tomtatsfield Posted December 30, 2013 Author ID:770577 Share Posted December 30, 2013 Hello Ron, not sure if the posting of cure.it report is due to the size, so thought of sending it in a zip file, please find this attached. cure.it.zip Regards Tom Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 30, 2013 Root Admin ID:770748 Share Posted December 30, 2013 Okay as I'm sure you saw that looks good. No infections found by that scanner. Let me have you run the following and we'll look at finishing up here. Let me know if you're still experiencing any type of issues related to malware as well. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
tomtatsfield Posted December 31, 2013 Author ID:771093 Share Posted December 31, 2013 Hi, The Computer is much more responsive,Browsers: Google and Safari respond OK using Desk top icons and all programs, IE unfortunately is not responding to Desk Top Icon or the all programs list. this doesn't present a problem as My grandaughter uses Google for most browsing and email access. A Bing update keeps coming up but when run it always returns with a message unable to update, not sure why Rogue search programs are now clear, thank you. FRST report: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013Ran by Louise Lee (administrator) on LOUISE on 31-12-2013 11:40:16Running from C:\Documents and Settings\Louise Lee\DesktopMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE() C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\WINDOWS\system32\ico.exe [53248 2008-04-02] (Primax Electronics Ltd.)HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\realplay.exe [26112 2005-08-10] (RealNetworks, Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-09-14] (Alcatel-Lucent)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)HKCU\...\Run: [bTAgile] - C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe [61440 2007-06-18] ()HKU\Administrator\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupHKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /startHKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startupStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnkShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()Startup: C:\Documents and Settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcomeHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: AutorunsDisabled - No CLSID Value - No FileFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No FileCHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No FileCHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0CHR Extension: (Google Wallet) - C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ========================== Services (Whitelisted) ================= S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-08-10] (Windows ® 2000 DDK provider)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2007-06-19] (LeapFrog)R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-05-04] (Motive, Inc.)S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-05-29] (Motive, Inc.)R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA))S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [17792 2008-04-22] (Primax Electronics Ltd.)S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [19072 2008-06-02] (Primax Electronics Ltd.)S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-12] ()R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38937 2005-03-24] (Service & Quality Technology.)R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)R3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))S3 bvrp_pci; No ImagePathS3 catchme; \??\C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\catchme.sys [x]S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-31 11:40 - 2013-12-31 11:41 - 00017274 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-31 11:39 - 2013-12-31 11:39 - 01064333 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-31 10:43 - 2013-12-31 10:44 - 00000349 _____ C:\Documents and Settings\Louise Lee\Desktop\Yahoo Mail.url2013-12-30 11:33 - 2013-12-30 11:33 - 00115627 _____ C:\Documents and Settings\Louise Lee\Desktop\cure.it.zip2013-12-30 11:00 - 2013-12-30 11:00 - 01278317 _____ C:\Documents and Settings\Louise Lee\Desktop\cure.it.txt2013-12-30 09:37 - 2013-12-30 10:28 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt2013-12-30 09:37 - 2013-12-30 09:37 - 00000000 ____D C:\Documents and Settings\Louise Lee\Doctor Web2013-12-30 09:37 - 2013-12-30 09:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web2013-12-30 09:19 - 2013-12-30 09:33 - 139414056 _____ C:\Documents and Settings\Louise Lee\Desktop\drweb-cureit.exe2013-12-29 13:33 - 2013-12-29 13:33 - 00021047 _____ C:\ComboFix.txt2013-12-29 13:04 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe2013-12-29 13:04 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe2013-12-29 13:04 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe2013-12-29 13:04 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe2013-12-29 13:03 - 2013-12-29 13:33 - 00000000 ____D C:\Qoobox2013-12-29 13:01 - 2013-12-29 13:01 - 05158590 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\New Folder2013-12-29 11:42 - 2013-12-29 12:01 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\JavaRa2013-12-18 21:03 - 2013-12-18 21:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\dds.com2013-12-17 18:46 - 2013-12-17 18:50 - 00005203 _____ C:\WINDOWS\KB2879017-IE8.log2013-12-16 16:57 - 2013-12-16 16:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk2013-12-16 16:57 - 2013-12-16 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-13 09:48 - 2013-12-28 18:55 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\FRST-OlderVersion2013-12-12 16:23 - 2013-12-28 18:55 - 00000000 ____D C:\FRST2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 - 2013-12-12 12:03 - 00000000 ____D C:\AdwCleaner2013-12-12 11:54 - 2013-12-12 11:55 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:39 - 2013-12-12 11:40 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:26 - 2013-12-12 10:27 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:09 - 2013-12-13 18:26 - 00018597 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:08 - 2013-12-12 03:09 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:02 - 2013-12-12 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-11 15:50 - 2013-12-12 03:09 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-11 15:50 - 2013-12-12 03:03 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-11 15:50 - 2013-12-12 03:02 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-11 15:49 - 2013-12-12 03:02 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 11:52 - 2013-12-11 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 - 2013-12-11 18:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 11:43 - 2013-12-11 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 11:41 - 2013-12-11 11:43 