Computer very slow!

[gsfsteve]

Hey I would  really appreciate any help. I'm not sure if I'm infected but my computer is very slow and turns off randomly sometimes.

Here's the Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Vicky (administrator) on HURRICANE2 on 21-10-2014 11:07:41
Running from C:\Documents and Settings\Vicky\Desktop
Loaded Profile: Vicky (Available profiles: Vicky)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-10-07] (Apple Inc.)
HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] ( (Microsoft Corporation))
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3789577523-986579780-1043700074-1006\...\MountPoints2: {557bb14f-4011-11e0-8ca4-0019b91135ab} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3789577523-986579780-1043700074-1006\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-22] (Sophos Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.glensidefinance.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://webgames.d.tmsrv.com/c=725ac0c394ea451fd0aa916eb60a0429/aff=t_25oa_ukca_wg/p/release/popcap/wg_bejeweled2/popcaploader_v6.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 14 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\opky0dmj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Vicky\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Vicky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Vicky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-14] (Nitro PDF Software)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-05-17] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-05-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; c:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-09-17] (Sophos Limited)
S2 swi_update; C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe [1471992 2013-05-17] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\drivers\nvata.sys [105472 2007-02-25] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
R1 SAVOnAccessControl; C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys [172232 2013-05-17] (Sophos Limited)
R1 SAVOnAccessFilter; C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys [33736 2013-05-17] (Sophos Limited)
R1 SKMScan; C:\WINDOWS\System32\DRIVERS\skmscan.sys [33096 2013-05-17] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\System32\DRIVERS\SophosBootDriver.sys [14976 2011-10-23] (Sophos Plc)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-08-15] (SigmaTel, Inc.)
S3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [X]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 11:07 - 2014-10-21 11:08 - 00013658 _____ () C:\Documents and Settings\Vicky\Desktop\FRST.txt
2014-10-21 11:07 - 2014-10-21 11:07 - 00000000 ____D () C:\FRST
2014-10-21 11:00 - 2014-10-21 11:01 - 00002212 _____ () C:\Documents and Settings\Vicky\Desktop\Rkill.txt
2014-10-21 10:51 - 2014-10-21 10:51 - 00001074 _____ () C:\Documents and Settings\Vicky\Desktop\JRT.txt
2014-10-21 10:47 - 2014-10-21 10:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-21 10:42 - 2014-10-21 10:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Vicky\Desktop\rkill.exe
2014-10-21 10:41 - 2014-10-21 10:47 - 01102336 _____ (Farbar) C:\Documents and Settings\Vicky\Desktop\FRST.exe
2014-10-21 10:36 - 2014-10-21 10:41 - 02110976 _____ (Farbar) C:\Documents and Settings\Vicky\Desktop\FRST64.exe
2014-10-21 10:27 - 2014-10-21 10:35 - 01962496 _____ () C:\Documents and Settings\Vicky\Desktop\AdwCleaner.exe
2014-10-21 10:23 - 2014-10-21 10:23 - 01705698 _____ (Thisisu) C:\Documents and Settings\Vicky\Desktop\JRT.exe
2014-10-21 10:21 - 2014-10-21 10:23 - 04011254 _____ () C:\Documents and Settings\Vicky\Desktop\tdsskiller.exe
2014-10-13 16:27 - 2014-10-13 16:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 16:01 - 2014-10-13 16:01 - 00007155 _____ () C:\Documents and Settings\Vicky\Desktop\Steve.htm
2014-10-13 16:01 - 2014-10-13 16:01 - 00000000 ____D () C:\Documents and Settings\Vicky\Desktop\Steve_files
2014-10-10 13:09 - 2014-10-10 13:17 - 00004608 _____ () C:\WINDOWS\offitems.log
2014-10-08 15:30 - 2014-10-08 15:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini100814-02.dmp
2014-10-08 09:39 - 2014-10-08 09:38 - 00090112 _____ () C:\WINDOWS\Minidump\Mini100814-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 11:08 - 2007-04-10 11:46 - 00000000 ____D () C:\Documents and Settings\Vicky\Local Settings\Temp
2014-10-21 10:59 - 2010-03-25 15:14 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 10:25 - 2014-08-08 14:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 10:23 - 2007-05-21 13:16 - 1218987008 _____ () C:\WINDOWS\outlook.pst
2014-10-21 10:19 - 2012-03-30 16:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-21 10:18 - 2014-03-10 13:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-21 10:04 - 2014-03-24 10:10 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-21 10:04 - 2010-03-25 15:14 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 09:07 - 2014-01-29 10:17 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-10-21 09:07 - 2014-01-29 10:17 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-21 09:07 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-21 09:07 - 2004-08-10 12:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-21 09:07 - 2004-08-10 12:59 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-21 09:06 - 2004-08-10 13:02 - 01429917 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-21 09:03 - 2011-03-24 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-10-20 17:38 - 2007-04-10 11:46 - 00000278 ___SH () C:\Documents and Settings\Vicky\ntuser.ini
2014-10-20 17:38 - 2004-08-10 13:08 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-20 09:02 - 2004-08-10 12:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-16 17:33 - 2013-07-12 17:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 17:23 - 2007-04-10 14:00 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-16 17:23 - 2007-04-10 11:46 - 00000000 ____D () C:\Documents and Settings\Vicky
2014-10-16 10:10 - 2010-03-25 15:17 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-14 08:59 - 2011-05-11 15:02 - 00000000 ____D () C:\Program Files\LogMeIn
2014-10-10 13:12 - 1996-11-17 00:00 - 00006144 _____ () C:\WINDOWS\ArtGalry.cag
2014-10-08 15:30 - 2007-05-11 09:18 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-08 15:27 - 2011-04-14 14:12 - 00000138 _____ () C:\WINDOWS\CRUFLDebug.Ini
2014-10-08 15:27 - 2007-04-10 12:24 - 00000965 _____ () C:\WINDOWS\ODBC.INI
2014-10-08 15:01 - 2014-03-24 10:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-03 12:13 - 2011-04-07 13:48 - 00000000 ____D () C:\Documents and Settings\Vicky\Application Data\PrimoPDF
2014-10-02 13:16 - 2010-09-23 10:18 - 00000454 _____ () C:\Documents and Settings\Vicky\Desktop\Scans.lnk
2014-09-24 11:20 - 2012-03-30 16:47 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-24 11:20 - 2011-05-20 09:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\RECYCLER\S-1-5-21-3789577523-986579780-1043700074-1006\$fda712d64bcf1f72fe5391935663b09e

