04 - 2013-12-12 11:04 - 00006324 _____ C:\Documents and Settings\Louise Lee\Desktop\JRT.txt

2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-12 10:27 - 2013-12-12 10:26 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe

2013-12-12 03:27 - 2004-08-10 11:57 - 00235168 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-12 03:10 - 2013-12-12 03:09 - 00013727 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00043111 _____ C:\WINDOWS\FaxSetup.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00020692 _____ C:\WINDOWS\ocgen.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00016514 _____ C:\WINDOWS\tsoc.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00013988 _____ C:\WINDOWS\comsetup.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00008623 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00006870 _____ C:\WINDOWS\iis6.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00002394 _____ C:\WINDOWS\ocmsn.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00002163 _____ C:\WINDOWS\msgsocm.log

2013-12-12 03:10 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-12 03:10 - 2013-12-09 19:28 - 00004354 _____ C:\WINDOWS\updspapi.log

2013-12-12 03:10 - 2013-12-08 18:53 - 00055047 _____ C:\WINDOWS\setupapi.log

2013-12-12 03:10 - 2009-09-22 12:35 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 03:09 - 2013-12-12 03:08 - 00005982 _____ C:\WINDOWS\KB2904266.log

2013-12-12 03:09 - 2013-12-11 15:50 - 00012397 _____ C:\WINDOWS\KB2898715.log

2013-12-12 03:09 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-12 03:09 - 2007-02-18 22:01 - 00892346 ____C C:\WINDOWS\system32\TZLog.log

2013-12-12 03:08 - 2013-07-29 20:19 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-12 03:03 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 03:03 - 2013-12-11 15:50 - 00011222 _____ C:\WINDOWS\KB2893294.log

2013-12-12 03:03 - 2005-09-23 18:10 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-12 03:02 - 2013-12-11 15:50 - 00011972 _____ C:\WINDOWS\KB2893984.log

2013-12-12 03:02 - 2013-12-11 15:49 - 00010676 _____ C:\WINDOWS\KB2892075.log

2013-12-11 18:54 - 2013-12-11 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-11 18:52 - 2013-12-11 11:44 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-11 18:52 - 2013-12-11 11:43 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar

2013-12-11 18:47 - 2013-12-08 18:53 - 00000075 _____ C:\WINDOWS\setupact.log

2013-12-11 16:38 - 2011-07-11 15:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-12-11 11:43 - 2013-12-11 11:41 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe

2013-12-11 11:17 - 2013-12-08 15:30 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk

2013-12-10 14:01 - 2013-12-10 14:01 - 00025837 _____ C:\ComboFix.txt

2013-12-10 14:01 - 2013-12-10 13:20 - 00000000 ____D C:\Qoobox

2013-12-10 13:57 - 2013-12-10 13:19 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-10 13:52 - 2004-08-10 11:51 - 00000243 _____ C:\WINDOWS\system.ini

2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons

2013-12-10 13:23 - 2005-08-10 00:22 - 00000327 __RSH C:\boot.ini

2013-12-10 13:07 - 2013-12-10 13:06 - 05153091 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe

2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk

2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Program Files\iTunes

2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod

2013-12-10 10:14 - 2009-07-28 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-10 09:44 - 2013-12-08 19:33 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools

2013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing

2013-12-09 20:45 - 2009-09-22 09:44 - 00000000 ____D C:\Documents and Settings\Administrator

2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-12-09 20:45 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\Registration

2013-12-09 20:44 - 2013-12-09 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

2013-12-09 20:44 - 2010-07-08 07:36 - 00000000 ___HD C:\WINDOWS\msdownld.tmp

2013-12-09 20:44 - 2005-08-10 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

2013-12-09 20:44 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX

2013-12-09 19:56 - 2013-12-09 19:52 - 00000716 _____ C:\WINDOWS\wmsetup.log

2013-12-09 19:51 - 2009-05-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live

2013-12-09 19:34 - 2013-12-09 19:28 - 00007316 _____ C:\WINDOWS\spupdsvc.log

2013-12-09 19:31 - 2013-12-09 19:29 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log

2013-12-09 19:31 - 2013-12-09 16:38 - 00074967 _____ C:\WINDOWS\ie8_main.log

2013-12-09 19:29 - 2005-08-10 00:32 - 00000000 ___HD C:\WINDOWS\$hf_mig$

2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log

2013-12-09 17:06 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Adobe

2013-12-09 16:47 - 2007-07-01 14:24 - 00000000 ____D C:\Program Files\Google

2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google

2013-12-09 16:36 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-12-08 20:00 - 2005-08-10 00:18 - 00000000 ____D C:\i386

2013-12-08 19:32 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Adobe

2013-12-08 19:31 - 2005-08-29 18:52 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-12-08 19:30 - 2005-08-10 00:39 - 00000000 ____D C:\Program Files\Adobe