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 13:23 - 2013-12-01 19:30 - 00000211 _____ C:\Boot.bak2013-12-10 13:23 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2013-12-10 13:19 - 2013-12-29 13:02 - 00000000 ____D C:\WINDOWS\erdnt2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:13 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 19:52 - 2013-12-09 19:56 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00049270 _____ C:\WINDOWS\FaxSetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00023648 _____ C:\WINDOWS\ocgen.log2013-12-09 19:31 - 2013-12-17 18:50 - 00018873 _____ C:\WINDOWS\tsoc.log2013-12-09 19:31 - 2013-12-17 18:50 - 00016018 _____ C:\WINDOWS\comsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00009871 _____ C:\WINDOWS\ntdtcsetup.log2013-12-09 19:31 - 2013-12-17 18:50 - 00007851 _____ C:\WINDOWS\iis6.log2013-12-09 19:31 - 2013-12-17 18:50 - 00002736 _____ C:\WINDOWS\ocmsn.log2013-12-09 19:31 - 2013-12-17 18:50 - 00002472 _____ C:\WINDOWS\msgsocm.log2013-12-09 19:31 - 2013-12-17 18:50 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-09 19:31 - 2013-12-12 03:10 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-09 19:29 - 2013-12-09 19:31 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:28 - 2013-12-17 18:57 - 00007648 _____ C:\WINDOWS\spupdsvc.log2013-12-09 19:28 - 2013-12-12 03:10 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:38 - 2013-12-09 19:31 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-08 19:33 - 2013-12-29 11:46 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-08 18:53 - 2013-12-30 20:18 - 00099014 _____ C:\WINDOWS\setupapi.log2013-12-08 18:53 - 2013-12-30 20:18 - 00000150 _____ C:\WINDOWS\setupact.log2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-12-08 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 16:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2013-12-08 15:30 - 2013-12-30 10:52 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-08 14:29 - 2013-12-31 10:45 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-08 14:24 - 2013-11-19 10:21 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:18 - 2013-12-08 14:19 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 19:45 - 2008-04-14 01:12 - 00116224 _____ (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll2013-12-03 19:45 - 2008-04-14 01:12 - 00018944 _____ () C:\WINDOWS\system32\dllcache\xrxscnui.dll2013-12-03 19:44 - 2008-04-14 01:12 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll2013-12-03 19:43 - 2008-04-13 19:36 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys2013-12-03 19:42 - 2008-04-13 19:45 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys2013-12-03 19:40 - 2008-04-13 19:45 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys2013-12-03 19:38 - 2008-04-14 01:12 - 00082944 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe2013-12-03 19:37 - 2008-04-13 19:40 - 00149376 _____ (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys2013-12-03 19:34 - 2008-04-13 19:40 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00016000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys2013-12-03 19:34 - 2008-04-13 19:36 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys2013-12-03 19:31 - 2008-04-13 19:45 - 00011520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys2013-12-03 19:31 - 2008-04-13 19:40 - 00043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys2013-12-03 19:30 - 2008-04-14 01:12 - 00029696 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll2013-12-03 19:30 - 2008-04-14 01:12 - 00027648 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll2013-12-03 19:29 - 2008-04-13 19:40 - 00079104 _____ (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys2013-12-03 19:28 - 2008-04-14 01:12 - 00363520 _____ C:\WINDOWS\system32\dllcache\psisdecd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll2013-12-03 19:28 - 2008-04-14 01:12 - 00033280 _____ C:\WINDOWS\system32\dllcache\psisrndr.ax2013-12-03 19:28 - 2008-04-13 19:40 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys2013-12-03 19:27 - 2008-04-14 01:10 - 00259328 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll2013-12-03 19:27 - 2008-04-14 01:10 - 00211584 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll2013-12-03 19:27 - 2008-04-13 19:44 - 00028032 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys2013-12-03 19:27 - 2008-04-13 19:44 - 00027904 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys2013-12-03 19:27 - 2008-04-13 19:41 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys2013-12-03 19:27 - 2008-04-13 19:40 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys2013-12-03 19:25 - 2008-04-13 19:46 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys2013-12-03 19:24 - 2008-04-13 19:54 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys2013-12-03 19:22 - 2008-04-13 19:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys2013-12-03 19:22 - 2008-04-13 19:46 - 00049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys2013-12-03 19:21 - 2008-04-14 01:12 - 00056832 _____ C:\WINDOWS\system32\dllcache\msdvbnp.ax2013-12-03 19:21 - 2008-04-13 19:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys2013-12-03 19:21 - 2008-04-13 19:46 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys2013-12-03 19:20 - 2008-04-13 19:41 - 00026112 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys2013-12-03 19:20 - 2008-04-13 19:40 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys2013-12-03 19:19 - 2008-04-14 01:11 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll2013-12-03 19:19 - 2008-04-14 01:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll2013-12-03 19:19 - 2008-04-13 19:40 - 00034688 _____ (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys2013-12-03 19:18 - 2008-04-14 01:09 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll2013-12-03 19:17 - 2008-04-14 01:12 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe2013-12-03 19:17 - 2008-04-14 01:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll2013-12-03 19:17 - 2008-04-13 19:54 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys2013-12-03 19:15 - 2008-04-14 01:11 - 00702845 _____ (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll2013-12-03 19:13 - 2008-04-14 01:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll2013-12-03 19:13 - 2008-04-13 19:45 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys2013-12-03 19:13 - 2008-04-13 19:45 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys2013-12-03 19:13 - 2008-04-13 19:40 - 00028288 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys2013-12-03 19:13 - 2008-04-13 19:36 - 00020352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys2013-12-03 19:10 - 2008-04-14 01:12 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax2013-12-03 19:09 - 2008-04-13 19:40 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys2013-12-03 19:09 - 2008-04-13 19:39 - 