Some content of TEMP:
====================
C:\Documents and Settings\Vicky\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\atwbxdet.dll
C:\Documents and Settings\Vicky\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\gtb.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Vicky\Local Settings\Temp\MFPL7014.DLL
C:\Documents and Settings\Vicky\Local Settings\Temp\mPlayer.cu.dll
C:\Documents and Settings\Vicky\Local Settings\Temp\setup_wm.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

HEre's the addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by Vicky at 2014-10-21 11:08:39
Running from C:\Documents and Settings\Vicky\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Disabled - Up to date) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap 4.1 (HKLM\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Anchor Collections (HKLM\...\{CE2A6999-438B-49D9-8364-6E480EF4E766}) (Version: 1.12.0.1 - Anchor Computer Systems)
ATI Catalyst Control Center (HKLM\...\{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}) (Version: 1.2.2400.31026 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.263.5.1-060607a-035600C-Dell - )
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.00.0000 - Corel Inc)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LogMeIn (HKLM\...\{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}) (Version: 4.1.1586 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-GB)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro PDF Reader (HKLM\...\{2881063B-C58F-49EB-97FD-8BF58EC580F9}) (Version: 1.4.0.11 - Nitro PDF Software)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OKI Network Extension (HKLM\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Olivetti Product Library (HKLM\...\Olivetti Product Library) (Version: 2.0.0713 - KYOCERA Document Solutions Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Proposal (HKLM\...\{F296604E-936A-44D5-AB83-075F374F851A}) (Version: 1.18.xx - Anchor Computer Systems Ltd)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
ScanSnap (Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.0L21 - PFU)
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (Version: 4.1.11.3 - PFU LIMITED) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sentinel (HKLM\...\{0EA95FEA-03F4-494E-91FD-6DD9CFE5D332}) (Version: 2.1.0.361 - Anchor Computers Systems Ltd.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sophos Anti-Virus (HKLM\...\{4320988A-7DE0-478D-A38B-CE9509BCE320}) (Version: 10.3.1 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)
Terminal Services Client (HKLM\...\Terminal Server Client) (Version:  - )
TWAIN Driver (HKLM\...\InstallShield_{ACA59A5A-7C5B-4049-8CF6-D3B68C8C8643}) (Version: 2.0.1514 - KYOCERA Document Solutions Inc.)
TWAIN Driver (Version: 2.0.1514 - KYOCERA Document Solutions Inc.) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3789577523-986579780-1043700074-1006_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-07-2014 08:22:59 Printer Driver LogMeIn Printer Driver Installed
24-07-2014 12:31:47 System Checkpoint
24-07-2014 16:26:45 Software Distribution Service 3.0
28-07-2014 09:56:40 System Checkpoint
29-07-2014 09:57:45 System Checkpoint
30-07-2014 11:17:55 System Checkpoint
31-07-2014 12:12:23 System Checkpoint