2013-12-08 19:10 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\AdobeUM

2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-08 18:39 - 2010-03-21 15:09 - 00000000 ____D C:\Documents and Settings\Louise Lee\Tracing

2013-12-08 18:38 - 2008-11-27 23:01 - 00000000 ____D C:\WINDOWS\Minidump

2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner

2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-12-08 16:54 - 2013-12-08 16:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-12-08 16:32 - 2007-07-01 14:24 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Skype

2013-12-08 15:31 - 2013-02-13 04:00 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2013-12-08 15:07 - 2011-06-09 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech

2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif

2013-12-08 14:19 - 2013-12-08 14:18 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

2013-12-08 13:49 - 2010-06-17 21:08 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

2013-12-08 13:37 - 2008-08-10 16:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro

2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis

2013-12-04 18:51 - 2009-09-22 09:44 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini

2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2013-12-04 18:00 - 2006-12-27 21:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926255$

2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy

2013-12-03 16:56 - 2010-03-21 15:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-12-01 20:58 - 2004-08-10 11:57 - 00504528 ____C C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$

2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$

2013-12-01 20:49 - 2011-06-09 20:50 - 00023469 ____C C:\WINDOWS\system32\lvcoinst.log

2013-12-01 20:46 - 2010-06-04 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$

2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$

2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

2013-12-01 19:30 - 2013-12-10 13:23 - 00000211 _____ C:\Boot.bak

2013-12-01 19:30 - 2004-08-10 11:51 - 00000649 _____ C:\WINDOWS\win.ini

2013-12-01 19:25 - 2009-05-25 14:45 - 00000000 ____D C:\WINDOWS\pss

2013-12-01 17:55 - 2007-07-01 14:24 - 00000000 ___RD C:\Program Files\Skype

2013-12-01 17:55 - 2007-07-01 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

2013-12-01 17:41 - 2013-12-01 17:34 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b

2013-12-01 16:21 - 2005-11-13 10:23 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Unused Desktop Shortcuts

2013-11-19 10:21 - 2013-12-08 14:24 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2013-11-13 02:59 - 2004-08-10 11:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2013-11-13 02:59 - 2004-08-10 11:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imagehlp.dll

2013-11-13 01:13 - 2007-01-29 08:58 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe

Some content of TEMP:

====================

C:\Documents and Settings\Louise Lee\Local Settings\temp\Install_HOSTS_Anti-Adware.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013

Ran by Louise Lee at 2013-12-12 16:26:30

Running from C:\Documents and Settings\Louise Lee\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.4)

Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)

Adobe AIR (Version: 3.2.0.2070)

Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)

Adobe Flash Player 10 Plugin (Version: 10.3.183.7)

Adobe Reader 6.0.1 (Version: 006.000.001)

Adobe Shockwave Player 11.5 (Version: 11.5.1.601)

Amazon Cloud Drive (HKCU Version: 2.1.2013.1340)

Apple Application Support (Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (Version: 2.1.3.127)

ARTEuro (Version: 1.00.0000)

Atheros USB Wireless LAN Driver Installer (Version: 1.00.7323)

Autism Awareness 1.400 (Version: 1.400)

B110 (Version: 140.0.283.000)

Big Fish Games: Game Manager (Version: 3.0.1.60)

Bonjour (Version: 3.0.0.10)

BT Broadband Desktop Help (Version: 5.8.22.asst_classic.asst_install)

BT Broadband Talk Softphone 3.1

BT Yahoo! Applications

BTHomeHub

BufferChm (Version: 140.0.212.000)

CCleaner (Version: 4.08)

Classic PhoneTools (Version: 4.24)

Coupon Printer for Windows (Version: 5.0.0.0)

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder (Version: 1.00.0000)

Defenders of Law: The Rosendale File

Defraggler (Version: 2.08)

Dell Driver Reset Tool (Version: 1.02.0000)

Dell Media Experience (Version: 3.0)

Dell Media Experience Update

Dell Picture Studio v3.0 (Version: 3.0.0)

Dell Support Center (Version: 2.0.07311)

Dell System Restore (Version: 2.00.0000)

DellSupport (Version: 6.0.3062)

DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)

DJ_AIO_03_F2200_Software (Version: 100.0.206.000)

DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)

EPSON Printer Software

eSupportQFolder (Version: 1.00.0000)

F2200 (Version: 100.0.206.000)

F2200_Help (Version: 100.0.206.000)

Fun School 6 - Magicland

G15A922EN (Version: 1.0.0.0)

Google Chrome (Version: 31.0.1650.63)

Google Earth (Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Update Helper (Version: 1.3.22.3)

GPBaseService (Version: 100.0.187.000)

GPBaseService2 (Version: 130.0.371.000)

Harry Potter Print Studio (Version: 1.0.7)

Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)

HiJackThis (Version: 1.0.0)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)

HP Laser Mobile Mouse Driver (Version: 1.1.0.0)