00206976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys2013-12-03 19:07 - 2008-04-14 01:11 - 00249856 _____ (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll2013-12-03 19:07 - 2008-04-13 19:36 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys2013-12-03 19:07 - 2008-04-13 19:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys2013-12-03 19:06 - 2008-04-14 01:11 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll2013-12-03 19:06 - 2008-04-13 19:40 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys2013-12-03 19:05 - 2008-04-14 01:12 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax2013-12-03 19:05 - 2008-04-13 19:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00013696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys2013-12-03 19:05 - 2008-04-13 19:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys2013-12-03 19:05 - 2008-04-13 19:36 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys2013-12-03 19:03 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys2013-12-03 19:03 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 17:34 - 2013-12-01 17:41 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b ==================== One Month Modified Files and Folders ======= 2013-12-31 11:41 - 2013-12-31 11:40 - 00017274 _____ C:\Documents and Settings\Louise Lee\Desktop\FRST.txt2013-12-31 11:39 - 2013-12-31 11:39 - 01064333 _____ (Farbar) C:\Documents and Settings\Louise Lee\Desktop\FRST.exe2013-12-31 10:52 - 2004-08-10 12:02 - 01930807 _____ C:\WINDOWS\WindowsUpdate.log2013-12-31 10:45 - 2013-12-08 14:29 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-12-31 10:44 - 2013-12-31 10:43 - 00000349 _____ C:\Documents and Settings\Louise Lee\Desktop\Yahoo Mail.url2013-12-31 10:38 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-12-31 10:36 - 2004-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-12-31 10:36 - 2004-08-10 11:59 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-12-31 10:35 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-12-30 20:22 - 2005-08-13 16:28 - 00000278 ___SH C:\Documents and Settings\Louise Lee\ntuser.ini2013-12-30 20:22 - 2004-08-10 12:08 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt2013-12-30 20:18 - 2013-12-08 18:53 - 00099014 _____ C:\WINDOWS\setupapi.log2013-12-30 20:18 - 2013-12-08 18:53 - 00000150 _____ C:\WINDOWS\setupact.log2013-12-30 12:51 - 2007-07-01 14:24 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Skype2013-12-30 11:50 - 2013-02-13 04:00 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2013-12-30 11:33 - 2013-12-30 11:33 - 00115627 _____ C:\Documents and Settings\Louise Lee\Desktop\cure.it.zip2013-12-30 11:00 - 2013-12-30 11:00 - 01278317 _____ C:\Documents and Settings\Louise Lee\Desktop\cure.it.txt2013-12-30 10:52 - 2013-12-08 15:30 - 00002187 _____ C:\Documents and Settings\Louise Lee\Desktop\Safari.lnk2013-12-30 10:28 - 2013-12-30 09:37 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt2013-12-30 09:37 - 2013-12-30 09:37 - 00000000 ____D C:\Documents and Settings\Louise Lee\Doctor Web2013-12-30 09:37 - 2013-12-30 09:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web2013-12-30 09:37 - 2005-08-13 16:28 - 00000000 ____D C:\Documents and Settings\Louise Lee2013-12-30 09:33 - 2013-12-30 09:19 - 139414056 _____ C:\Documents and Settings\Louise Lee\Desktop\drweb-cureit.exe2013-12-29 13:33 - 2013-12-29 13:33 - 00021047 _____ C:\ComboFix.txt2013-12-29 13:33 - 2013-12-29 13:03 - 00000000 ____D C:\Qoobox2013-12-29 13:26 - 2004-08-10 11:51 - 00000243 _____ C:\WINDOWS\system.ini2013-12-29 13:25 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\Restore2013-12-29 13:02 - 2013-12-10 13:19 - 00000000 ____D C:\WINDOWS\erdnt2013-12-29 13:01 - 2013-12-29 13:01 - 05158590 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\ComboFix.exe2013-12-29 12:01 - 2013-12-29 11:42 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\JavaRa2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\New Folder2013-12-29 11:46 - 2013-12-08 19:33 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Tools2013-12-28 18:55 - 2013-12-13 09:48 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\FRST-OlderVersion2013-12-28 18:55 - 2013-12-12 16:23 - 00000000 ____D C:\FRST2013-12-18 21:03 - 2013-12-18 21:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Louise Lee\Desktop\dds.com2013-12-17 18:57 - 2013-12-09 19:28 - 00007648 _____ C:\WINDOWS\spupdsvc.log2013-12-17 18:57 - 2011-06-09 20:50 - 00026595 ____C C:\WINDOWS\system32\lvcoinst.log2013-12-17 18:50 - 2013-12-17 18:46 - 00005203 _____ C:\WINDOWS\KB2879017-IE8.log2013-12-17 18:50 - 2013-12-09 19:31 - 00049270 _____ C:\WINDOWS\FaxSetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00023648 _____ C:\WINDOWS\ocgen.log2013-12-17 18:50 - 2013-12-09 19:31 - 00018873 _____ C:\WINDOWS\tsoc.log2013-12-17 18:50 - 2013-12-09 19:31 - 00016018 _____ C:\WINDOWS\comsetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00009871 _____ C:\WINDOWS\ntdtcsetup.log2013-12-17 18:50 - 2013-12-09 19:31 - 00007851 _____ C:\WINDOWS\iis6.log2013-12-17 18:50 - 2013-12-09 19:31 - 00002736 _____ C:\WINDOWS\ocmsn.log2013-12-17 18:50 - 2013-12-09 19:31 - 00002472 _____ C:\WINDOWS\msgsocm.log2013-12-17 18:50 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.log2013-12-16 16:57 - 2013-12-16 16:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk2013-12-16 16:57 - 2013-12-16 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth2013-12-16 16:56 - 2007-07-01 14:24 - 00000000 ____D C:\Program Files\Google2013-12-13 18:26 - 2013-12-12 03:09 - 00018597 _____ C:\WINDOWS\KB2898785-IE8.log2013-12-13 16:36 - 2005-08-10 00:22 - 00000327 __RSH C:\boot.ini2013-12-13 16:36 - 2004-08-10 11:51 - 00000649 _____ C:\WINDOWS\win.ini2013-12-13 16:35 - 2009-05-25 14:45 - 00000000 ____D C:\WINDOWS\pss2013-12-12 12:10 - 2013-12-12 12:10 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs2013-12-12 12:10 - 2013-08-21 07:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2013-12-12 12:03 - 2013-12-12 11:56 - 00000000 ____D C:\AdwCleaner2013-12-12 11:55 - 2013-12-12 11:54 - 01226802 _____ C:\Documents and Settings\Louise Lee\Desktop\AdwCleaner.exe2013-12-12 11:40 - 2013-12-12 11:39 - 00000174 _____ C:\Documents and Settings\Louise Lee\Desktop\Fast link to isearch .url2013-12-12 10:30 - 2013-12-12 10:30 - 00000000 ____D C:\WINDOWS\ERUNT2013-12-12 10:27 - 2013-12-12 10:26 - 01034531 _____ (Thisisu) C:\Documents and Settings\Louise Lee\Desktop\JRT.exe2013-12-12 03:27 - 2004-08-10 11:57 - 00235168 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-12-12 03:10 - 2013-12-09 19:31 - 00001393 _____ C:\WINDOWS\imsins.BAK2013-12-12 03:10 - 2013-12-09 19:28 - 00004354 _____ C:\WINDOWS\updspapi.log2013-12-12 03:10 - 2009-09-22 12:35 - 00000000 ____D C:\WINDOWS\ie8updates2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2013-12-12 03:09 - 2013-12-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2013-12-12 