04-08-2014 13:30:56 System Checkpoint
06-08-2014 10:51:26 System Checkpoint
07-08-2014 11:02:05 System Checkpoint
08-08-2014 11:49:50 System Checkpoint
11-08-2014 12:19:22 System Checkpoint
12-08-2014 11:08:30 Removed Corel Snapfire Plus
12-08-2014 11:11:02 Removed Corel Snapfire Plus
12-08-2014 11:12:22 Removed Dell CinePlayer
12-08-2014 11:17:03 Removed Broadcom Management Programs
13-08-2014 12:11:30 System Checkpoint
13-08-2014 16:19:40 Software Distribution Service 3.0
15-08-2014 09:34:49 System Checkpoint
18-08-2014 10:23:37 System Checkpoint
19-08-2014 11:02:01 System Checkpoint
20-08-2014 12:35:51 System Checkpoint
21-08-2014 12:43:08 System Checkpoint
26-08-2014 08:31:23 System Checkpoint
27-08-2014 08:59:41 System Checkpoint
28-08-2014 09:23:37 System Checkpoint
29-08-2014 10:25:10 System Checkpoint
01-09-2014 08:54:45 System Checkpoint
02-09-2014 11:14:26 System Checkpoint
03-09-2014 11:52:08 System Checkpoint
04-09-2014 12:41:34 System Checkpoint
05-09-2014 14:57:24 System Checkpoint
08-09-2014 10:52:05 System Checkpoint
08-09-2014 16:11:12 Installed Compatibility Pack for the 2007 Office system
09-09-2014 16:24:47 Software Distribution Service 3.0
11-09-2014 09:46:05 System Checkpoint
11-09-2014 16:28:52 Software Distribution Service 3.0
15-09-2014 09:25:15 System Checkpoint
16-09-2014 10:22:49 System Checkpoint
17-09-2014 11:28:54 System Checkpoint
18-09-2014 11:58:39 System Checkpoint
19-09-2014 13:14:53 System Checkpoint
22-09-2014 08:25:30 System Checkpoint
23-09-2014 08:43:04 System Checkpoint
24-09-2014 09:28:18 System Checkpoint
25-09-2014 10:24:23 System Checkpoint
26-09-2014 13:55:52 System Checkpoint
29-09-2014 11:55:04 System Checkpoint
30-09-2014 12:03:28 System Checkpoint
01-10-2014 12:26:00 System Checkpoint
02-10-2014 15:05:49 System Checkpoint
06-10-2014 11:32:55 System Checkpoint
07-10-2014 11:33:31 System Checkpoint
08-10-2014 11:43:08 System Checkpoint
09-10-2014 12:31:03 System Checkpoint
10-10-2014 13:21:57 System Checkpoint
13-10-2014 08:20:43 System Checkpoint
14-10-2014 08:30:47 System Checkpoint
15-10-2014 09:07:24 System Checkpoint
16-10-2014 10:17:56 System Checkpoint
16-10-2014 16:23:33 Software Distribution Service 3.0
20-10-2014 08:51:26 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:51 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2011-04-01 11:50 - 2011-02-28 23:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\WINDOWS\pss\CardMinder Viewer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk => C:\WINDOWS\pss\Conversion to PDF with ScanSnap Organizer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\WINDOWS\pss\ScanSnap Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Vicky^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: MSKDetectorExe => C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3789577523-986579780-1043700074-500 - Administrator - Enabled)
Guest (S-1-5-21-3789577523-986579780-1043700074-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3789577523-986579780-1043700074-1005 - Limited - Disabled)
SophosSAUHURRICANE20 (S-1-5-21-3789577523-986579780-1043700074-1011 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-3789577523-986579780-1043700074-1002 - Limited - Disabled)
Vicky (S-1-5-21-3789577523-986579780-1043700074-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Vicky