HP Photo Creations (Version: 1.0.0.2024)

HP Photosmart Essential 2.5 (Version: 1.02.0000)

HP Photosmart Essential 2.5 (Version: 2.5)

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (Version: 5.002.005.003)

HPAppStudio (Version: 140.0.95.000)

HPProductAssistant (Version: 130.0.371.000)

HPSSupply (Version: 100.0.170.000)

Intel® 537EP V9x DFV PCI Modem

Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections (Version: 8.00.5000)

Internet Explorer Default Page (Version: 1.00.03)

iTunes (Version: 11.1.3.8)

Jasc Paint Shop Photo Album 5 (Version: 5.22)

Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)

Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)

Junk Mail filter update (Version: 14.0.8089.726)

Kids Cam Show and Share Creativity Center (Version: )

KODAK Share Button App (Version: 4.03.0000.0000)

Learn2 Player (Uninstall Only)

Logitech Legacy USB Camera Driver Package

Logitech Webcam Software (Version: 12.10.1113)

Logitech Webcam Software Driver Package (Version: 12.10.1110)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Map Button (Windows Live Toolbar) (Version: 03.01.0146)

MarketResearch (Version: 100.0.170.000)

McDonald's Dragons (Version: )

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium (Version: 9.00.2720)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works 7.0 (Version: 07.02.0620)

MobileMe Control Panel (Version: 3.1.8.0)

Modem Event Monitor

Modem Helper (Version: 2.40)

Modem On Hold (Version: 1.12)

MSN

MSN Toolbar (Version: 4.0.0357.1)

MSVCRT (Version: 14.0.1468.721)

MSVCSetup (Version: 1.00.0000)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)

My Way Search Assistant (Version: 1.0.256)

MyDSC2 (Version: 1.00.000)

Nero Suite

Network (Version: 140.0.215.000)

Paint Shop Pro 7 Evaluation (Version: 7.0.0.0000)

PowerDVD 5.5

PS_AIO_07_B110_SW_Min (Version: 140.0.142.000)

PSSWCORE (Version: 2.02.0000)

QuickTime (Version: 7.74.80.86)

QuickTransfer (Version: 140.0.98.000)

Rapport (Version: 3.5.1304.15)

RealPlayer Basic

Safari (Version: 5.34.57.2)

Scan (Version: 140.0.80.000)

Segoe UI (Version: 14.0.4327.805)

Serif DrawPlus 7.0 (Version: 7.0)

Serif DrawPlus 7.0 Design CD (Version: 7.0)

Shop for HP Supplies (Version: 14.0)

Skype Click to Call (Version: 6.13.13771)

Skype™ 6.3 (Version: 6.3.105)

Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)

SmartWebPrinting (Version: 140.0.186.000)

SolutionCenter (Version: 130.0.373.000)

Sonic DLA (Version: 4.98)

Sonic MyDVD LE (Version: 6.1.1)

Sonic RecordNow Audio (Version: 2.0.0)

Sonic RecordNow Copy (Version: 2.0.0)

Sonic RecordNow Data (Version: 2.0.0.1)

Sonic Update Manager (Version: 3.0.0)

Speccy (Version: 1.24)

SUPERAntiSpyware Free Edition (Version: 4.29.0.1002)

SystemMessages 1.0.0

Toolbox (Version: 140.0.428.000)

Trusteer Endpoint Protection (Version: 3.5.1304.15)

UnloadSupport (Version: 10.0.0)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 8 (KB973874) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

Update for Windows Internet Explorer 8 (KB982632) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2863058) (Version: 1)

Update for Windows XP (KB2904266) (Version: 1)

Update for Windows XP (KB951072-v2) (Version: 2)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB955839) (Version: 1)

Update for Windows XP (KB961503) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VideoToolkit01 (Version: 100.0.128.000)

Wanadoo Europe Installer (Version: 1.02.008)

WebFldrs XP (Version: 9.50.7523)

WebReg (Version: 140.0.212.017)

Windows Defender Signatures (Version: 1.20.0.0)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.1)

Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Imaging Component (Version: 3.0.0.0)

Windows Internet Explorer 7 (Version: 20070813.185237)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8064.0206)

Windows Live Communications Platform (Version: 14.0.8098.930)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Family Safety (Version: 14.0.8093.805)

Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live Photo Gallery (Version: 14.0.8081.709)

Windows Live Sign-in Assistant (Version: 5.000.818.6)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live Toolbar (Version: 14.0.8064.206)

Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8089.0726)

Windows Media Format 11 runtime

Windows XP Service Pack 3 (Version: 20080414.031525)

Yahoo! BrowserPlus 2.9.8

Yahoo! Software Update

ZyDAS IEEE 802.11 b+g Wireless LAN - USB

==================== Restore Points =========================

01-12-2013 17:34:17 Software Distribution Service 3.0

01-12-2013 20:11:26 Software Distribution Service 3.0

03-12-2013 20:20:41 Removed KODAK Share Button App.