03:09 - 2013-12-12 03:08 - 00005982 _____ C:\WINDOWS\KB2904266.log2013-12-12 03:09 - 2013-12-11 15:50 - 00012397 _____ C:\WINDOWS\KB2898715.log2013-12-12 03:09 - 2007-02-18 22:01 - 00892346 ____C C:\WINDOWS\system32\TZLog.log2013-12-12 03:08 - 2013-07-29 20:19 - 00000000 ____D C:\WINDOWS\system32\MRT2013-12-12 03:03 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2013-12-12 03:03 - 2013-12-11 15:50 - 00011222 _____ C:\WINDOWS\KB2893294.log2013-12-12 03:03 - 2005-09-23 18:10 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$2013-12-12 03:02 - 2013-12-12 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2013-12-12 03:02 - 2013-12-11 15:50 - 00011972 _____ C:\WINDOWS\KB2893984.log2013-12-12 03:02 - 2013-12-11 15:49 - 00010676 _____ C:\WINDOWS\KB2892075.log2013-12-11 18:54 - 2013-12-11 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 18:52 - 2013-12-11 11:44 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2013-12-11 18:52 - 2013-12-11 11:43 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\mbar2013-12-11 11:43 - 2013-12-11 11:41 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\Louise Lee\My Documents\mbar-1.07.0.1008.exe2013-12-10 13:23 - 2013-12-10 13:23 - 00000000 _RSHD C:\cmdcons2013-12-10 10:17 - 2013-12-10 10:17 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk2013-12-10 10:17 - 2013-12-10 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Program Files\iTunes2013-12-10 10:17 - 2013-12-10 10:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:14 - 2013-12-10 10:14 - 00000000 ____D C:\Program Files\iPod2013-12-10 10:14 - 2009-07-28 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple2013-12-09 20:45 - 2013-12-09 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing2013-12-09 20:45 - 2009-09-22 09:44 - 00000000 ____D C:\Documents and Settings\Administrator2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\NetworkService2013-12-09 20:45 - 2004-08-10 12:08 - 00000000 __SHD C:\Documents and Settings\LocalService2013-12-09 20:45 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\Registration2013-12-09 20:44 - 2005-08-10 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe2013-12-09 20:44 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX2013-12-09 19:56 - 2013-12-09 19:52 - 00000716 _____ C:\WINDOWS\wmsetup.log2013-12-09 19:51 - 2009-05-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live2013-12-09 19:31 - 2013-12-09 19:29 - 00009249 _____ C:\WINDOWS\KB2598845-IE8.log2013-12-09 19:31 - 2013-12-09 16:38 - 00074967 _____ C:\WINDOWS\ie8_main.log2013-12-09 19:29 - 2005-08-10 00:32 - 00000000 ___HD C:\WINDOWS\$hf_mig$2013-12-09 19:28 - 2013-12-09 19:28 - 00010017 _____ C:\WINDOWS\ie8.log2013-12-09 17:06 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\Adobe2013-12-09 16:44 - 2013-12-09 16:44 - 00000000 ____D C:\Google2013-12-09 16:36 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-12-08 20:00 - 2005-08-10 00:18 - 00000000 ____D C:\i3862013-12-08 19:32 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Local Settings\Application Data\Adobe2013-12-08 19:31 - 2005-08-29 18:52 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-12-08 19:30 - 2005-08-10 00:39 - 00000000 ____D C:\Program Files\Adobe2013-12-08 19:10 - 2005-08-29 18:52 - 00000000 ____D C:\Documents and Settings\Louise Lee\Application Data\AdobeUM2013-12-08 18:53 - 2013-12-08 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log2013-12-08 18:39 - 2010-03-21 15:09 - 00000000 ____D C:\Documents and Settings\Louise Lee\Tracing2013-12-08 18:38 - 2008-11-27 23:01 - 00000000 ____D C:\WINDOWS\Minidump2013-12-08 17:33 - 2013-12-08 17:33 - 00000000 ____D C:\Program Files\CCleaner2013-12-08 16:54 - 2013-12-08 16:54 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-12-08 16:54 - 2013-12-08 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-12-08 16:54 - 2013-12-08 16:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-08 15:07 - 2011-06-09 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech2013-12-08 14:19 - 2013-12-08 14:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-12-08 14:19 - 2013-12-08 14:18 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-12-08 14:18 - 2013-12-08 14:18 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-12-08 13:49 - 2010-06-17 21:08 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk2013-12-08 13:37 - 2008-08-10 16:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Program Files\Trend Micro2013-12-05 10:10 - 2013-12-05 10:10 - 00000000 ____D C:\Documents and Settings\Louise Lee\Start Menu\Programs\HiJackThis2013-12-04 18:51 - 2009-09-22 09:44 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini2013-12-04 18:04 - 2013-12-04 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2013-12-04 18:00 - 2006-12-27 21:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926255$2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-12-04 17:44 - 2013-12-04 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes2013-12-03 17:27 - 2013-12-03 17:27 - 00000000 ____D C:\Program Files\Speccy2013-12-03 16:56 - 2010-03-21 15:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-12-01 21:01 - 2013-12-01 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2013-12-01 20:58 - 2004-08-10 11:57 - 00504528 ____C C:\WINDOWS\system32\PerfStringBackup.INI2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2013-12-01 20:50 - 2013-12-01 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2013-12-01 20:49 - 2013-12-01 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2013-12-01 20:46 - 2010-06-04 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight2013-12-01 20:42 - 2013-12-01 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2013-12-01 20:41 - 2013-12-01 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2013-12-01 20:37 - 2013-12-01 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$2013-12-01 20:22 - 2013-12-01 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$2013-12-01 20:20 - 2013-12-01 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2013-12-01 19:30 - 2013-12-10 13:23 - 00000211 _____ C:\Boot.bak2013-12-01 17:55 - 2007-07-01 14:24 - 00000000 ___RD C:\Program Files\Skype2013-12-01 17:55 - 2007-07-01 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-12-01 17:41 - 2013-12-01 17:34 - 00000000 ____D C:\8db07bf26ed4429d4cee488d537b2013-12-01 16:21 - 2005-11-13 10:23 - 00000000 ____D C:\Documents and Settings\Louise Lee\Desktop\Unused Desktop Shortcuts ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================t Report addition.txt: This report didn't come through on the first scan so the times are different, hope that doesn't cause problems. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013Ran by Louise Lee at 2013-12-31 12:40:00Running from C:\Documents and Settings\Louise Lee\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard)Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2 - Adobe Systems)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe Flash Player 10 ActiveX (Version: 10.0.45.2 - Adobe Systems Incorporated)Adobe Flash Player 10 Plugin (Version: 10.3.183.7 - Adobe Systems Incorporated)Adobe Reader 6.0.1 (Version: 006.000.001 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (Version: 11.5.1.601 - Adobe Systems, Inc.)Amazon Cloud Drive (Version: 2.1.2013.1340 - Amazon)Apple Application Support (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (Version: 2.1.3.127 - Apple Inc.)ARTEuro (Version: 1.00.0000 - Dell)Atheros USB Wireless LAN Driver Installer (Version: 1.00.7323 - Atheros)Autism Awareness 1.400 (Version: 1.400 - )B110 (Version: 140.0.283.000 - Hewlett-Packard)Big Fish Games: Game Manager (Version: 3.0.1.60 - )Bonjour (Version: 3.0.0.10 - Apple Inc.)BT Broadband Desktop Help (Version: 5.8.22.asst_classic.asst_install - Motive Communications, Inc.)BT Broadband Talk Softphone 3.1 (Version: - BT)BT Yahoo! Applications (Version: - )BTHomeHub (Version: - British Telecommunications Plc.)BufferChm (Version: 140.0.212.000 - Hewlett-Packard)CCleaner (Version: 4.08 - Piriform)Classic PhoneTools (Version: 4.24 - BVRP Software)Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard)Defenders of Law: The Rosendale File (Version: - )Defraggler (Version: 2.08 - Piriform)Dell Driver Reset Tool (Version: 1.02.0000 - Dell Inc.)Dell Media Experience (Version: 3.0 - Dell)Dell Media Experience Update (Version: - )Dell Picture Studio v3.0 (Version: 3.0.0 - Jasc Software, Inc.)Dell Support Center (Version: 2.0.07311 - Dell)Dell System Restore (Version: 2.00.0000 - Dell Inc.)DellSupport (Version: 6.0.3062 - Dell)DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard)DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard)DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard)EPSON Printer Software (Version: - )eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard)F2200 (Version: 100.0.206.000 - Hewlett-Packard)F2200_Help (Version: 100.0.206.000 - Hewlett-Packard)Fun School 6 - Magicland (Version: - )G15A922EN (Version: 1.0.0.0 - Dell)Google Chrome (Version: 31.0.1650.63 - Google Inc.)Google Earth (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (Version: - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.)Google Update Helper (Version: 1.3.22.3 - Google Inc.)GPBaseService (Version: 100.0.187.000 - Hewlett-Packard)GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard)Harry Potter Print Studio (Version: 1.0.7 - Microgistix Inc.)Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)HiJackThis (Version: 1.0.0 - Trend Micro)HP Customer Participation Program 14.0 (Version: 14.0 - HP)HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0 - HP)HP Laser Mobile Mouse Driver (Version: 1.1.0.0 - HP)HP Photo Creations (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard)HP Photosmart Essential 2.5 (Version: 2.5 - HP)HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0 - HP)HP Smart Web Printing 4.60 (Version: 4.60 - HP)HP Solution Center 14.0 (Version: 14.0 - HP)HP Update (Version: 5.002.005.003 - Hewlett-Packard)HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard)HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard)HPSSupply (Version: 100.0.170.000 - Hewlett-Packard)Intel® 537EP V9x DFV PCI Modem (Version: - )Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396 - )Intel® PRO Network Adapters and Drivers (Version: - )Intel® PROSet for Wired Connections (Version: 8.00.5000 - Dell)Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.)iTunes (Version: 11.1.3.8 - Apple Inc.)Jasc Paint Shop Photo Album 5 (Version: 5.22 - Jasc Software, Inc.)Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000 - Jasc Software Inc)Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation)Kids Cam Show and Share Creativity Center (Version: - Smith Micro Software, Inc.)KODAK Share Button App (Version: 4.03.0000.0000 - Eastman Kodak Company)Learn2 Player (Uninstall Only) (Version: - )Logitech Legacy USB Camera Driver Package (Version: - )Logitech Webcam Software (Version: 12.10.1113 - Logitech Inc.)Logitech Webcam Software Driver Package (Version: 12.10.1110 - Logitech Inc.)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)MarketResearch (Version: 100.0.170.000 - Hewlett-Packard)McDonald's Dragons (Version: - Name of your company)Microsoft .NET Framework 1.1 (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation)Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation)Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation)Microsoft Office 2000 Premium (Version: 9.00.2720 - Microsoft Corporation)Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works 7.0 (Version: 07.02.0620 - Microsoft Corporation)MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)Modem Event Monitor (Version: - )Modem Helper (Version: 2.40 - BVRP Software)Modem On Hold (Version: 1.12 - BVRP Software, Inc)MSN (Version: - )MSN Toolbar (Version: 4.0.0357.1 - Microsoft Corporation)MSVCRT (Version: 14.0.1468.721 - Microsoft)MSVCSetup (Version: 1.00.0000 - HP)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)My Way Search Assistant (Version: 1.0.256 - MyWay.com)MyDSC2 (Version: 1.00.000 - )Nero Suite (Version: - )Network (Version: 140.0.215.000 - Hewlett-Packard)Paint Shop Pro 7 Evaluation (Version: 7.0.0.0000 - Jasc Software Inc)PowerDVD 5.5 (Version: - )PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard)PSSWCORE (Version: 2.02.0000 - Hewlett-Packard)QuickTime (Version: 7.74.80.86 - Apple Inc.)QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard)Rapport (Version: 3.5.1304.15 - Trusteer)RealPlayer Basic (Version: - )Safari (Version: 5.34.57.2 - Apple Inc.)Scan (Version: 140.0.80.000 - Hewlett-Packard)Segoe UI (Version: 14.0.4327.805 - Microsoft Corp)Serif DrawPlus 7.0 (Version: 7.0 - Serif)Serif DrawPlus 7.0 Design CD (Version: 7.0 - Serif (Europe) ltd.)Shop for HP Supplies (Version: 14.0 - HP)Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard)SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard)Sonic DLA (Version: 4.98 - Sonic Solutions)Sonic MyDVD LE (Version: 6.1.1 - Sonic Solutions)Sonic RecordNow Audio (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Copy (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Data (Version: 2.0.0.1 - Sonic Solutions)Sonic Update Manager (Version: 3.0.0 - Sonic Solutions)Speccy (Version: 1.24 - Piriform)SUPERAntiSpyware Free Edition (Version: 4.29.0.1002 - SUPERAntiSpyware.com)SystemMessages 1.0.0 (Version: - )Toolbox (Version: 140.0.428.000 - Hewlett-Packard)Trusteer Endpoint Protection (Version: 3.5.1304.15 - Trusteer)UnloadSupport (Version: 10.0.0 - Hewlett-Packard)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB973874) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB982632) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard)Wanadoo Europe Installer (Version: 1.02.008 - Wanadoo)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation)WebReg (Version: 140.0.212.017 - Hewlett-Packard)Windows Defender Signatures (Version: 1.20.0.0 - Microsoft Corporation)Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0 - LeapFrog)Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.1 - Microsoft Corporation)Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft)Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation)Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation)Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation)Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation)Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146 - Microsoft Corporation)Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation)Windows Live Sign-in Assistant (Version: 5.000.818.6 - Microsoft Corporation)Windows Live Sync (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation)Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Media Format 11 runtime (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation)Windows Media Player 11 (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation)Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)Yahoo! BrowserPlus 2.9.8 (Version: - Yahoo! Inc.)Yahoo! Software Update (Version: - )ZyDAS IEEE 802.11 b+g Wireless LAN - USB (Version: - ) ==================== Restore Points ========================= 29-12-2013 13:25:39 System Checkpoint30-12-2013 13:35:11 System Checkpoint31-12-2013 10:41:37 Software Distribution Service 3.031-12-2013 10:46:36 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2004-08-10 11:51 - 2013-12-29 13:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-11 12:50 - 2013-12-12 12:13 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00081920 _____ () C:\Program Files\BT Broadband Talk Softphone\APDIPhoneCtrl.dll2008-04-04 21:05 - 2007-06-18 08:00 - 00077824 _____ () C:\Program Files\BT Broadband Talk Softphone\SnxHIDCtrl.dll2011-04-05 11:04 - 2006-05-08 12:06 - 00212992 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll2011-04-05 11:04 - 2006-09-01 10:13 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll2004-08-10 11:50 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2004-08-10 11:51 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2013-12-07 16:01 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll2013-12-07 16:01 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll2013-12-07 16:01 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Intel® 537EP V9x DFV PCI ModemDescription: Intel® 537EP V9x DFV PCI ModemClass Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}Manufacturer: Intel CorporationService: ModemProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (12/31/2013 10:43:09 AM) (Source: MsiInstaller) (User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/30/2013 10:31:27 AM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/30/2013 09:34:33 AM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/29/2013 00:59:41 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/27/2013 08:30:04 PM) (Source: Application Hang) (User: )Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (12/18/2013 09:03:50 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (12/17/2013 07:07:05 PM) (Source: MsiInstaller) (User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/16/2013 08:40:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/14/2013 06:16:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed. Error: (12/14/2013 05:57:00 PM) (Source: MsiInstaller) (User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed. System errors:=============Error: (12/31/2013 10:43:24 AM) (Source: Windows Update Agent) (User: )Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626808). Error: (12/29/2013 00:56:38 PM) (Source: Service Control Manager) (User: )Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (12/29/2013 00:56:38 PM) (Source: Service Control Manager) (User: )Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/29/2013 11:33:30 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Error: (12/29/2013 11:33:29 AM) (Source: Service Control Manager) (User: )Description: The Application Management service terminated with the following error: %%126 Microsoft Office Sessions:=========================Error: (12/31/2013 10:43:09 AM) (Source: MsiInstaller)(User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/30/2013 10:31:27 AM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/30/2013 09:34:33 AM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/29/2013 00:59:41 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/27/2013 08:30:04 PM) (Source: Application Hang)(User: )Description: mbam.exe1.75.0.1hungapp0.0.0.000000000 Error: (12/18/2013 09:03:50 PM) (Source: MPSampleSubmission)(User: )Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (12/17/2013 07:07:05 PM) (Source: MsiInstaller)(User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/16/2013 08:40:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/14/2013 06:16:36 PM) (Source: MsiInstaller)(User: NT AUTHORITY)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) Error: (12/14/2013 05:57:00 PM) (Source: MsiInstaller)(User: LOUISE)Description: Product: Bing Bar -- Bing Bar is already installed.(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 37%Total physical RAM: 2045.98 MBAvailable physical RAM: 1274.92 MBTotal Pagefile: 2659.37 MBAvailable Pagefile: 1949.79 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1959.1 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.04 GB) (Free:111.71 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 149 GB) (Disk ID: D0F4738C)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 31, 2013 Root Admin ID:771303 Share Posted December 31, 2013 Let me have you run the following and then we'll look at fixing the other browser and hopefully the Bing installer issue. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
tomtatsfield Posted January 1, 2014 Author ID:771528 Share Posted January 1, 2014 Morning Ron, Fixlog report; Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013Ran by Louise Lee at 2014-01-01 13:45:45 Run:2Running from C:\Documents and Settings\Louise Lee\DesktopBoot Mode: Normal ============================================== Content of fixlist:*****************DeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...p/bt/ie/welcomeFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)C:\8db07bf26ed4429d4cee488d537b ***************** "C:\Program Files\Windows Defender" => Not Found"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.HKCR\PROTOCOLS\Filter\x-sdch => Key deleted successfully.HKCR\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377} => Key deleted successfully.C:\8db07bf26ed4429d4cee488d537b => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