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 05:33:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/16/2014 05:33:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/29/2014 00:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/29/2014 00:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/29/2014 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/18/2014 09:16:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/12/2014 00:08:18 PM) (Source: MsiInstaller) (EventID: 11704) (User: HURRICANE2)
Description: Product: Corel Snapfire Plus -- Error 1704.An installation for Corel Paint Shop Pro Photo XI is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (05/13/2014 11:11:18 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'a71a00e524c6f8fa029b898e1ff93b24'.

Error: (03/19/2014 10:54:44 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'cc4e74cac1a574bb5d49aa077223063d'.

Error: (03/18/2014 10:54:46 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'cc4e74cac1a574bb5d49aa077223063d'.


System errors:
=============
Error: (10/21/2014 10:48:41 AM) (Source: EventLog) (EventID: 6004) (User: )
Description: A driver packet received from the I/O subsystem was invalid.  The data is the
packet.

Error: (10/21/2014 09:08:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/21/2014 09:04:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/20/2014 09:21:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/20/2014 09:03:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/17/2014 08:56:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/16/2014 09:02:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/15/2014 09:04:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/14/2014 09:00:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/13/2014 04:04:34 PM) (Source: EventLog) (EventID: 6004) (User: )
Description: A driver packet received from the I/O subsystem was invalid.  The data is the
packet.


Microsoft Office Sessions:
=========================
Error: (10/16/2014 05:33:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/16/2014 05:33:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/29/2014 00:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

Error: (09/29/2014 00:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

Error: (09/29/2014 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

Error: (08/18/2014 09:16:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b

Error: (08/12/2014 00:08:18 PM) (Source: MsiInstaller) (EventID: 11704) (User: HURRICANE2)
Description: Product: Corel Snapfire Plus -- Error 1704.An installation for Corel Paint Shop Pro Photo XI is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (05/13/2014 11:11:18 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: a71a00e524c6f8fa029b898e1ff93b24

Error: (03/19/2014 10:54:44 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: cc4e74cac1a574bb5d49aa077223063d

Error: (03/18/2014 10:54:46 AM) (Source: LogMeIn Guardian) (EventID: 104) (User: NT AUTHORITY)
Description: cc4e74cac1a574bb5d49aa077223063d


==================== Memory info ===========================

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 54%
Total physical RAM: 1022.42 MB
Available physical RAM: 466.69 MB
Total Pagefile: 2461.16 MB
Available Pagefile: 2053.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:171.43 GB) (Free:133.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:58.19 GB) (Free:58.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=171.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)

==================== End Of Log ============================

[TwinHeadedEagle]

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
 

Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

[gsfsteve]

Hi,

 

Very sorry for the delay in response. I tried running Combofix several times, the first time it froze completely and the second time my antivirus wasn't disabled. I have attached the latest log.

 

Also after running it came up with 'Windows cannot find 'NIRCMD.exe' '

 

log.txt

[gsfsteve]

I have just realised the last scan showed my antivirus being enabled, so I ran another one with it disabled and have attached it.

[gsfsteve]

log2.txt

[TwinHeadedEagle]

Let's take a fresh look:
 
 
 
Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[gsfsteve]

Please see attached, I had to run whilst computer in safe mode as it keeps switching off randomly!

FRST.txt

Addition.txt

[TwinHeadedEagle]

How is your PC now?

[gsfsteve]

Still freezing up randomly and quite slow! Not sure if it's the age of the computer (it's 8+ years old) or malware. What do you think?

[TwinHeadedEagle]

It is the age, there are no signs of malware here.
 
 

Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft. 
Any patches, updates or security releases are ceased for this System.

• Windows XP end of support

This is just an information for you if not aware.
My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!