03-12-2013 18:24:02 System Checkpoint

03-12-2013 19:49:06 Software Distribution Service 3.0

04-12-2013 03:00:41 Software Distribution Service 3.0

04-12-2013 11:21:47 Software Distribution Service 3.0

04-12-2013 21:05:55 Software Distribution Service 3.0

05-12-2013 09:51:05 Installed Rapport

05-12-2013 10:10:13 Installed HiJackThis

05-12-2013 10:36:14 Software Distribution Service 3.0

07-12-2013 16:18:45 Software Distribution Service 3.0

08-12-2013 13:32:39 pre removal of old restores

08-12-2013 13:37:12 Removed Ad-Aware

08-12-2013 14:11:25 Removed Tiscali Internet

08-12-2013 14:24:41 Software Distribution Service 3.0

08-12-2013 14:55:33 Removed AVG Free 8.5

08-12-2013 15:00:51 Installed AVG Free 8.5

08-12-2013 16:35:10 Software Distribution Service 3.0

08-12-2013 18:35:27 pre cclean

08-12-2013 18:40:39 Software Distribution Service 3.0

08-12-2013 22:03:58 Software Distribution Service 3.0

09-12-2013 15:01:33 Software Distribution Service 3.0

09-12-2013 16:35:48 Installed DirectX

09-12-2013 16:47:30 Removed Google Earth.

09-12-2013 19:28:21 Installed Windows Internet Explorer 8.

09-12-2013 19:29:06 Software Distribution Service 3.0

09-12-2013 20:24:42 Restore Operation

09-12-2013 20:32:38 Software Distribution Service 3.0

09-12-2013 20:36:48 Software Distribution Service 3.0

09-12-2013 20:39:28 Restore Operation

09-12-2013 20:49:33 Software Distribution Service 3.0

09-12-2013 20:56:31 Software Distribution Service 3.0

10-12-2013 09:24:55 Software Distribution Service 3.0

10-12-2013 14:37:31 Software Distribution Service 3.0

11-12-2013 11:57:29 Software Distribution Service 3.0

12-12-2013 03:00:19 Software Distribution Service 3.0

12-12-2013 12:09:49 Installed Rapport

12-12-2013 12:18:20 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-10 11:51 - 2013-12-12 12:10 - 00038987 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 08sr.combineads.info # hosts anti-adware / pups

127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups

127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups

127.0.0.1 2010-fr.com # hosts anti-adware / pups

127.0.0.1 2012-new.biz # hosts anti-adware / pups

127.0.0.1 212link.com # hosts anti-adware / pups

127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups

127.0.0.1 24h00business.com # hosts anti-adware / pups

127.0.0.1 a.adorika.net # hosts anti-adware / pups

127.0.0.1 a.ad-sys.com # hosts anti-adware / pups

127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups

127.0.0.1 ad.adn360.com # hosts anti-adware / pups

127.0.0.1 adeartss.eu # hosts anti-adware / pups

127.0.0.1 adesoeasy.eu # hosts anti-adware / pups

127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups

127.0.0.1 adm.soft365.com # hosts anti-adware / pups

127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups

127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups

127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups

127.0.0.1 ads.aff.co # hosts anti-adware / pups

127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups

127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups

127.0.0.1 ads.eorezo.com # hosts anti-adware / pups

127.0.0.1 ads.hooqy.com # hosts anti-adware / pups

127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups

127.0.0.1 ads.realken.com # hosts anti-adware / pups

127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

127.0.0.1 ads.tersecta.com # hosts anti-adware / pups

There are 636 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exe

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2008-04-04 21:05 - 2007-06-18 08:00 - 00081920 _____ () C:\Program Files\BT Broadband Talk Softphone\APDIPhoneCtrl.dll

2008-04-04 21:05 - 2007-06-18 08:00 - 00077824 _____ () C:\Program Files\BT Broadband Talk Softphone\SnxHIDCtrl.dll

2011-04-05 11:04 - 2006-05-08 12:06 - 00212992 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll

2011-04-05 11:04 - 2006-09-01 10:13 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll

2012-03-11 12:50 - 2013-12-12 12:13 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll

2004-08-10 11:50 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-10 11:51 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2013-12-07 16:01 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-07 16:01 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-07 16:01 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Intel® 537EP V9x DFV PCI Modem

Description: Intel® 537EP V9x DFV PCI Modem

Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Manufacturer: Intel Corporation

Service: Modem

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/12/2013 01:58:48 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.

Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.

Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.

Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.

Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.

Error: (12/09/2013 08:17:03 PM) (Source: Application Hang) (User: )

Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:

=============

Error: (12/12/2013 03:00:47 AM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808).

Error: (12/11/2013 10:39:51 AM) (Source: DCOM) (User: LOUISE)

Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout.