tomtatsfield Posted January 1, 2014 Author ID:771538 Share Posted January 1, 2014 Ron, just noticed on initially starting Google that the search url is search/conduit not sure if this is important? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 1, 2014 Root Admin ID:771693 Share Posted January 1, 2014 Please try running the browser reset again. It may have missed one of the entries or if it's still embedded we may have to run another scan to find it and remove it. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Then reboot and let me know if its still present or not. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 2, 2014 Author ID:772147 Share Posted January 2, 2014 Hello, Having reset the browsers, the computers has gone into slow motion mode as experienced earlier in our travels, I'm not sure about the opera instruction as I'm unaware that browser is installed, would it be wise to follow the insruction for this? After the reset of Internet Explorer the desktop icon still only responds with the hourglass running for maybe 2 seconds with no activation of the program, Google and Firefox do run but after a very long delay, in excess of a minute to respond.I did try Outlook from the all programs location it works but comes up with Outlook express 6? But again ongoing connection toYahoo Mail is slow and eventually stops working. It appears that I'm being a nuisance, but If you are prepared to assist further count me in I would love to crack this problem, thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 2, 2014 Root Admin ID:772271 Share Posted January 2, 2014 Very odd that it would take a turn for the worse by resetting the browsers. That normally clears up minor left over issues. Please delete your current copy of Combofix and download a new fresh copy and run it. (make sure you disable your antivirus while running it) Once ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 3, 2014 Author ID:772889 Share Posted January 3, 2014 Ron, Have tried to download and run Combofix, downloaded then run after deleting original file from desktop, The first attempt took over 1hr to get to the 50 point and then froze., no combofix.txt has been produced, any suggestions? I will keep trying to run the ComboFix and will report back ASAP. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 3, 2014 Author ID:773023 Share Posted January 3, 2014 Finally after a very long wait have come up with this report: ComboFix 14-01-01.01 - Louise Lee 03/01/2014 19:51:57.4.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT 0:00]Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Internet Explorer\msimg32.dllc:\windows\system32\rnaph.dllc:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2013-12-03 to 2014-01-03 )))))))))))))))))))))))))))))))..2014-01-01 13:42 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{602F7DFB-047E-4421-8CF0-15571F88F28E}\mpengine.dll2013-12-31 10:46 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\Louise Lee\Doctor Web2013-12-12 16:23 . 2014-01-01 13:45 -------- d-----w- C:\FRST2013-12-12 12:10 . 2013-12-12 12:10 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 . 2013-12-12 12:03 -------- d-----w- C:\AdwCleaner2013-12-12 10:30 . 2013-12-12 10:30 -------- d-----w- c:\windows\ERUNT2013-12-11 11:52 . 2013-12-11 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 . 2013-12-11 18:52 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-12-05 10:10 . 2013-12-05 10:10 -------- d-----w- c:\program files\Trend Micro...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-13 02:59 . 2004-08-10 11:51 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-10 11:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2004-08-10 11:51 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-29 07:57 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 07:57 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 00:45 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec2013-10-25 02:34 . 2013-10-25 02:34 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-10-23 23:45 . 2004-08-10 11:51 172032 ------w- c:\windows\system32\scrrun.dll2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2004-08-10 11:50 603136 ----a-w- c:\windows\system32\crypt32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:UDP"= 5353:UDP:Bonjour Port 5353.S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [19/06/2007 01:21 18560].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08HPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = 127.0.0.1;*.localTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-03 21:04Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"NoChange"="1""Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(676)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(592)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\pelscrll.dllc:\windows\system32\PELCOMM.dllc:\windows\system32\PELHOOKS.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Google\Update\GoogleUpdate.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\ICO.EXEc:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\Pelmiced.exec:\windows\system32\logon.scrc:\program files\Microsoft Security Client\MpCmdRun.exec:\program files\Microsoft Security Client\MpCmdRun.exe.**************************************************************************.Completion time: 2014-01-03 22:13:54 - machine was rebootedComboFix-quarantined-files.txt 2014-01-03 22:13ComboFix2.txt 2013-12-29 13:33ComboFix3.txt 2013-12-10 14:01.Pre-Run: 119,917,572,096 bytes freePost-Run: 119,860,539,392 bytes free.- - End Of File - - 04487828B2CFED632ED994793F5FBF10B16A2359F4962B0C622D81A1C1F4B703 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 4, 2014 Root Admin ID:773077 Share Posted January 4, 2014 If you look at the log it shows that you have a proxy set for the computer. uInternet Settings,ProxyOverride = 127.0.0.1;*.local If you open Internet Explorer and go to Tools/Internet Options/Connections then click on the LAN settings button please remove all proxy values unless you specifically set them yourself on purpose to run some type of software. Then reboot the computer and let me know if the browsers are slow still or not. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 4, 2014 Author ID:773296 Share Posted January 4, 2014 Hello, the attached jpg shows the state for LAN settings on accessing through the manual procedure in your previous message 32,I am unable to start internet Explorer any other way. From the JPG attempting to remove 127.0.0.1 No settings are available to change, am i looking in the wrong place? To my knowledge this 127.0.0.1 has never been set on this computer. Thanks Tom Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 5, 2014 Root Admin ID:773664 Share Posted January 5, 2014 Please save the attached file CFScript.txt to the same location as Combofix.exe then quit your browser. Then drag-and-drop CFScript.txt onto Combofix to run it again and post back the new log. CFScript.txt Link to post Share on other sites More sharing options...