Error: (12/11/2013 10:37:29 AM) (Source: DCOM) (User: LOUISE)

Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout.

Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )

Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:

%%1053

Error: (12/11/2013 09:50:09 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (12/10/2013 02:37:42 PM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808).

Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )

Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2013 01:19:43 PM) (Source: Service Control Manager) (User: )

Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2013 09:26:13 AM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808).

Error: (12/09/2013 08:47:15 PM) (Source: Microsoft Antimalware) (User: )

Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: %600

Microsoft Office Sessions:

=========================

Error: (12/12/2013 01:58:48 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/12/2013 01:55:16 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/12/2013 10:28:35 AM) (Source: MPSampleSubmission)(User: )

Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/12/2013 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL)

Error: (12/10/2013 02:37:40 PM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL)

Error: (12/10/2013 01:18:51 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/10/2013 09:26:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL)

Error: (12/09/2013 08:50:58 PM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL)

Error: (12/09/2013 08:37:47 PM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL)

Error: (12/09/2013 08:17:03 PM) (Source: Application Hang)(User: )

Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 48%

Total physical RAM: 2045.98 MB

Available physical RAM: 1044.82 MB

Total Pagefile: 2659.38 MB

Available Pagefile: 1702.18 MB

Total Virtual: 2047.88 MB

Available Virtual: 1941.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.04 GB) (Free:108.28 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 149 GB) (Disk ID: D0F4738C)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

AdvancedSetup · December 12, 2013

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

tomtatsfield · December 13, 2013

Report 07 (2) Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01

Ran by Louise Lee at 2013-12-13 09:48:24 Run:1

Running from C:\Documents and Settings\Louise Lee\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)

HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://upload.facebo...toUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://upload.facebo...oUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exe

*****************

"C:\Program Files\Windows Defender" => Not Found

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CAAB66A-D417-4608-ADF1-F7B774728B39} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{3CAAB66A-D417-4608-ADF1-F7B774728B39} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A854408-3E27-4343-AA36-1CBDF9B3AB5E} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{4A854408-3E27-4343-AA36-1CBDF9B3AB5E} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58A7CA70-8734-4895-92DF-D4C753293510} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{58A7CA70-8734-4895-92DF-D4C753293510} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76F51BDE-5511-46F1-AAFE-369973FDCC5D} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{76F51BDE-5511-46F1-AAFE-369973FDCC5D} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key deleted successfully.

HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.

HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.

HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully.

HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} => Key deleted successfully.

HKCR\CLSID\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.

HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => Value deleted successfully.

HKCR\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => Value deleted successfully.

HKCR\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Value deleted successfully.

HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value deleted successfully.

HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully.

HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.

HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} => Value deleted successfully.

HKCR\CLSID\{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully.

HKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83} => Key deleted successfully.

HKCR\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} => Key deleted successfully.

HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.

HKCR\CLSID\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key deleted successfully.

HKCR\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968} => Key deleted successfully.

HKCR\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.

HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.

HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.

HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key deleted successfully.

HKCR\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key deleted successfully.

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => Moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\WINDOWS\Tasks\ISP signup reminder 1.job => Moved successfully.

The system needs a manual reboot.

==== End of Fixlog ====

AdvancedSetup · December 13, 2013

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer and run the following

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera

tomtatsfield · December 13, 2013

Hello, I followed your instruction with TFC and have followed the instructions for resetting the browsers, but since doing that the computer has now gone back to working very sluggish, prior to the resets the computer was loading into a working state in approximately 2.5 to 3 minutes and the only problem was that IE would not load from the desktop Icon, now unfortunately the computer is taking over 4 minutes to load and all operations are extremely sluggish, probably 2 minutes into google from the desktop icon. Interestingly on every cold start updates are being installed or at least the update shield is evident in the task bar.

Maybe I have upset something, are there any further checks possible? Thank you for your help so far.

AdvancedSetup · December 13, 2013

Actually I just ran into this issue myself sort of on a new install of Windows XP. It seems that Microsoft has broken Windows Update with one of their latest updates for XP. Let me see if I can find that article and information and post back for you. If I've not replied back within 24 hours please send me PM.

Thanks

AdvancedSetup · December 16, 2013

Sorry for the delay and thank you for the PM reminder.

From this article it appears that Microsoft broke the Windows update process on XP and this fix is supposed to fix it.
Windows XP update locks machines with SVCHOST redlined at 100%: Fix it with KB 2879017

Please review that article and make sure you're not having this issue and that all your Windows updates are up to date and the svchost.exe is not consuming all your resources with Windows update.

tomtatsfield · December 17, 2013

Thanks things seem a little better, I have a bing bar update that is plaguing me constantly, but the update never imstalls?

The redline with the CPU seems to have cleared. is there anything else to check?