tomtatsfield Posted January 5, 2014 Author ID:773844 Share Posted January 5, 2014 report from CFScript.txt: ComboFix 14-01-04.03 - Louise Lee 05/01/2014 13:51:48.5.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1500 [GMT 0:00]Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Louise Lee\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\xmlF4.tmpc:\windows\system32\ctfmon(2).exec:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2013-12-05 to 2014-01-05 )))))))))))))))))))))))))))))))..2014-01-04 14:54 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6AF5657-8729-43E9-9B5B-2F126DFC4F76}\mpengine.dll2014-01-03 22:51 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\Louise Lee\Doctor Web2013-12-12 16:23 . 2014-01-01 13:45 -------- d-----w- C:\FRST2013-12-12 12:10 . 2013-12-12 12:10 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 . 2013-12-12 12:03 -------- d-----w- C:\AdwCleaner2013-12-12 10:30 . 2013-12-12 10:30 -------- d-----w- c:\windows\ERUNT2013-12-11 11:52 . 2013-12-11 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 . 2013-12-11 18:52 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-11-13 02:59 . 2004-08-10 11:51 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-10 11:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2004-08-10 11:51 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-29 07:57 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 07:57 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 00:45 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec2013-10-25 02:34 . 2013-10-25 02:34 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-10-23 23:45 . 2004-08-10 11:51 172032 ------w- c:\windows\system32\scrrun.dll2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:UDP"= 5353:UDP:Bonjour Port 5353.R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 18560]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-10-25 108816]S1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-12-12 340432]S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-10-25 157264]S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-10-25 230448]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08HPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll..------- Supplementary Scan -------.TCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-05 14:52Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"NoChange"="1""Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(676)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(472)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\pelscrll.dllc:\windows\system32\PELCOMM.dllc:\windows\system32\PELHOOKS.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Google\Update\GoogleUpdate.exec:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\ICO.EXEc:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\Pelmiced.exec:\program files\Microsoft Security Client\MpCmdRun.exec:\program files\Microsoft Security Client\MpCmdRun.exe.**************************************************************************.Completion time: 2014-01-05 15:35:56 - machine was rebootedComboFix-quarantined-files.txt 2014-01-05 15:35ComboFix2.txt 2014-01-03 22:14ComboFix3.txt 2013-12-29 13:33ComboFix4.txt 2013-12-10 14:01.Pre-Run: 119,775,457,280 bytes freePost-Run: 119,717,036,032 bytes free.- - End Of File - - 5BD6C1AA0902F269693E2D0B63DEBC65B16A2359F4962B0C622D81A1C1F4B703 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 6, 2014 Root Admin ID:774495 Share Posted January 6, 2014 Please download Security Check by screen317 from HERE or HERE.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. If you get Unsupported operating system. Aborting now, just reboot and try again. A Notepad document should open automatically called checkup.txt. Please Post the contents of that document. Do Not Attach It!!! Please let me know how the computer is running now and if there are still any signs of an infection or not. Thanks Link to post Share on other sites More sharing options...
tomtatsfield Posted January 6, 2014 Author ID:774522 Share Posted January 6, 2014 checkup report: Results of screen317's Security Check version 0.99.78 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Windows Defender Signatures Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.7 Flash Player out of Date! Adobe Reader 6 Adobe Reader out of Date! Google Chrome 29.0.1547.66 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` the computer is still tardy in operation, although google and firefox do eventually respond, stillrequired no reaction from IE, noticed the remark about defrag being suggested? would you like me to do this? thanks a lot for your patience. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 6, 2014 Root Admin ID:774600 Share Posted January 6, 2014 Yes, please run the defrag and see if that helps. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 7, 2014 Author ID:774933 Share Posted January 7, 2014 Defrag report: The computer is still tardy in operation even allowing for the defragmenation that has taken place, although with a little working could this improve? would it be worth running sfc? Volume (C:) Volume size = 146 GB Cluster size = 4 KB Used space = 34.70 GB Free space = 111 GB Percent free space = 76 % Volume fragmentation Total fragmentation = 3 % File fragmentation = 6 % Free space fragmentation = 0 % File fragmentation Total files = 121,179 Average file size = 1,012 KB Total fragmented files = 5 Total excess fragments = 713 Average fragments per file = 1.00 Pagefile fragmentation Pagefile size = 763 MB Total fragments = 1 Folder fragmentation Total folders = 12,283 Fragmented folders = 1 Excess folder fragments = 0 Master File Table (MFT) fragmentation Total MFT size = 426 MB MFT record count = 134,100 Percent MFT in use = 30 % Total MFT fragments = 3 --------------------------------------------------------------------------------Fragments File Size Files that cannot be defragmentedNone Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 7, 2014 Root Admin ID:774991 Share Posted January 7, 2014 Please uninstall the old versions of Adobe software and visit the Adobe site to get the latest versions. Make sure you watch and don't install other add-on offers from Adobe like Google, or Java, etc. which sometimes are checked to download along with their software. Then about all else we can do is trim down all the software that loads when Windows starts as most is probably not needed. At this point though I'm not seeing any infections from the logs. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 8, 2014 Author ID:775339 Share Posted January 8, 2014 Hello Ron, Computer response improving with each change, the original search engine problem is cleared, Have removed and reinstalled the suggested programs, and the speed improvement is staggering, This report is prior to a full shutdown and re start, will send this now and report back any observations. Thanks you are a star Hope you are not in current freezing zone. Tom Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 8, 2014 Root Admin ID:775340 Share Posted January 8, 2014 Well that's good news. I'm in warm weather thanks. I will be going on vacation tomorrow night though so we do need to finish or otherwise I'll have to take it back up with you in about a week Heading to get some shuteye but will check back on you tomorrow sometime. Thanks Link to post Share on other sites More sharing options...
tomtatsfield Posted January 8, 2014 Author ID:775344 Share Posted January 8, 2014 Thanks, Well after fresh cold start all looks good, even IE is now responding, I would like to remove all test programs before handing the computer back to my grandaughter, guidance with this would be most welcome. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 8, 2014 Root Admin ID:775546 Share Posted January 8, 2014 At this time there are no more signs of an infection on your system. However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have created. Uninstall ComboFix (if used):Turn off all active protection software including your antivirus.Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)Please copy and past the following into the box ComboFix /Uninstall and click OK.Note the space between the X and the /Uninstall, it needs to be there. Remove the rest of the tools used: Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe.Click the CleanUp! button.Select Yes when the "Begin cleanup Process?" prompt appears.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes, if not go ahead and delete it by yourself.If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. AdwCleaner Removal:Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesESET antivirus Removal:This tool can be uninstalled via the Control Panel, Programs, UninstallIf there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time. How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers How do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.How Malware Spreads - How did I get infectedBest Practices for Safe Computing - Prevention of Malware InfectionAvoiding those unwanted free applicationsA close look at how Oracle installs deceptive software with Java updatesIAC / Ask.com toolbarsMalwarebytes Unpacked BlogIf you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
tomtatsfield Posted January 9, 2014 Author ID:775647 Share Posted January 9, 2014 Thanks for this information hopefully on removal of test programs everything will be OK, Thanks for your help and perseverance, enjoy your vacation. regards Tom Link to post Share on other sites More sharing options...
Recommended Posts