Thanks again

AdvancedSetup · December 18, 2013

Please temporarily disable your antivirus and run a new DDS scan and post back the new logs.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt

Save both reports to your desktop
Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
You can ignore the note about zipping the Attach.txt file and just post it or attach it.

tomtatsfield · December 24, 2013

Hello Ron, Seasons Greeting

It appears that my sending of the two DDS files have gone AWOL, so below are a repeat sending of these files, sorry, was about to send a PM but checking before sending I discovered I hadn't sent them. my apologies.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Louise Lee at 21:06:07 on 2013-12-18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1195 [GMT 0:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uWindow Title = Windows Internet Explorer provided by BT Yahoo!

uProxyOverride = 127.0.0.1;*.local

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: AutorunsDisabled - <orphaned>

BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Real.com: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll

uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe

uRun: [bTAgile] c:\program files\bt broadband talk softphone\BTAgile.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\louise~1\startm~1\programs\startup\autoru~1\amazon~1.lnk - c:\documents and settings\louise lee\local settings\apps\2.0\zncx8eh3.30r\kvgxx92q.5oa\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Filter: AutorunsDisabled - <Clsid value has no data>

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]

R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-12-12 340432]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-21 54752]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-8 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-8 701512]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-8 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2013-12-18 21:02:00 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b52a01c-eeb9-4a51-b7cd-2f4119b8b829}\mpengine.dll

2013-12-17 18:43:45 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-12-12 16:23:11 -------- d-----w- C:\FRST

2013-12-12 12:10:17 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs

2013-12-12 11:56:44 -------- d-----w- C:\AdwCleaner

2013-12-12 10:30:15 -------- d-----w- c:\windows\ERUNT

2013-12-11 11:52:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)

2013-12-11 11:44:45 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-12-10 13:23:09 -------- d-sha-r- C:\cmdcons

2013-12-10 13:21:02 98816 ----a-w- c:\windows\sed.exe

2013-12-10 13:21:02 256000 ----a-w- c:\windows\PEV.exe

2013-12-10 13:21:02 208896 ----a-w- c:\windows\MBR.exe

2013-12-10 10:14:41 -------- d-----w- c:\program files\iPod

2013-12-10 10:13:35 -------- d-----w- c:\program files\iTunes

2013-12-10 10:13:35 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-09 20:45:45 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-12-09 20:45:45 -------- d-----w- c:\windows\system32\wbem\Repository

2013-12-09 16:44:23 -------- d-----w- C:\Google

2013-12-09 16:31:10 -------- d-----w- c:\windows\Logs

2013-12-08 17:33:19 -------- d-----w- c:\program files\CCleaner

2013-12-08 16:53:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-08 16:53:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-12-08 14:24:42 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-12-08 14:18:24 -------- d-----w- c:\program files\Microsoft Security Client

2013-12-05 10:10:15 388096 ----a-r- c:\documents and settings\louise lee\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2013-12-05 10:10:13 -------- d-----w- c:\program files\Trend Micro

2013-12-03 19:45:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-12-03 19:45:35 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-12-03 19:44:24 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2013-12-03 19:43:25 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2013-12-03 19:42:32 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2013-12-03 19:40:33 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2013-12-03 19:40:30 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys

2013-12-03 19:38:22 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe

2013-12-03 19:37:22 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys

2013-12-03 19:34:42 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys

2013-12-03 19:34:03 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys

2013-12-03 19:34:02 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2013-12-03 19:31:41 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys

2013-12-03 19:31:12 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys

2013-12-03 19:30:06 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll

2013-12-03 19:30:04 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll

2013-12-03 19:29:37 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys

2013-12-03 19:28:45 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2013-12-03 19:28:30 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll

2013-12-03 19:28:18 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll

2013-12-03 19:27:58 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2013-12-03 19:27:52 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys

2013-12-03 19:27:07 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2013-12-03 19:27:05 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys

2013-12-03 19:27:04 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll

2013-12-03 19:27:03 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys

2013-12-03 19:25:31 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2013-12-03 19:24:45 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys

2013-12-03 19:22:32 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2013-12-03 19:22:10 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2013-12-03 19:21:50 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2013-12-03 19:21:27 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2013-12-03 19:20:57 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys

2013-12-03 19:20:14 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys

2013-12-03 19:19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2013-12-03 19:19:24 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2013-12-03 19:19:23 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2013-12-03 19:18:22 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2013-12-03 19:17:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2013-12-03 19:17:54 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2013-12-03 19:17:53 88192 ----a-w- c:\windows\system32\dllcache\irda.sys

2013-12-03 19:15:58 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2013-12-03 19:13:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2013-12-03 19:13:52 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys

2013-12-03 19:13:31 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys

2013-12-03 19:13:21 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys

2013-12-03 19:13:20 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys

2013-12-03 19:09:54 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys

2013-12-03 19:09:41 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2013-12-03 19:07:51 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll

2013-12-03 19:07:30 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys

2013-12-03 19:07:18 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys

2013-12-03 19:06:58 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2013-12-03 19:06:37 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll

2013-12-03 19:05:25 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys

2013-12-03 19:05:19 14208 ----a-w- c:\windows\system32\dllcache\battc.sys

2013-12-03 19:05:09 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys

2013-12-03 19:05:08 38912 ----a-w- c:\windows\system32\dllcache\avc.sys

2013-12-03 19:03:44 48128 ----a-w- c:\windows\system32\dllcache\61883.sys

2013-12-03 19:03:44 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys

2013-12-03 19:03:41 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2013-12-03 17:27:01 -------- d-----w- c:\program files\Speccy

2013-12-01 17:34:41 -------- d-----w- C:\8db07bf26ed4429d4cee488d537b

.

==================== Find3M ====================

.

2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec

2013-10-25 02:34:18 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2013-10-23 23:45:49 172032 ------w- c:\windows\system32\scrrun.dll

2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 21:08:00.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 13/08/2005 17:27:45

System Uptime: 18/12/2013 20:49:21 (1 hours ago)

.

Motherboard: Dell Computer Corp. | | 0TC666

Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2661/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 107.031 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Intel® 537EP V9x DFV PCI Modem

Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Manufacturer: Intel Corporation

Name: Intel® 537EP V9x DFV PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Service: Modem

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0

Service: E100B

.

==== System Restore Points ===================

.

RP1854: 01/12/2013 17:34:17 - Software Distribution Service 3.0

RP1855: 01/12/2013 20:11:26 - Software Distribution Service 3.0

RP1856: 03/12/2013 20:20:41 - Removed KODAK Share Button App.

RP1857: 03/12/2013 18:24:02 - System Checkpoint

RP1858: 03/12/2013 19:49:06 - Software Distribution Service 3.0

RP1859: 04/12/2013 03:00:41 - Software Distribution Service 3.0

RP1860: 04/12/2013 11:21:47 - Software Distribution Service 3.0

RP1861: 04/12/2013 21:05:55 - Software Distribution Service 3.0

RP1862: 05/12/2013 09:51:05 - Installed Rapport

RP1863: 05/12/2013 10:10:13 - Installed HiJackThis

RP1864: 05/12/2013 10:36:14 - Software Distribution Service 3.0

RP1865: 07/12/2013 16:18:45 - Software Distribution Service 3.0

RP1866: 08/12/2013 13:32:39 - pre removal of old restores

RP1867: 08/12/2013 13:37:12 - Removed Ad-Aware

RP1868: 08/12/2013 14:11:25 - Removed Tiscali Internet

RP1869: 08/12/2013 14:24:41 - Software Distribution Service 3.0

RP1870: 08/12/2013 14:55:33 - Removed AVG Free 8.5

RP1871: 08/12/2013 15:00:51 - Installed AVG Free 8.5

RP1872: 08/12/2013 16:35:10 - Software Distribution Service 3.0

RP1873: 08/12/2013 18:35:27 - pre cclean

RP1874: 08/12/2013 18:40:39 - Software Distribution Service 3.0

RP1875: 08/12/2013 22:03:58 - Software Distribution Service 3.0

RP1876: 09/12/2013 15:01:33 - Software Distribution Service 3.0

RP1877: 09/12/2013 16:35:48 - Installed DirectX

RP1878: 09/12/2013 16:47:30 - Removed Google Earth.

RP1879: 09/12/2013 19:28:21 - Installed Windows Internet Explorer 8.

RP1880: 09/12/2013 19:29:06 - Software Distribution Service 3.0

RP1881: 09/12/2013 20:24:42 - Restore Operation

RP1882: 09/12/2013 20:32:38 - Software Distribution Service 3.0

RP1883: 09/12/2013 20:36:48 - Software Distribution Service 3.0

RP1884: 09/12/2013 20:39:28 - Restore Operation

RP1885: 09/12/2013 20:49:33 - Software Distribution Service 3.0

RP1886: 09/12/2013 20:56:31 - Software Distribution Service 3.0

RP1887: 10/12/2013 09:24:55 - Software Distribution Service 3.0

RP1888: 10/12/2013 14:37:31 - Software Distribution Service 3.0

RP1889: 11/12/2013 11:57:29 - Software Distribution Service 3.0

RP1890: 12/12/2013 03:00:19 - Software Distribution Service 3.0

RP1891: 12/12/2013 12:09:49 - Installed Rapport

RP1892: 12/12/2013 12:18:20 - Software Distribution Service 3.0

RP1893: 12/12/2013 18:51:11 - Software Distribution Service 3.0

RP1894: 13/12/2013 09:52:54 - Software Distribution Service 3.0

RP1895: 13/12/2013 14:23:22 - Software Distribution Service 3.0

RP1896: 13/12/2013 14:28:55 - Software Distribution Service 3.0

RP1897: 13/12/2013 18:23:34 - Software Distribution Service 3.0

RP1898: 14/12/2013 12:34:39 - Software Distribution Service 3.0

RP1899: 14/12/2013 16:41:07 - Software Distribution Service 3.0

RP1900: 14/12/2013 17:56:51 - Software Distribution Service 3.0

RP1901: 14/12/2013 18:16:27 - Software Distribution Service 3.0

RP1902: 16/12/2013 11:50:25 - Software Distribution Service 3.0

RP1903: 16/12/2013 20:40:21 - Software Distribution Service 3.0

RP1904: 17/12/2013 18:42:32 - Software Distribution Service 3.0

RP1905: 17/12/2013 18:50:26 - Installed Windows XP KB2879017.

RP1906: 17/12/2013 18:56:00 - Software Distribution Service 3.0

RP1907: 17/12/2013 19:06:45 - Software Distribution Service 3.0

RP1908: 18/12/2013 21:01:16 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Acrobat - Reader 6.0.2 Update

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 6.0.1

Adobe Shockwave Player 11.5

Amazon Cloud Drive

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARTEuro

Atheros USB Wireless LAN Driver Installer

Autism Awareness 1.400

B110

Big Fish Games: Game Manager

Bonjour

BT Broadband Desktop Help

BT Broadband Talk Softphone 3.1

BT Yahoo! Applications

BTHomeHub

BufferChm

CCleaner

Classic PhoneTools

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

Defenders of Law: The Rosendale File

Defraggler

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

Dell Picture Studio v3.0

Dell Support Center

Dell System Restore

DellSupport

DJ_AIO_03_F2200_ProductContext

DJ_AIO_03_F2200_Software

DJ_AIO_03_F2200_Software_Min

EPSON Printer Software

eSupportQFolder

F2200

F2200_Help

Fun School 6 - Magicland

G15A922EN

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService

GPBaseService2

Harry Potter Print Studio

Highlight Viewer (Windows Live Toolbar)

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

HP Laser Mobile Mouse Driver

HP Photo Creations

HP Photosmart Essential 2.5

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPProductAssistant

HPSSupply

Intel® 537EP V9x DFV PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Junk Mail filter update

Kids Cam Show and Share Creativity Center

KODAK Share Button App

Learn2 Player (Uninstall Only)

Logitech Legacy USB Camera Driver Package

Logitech Webcam Software

Logitech Webcam Software Driver Package

Malwarebytes Anti-Malware version 1.75.0.1300

Map Button (Windows Live Toolbar)

MarketResearch

McDonald's Dragons

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works 7.0

MobileMe Control Panel

Modem Event Monitor

Modem Helper

Modem On Hold

MSN

MSN Toolbar

MSVCRT

MSVCSetup

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

My Way Search Assistant

MyDSC2

Nero Suite

Network

Paint Shop Pro 7 Evaluation

PowerDVD 5.5

PS_AIO_07_B110_SW_Min

PSSWCORE

QuickTime

QuickTransfer

Rapport

RealPlayer Basic

Safari

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Serif DrawPlus 7.0

Serif DrawPlus 7.0 Design CD

Shop for HP Supplies

Skype Click to Call

Skype™ 6.3

Smart Menus (Windows Live Toolbar)

SmartWebPrinting

SolutionCenter

Sonic DLA

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Speccy

SUPERAntiSpyware Free Edition

SystemMessages 1.0.0

Toolbox

Trusteer Endpoint Protection

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB2904266)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoToolkit01

Wanadoo Europe Installer

WebFldrs XP

WebReg

Windows Defender Signatures

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Favorites for Windows Live Toolbar

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! BrowserPlus 2.9.8

Yahoo! Software Update

ZyDAS IEEE 802.11 b+g Wireless LAN - USB

.

==== Event Viewer Messages From Past Week ========

.

17/12/2013 19:15:25, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

17/12/2013 19:15:25, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/12/2013 19:15:25, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

14/12/2013 16:45:58, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1906.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

13/12/2013 14:10:06, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:06, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:06, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:06, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:06, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:05, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

13/12/2013 14:10:05, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

13/12/2013 14:10:05, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

13/12/2013 09:28:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HOSTS Anti-PUPs service to connect.

13/12/2013 09:28:54, error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/12/2013 03:00:47, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808).

11/12/2013 09:50:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

11/12/2013 09:50:09, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

AdvancedSetup · December 27, 2013

Sorry for the delay but my web browser had this marked as read already. I may have had it open in a multi tab windows and accidentally closed it without a reply.

The computer shows a proxy is set on your system as well as some other issues still.

Let me have you run FRST again and post back a new log and we'll look at a few more cleanup routines.

Thanks

tomtatsfield · December 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01

Ran by Louise Lee (administrator) on LOUISE on 28-12-2013 18:59:14