Skip to main content

Virus relating to XMLKA or other infection help please!

Comments

40 comments

  • Customer

    Sorry - additional log below -

     

    can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
    Ran by Simon (administrator) on MORRISPC on 21-12-2014 19:48:31
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & David & Aaron)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDesktop.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [skyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-05-10] ()
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-16] (AVAST Software)
    HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [7700288 2014-12-18] ()
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\...\Policies\Explorer: [NoDrives] 0x00000000
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_141221
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www2.delta-search.com/?affID=120519&tt=gc_&babsrc=NT_ss&mntrId=5845001167000000" <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {3CAB56CE-65D6-4600-9759-158502D4925F} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {A9D61C09-603C-4350-9AEF-498C58C0C3F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms}
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} http://www.newstarsoccer.com/OSAKitPro.CAB
    DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} https://connect.kingfisher.com/postauthI/epi.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
    Winsock: Catalog9 30 C:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-16]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-29]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-07] (Oracle Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
    R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec) [File not signed]
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-22] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-22] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-22] ()
    S3 BLKWGU(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
    R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
    R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
    R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
    S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
    R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
    R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
    S3 BTIAUSB; C:\WINDOWS\System32\DRIVERS\btiausb.sys [23808 2008-07-30] (iAnywhere Solutions)
    S3 BTPROT; C:\WINDOWS\System32\DRIVERS\btprot.sys [453120 2008-08-02] (iAnywhere Solutions)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
    S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2004-10-11] (Labtec Inc.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
    S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2004-10-11] (Labtec Inc.)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
    S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-27] (LG Electronics Inc.)
    S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-27] (LG Electronics Inc.)
    S3 Usblink; C:\WINDOWS\System32\Drivers\ulink.sys [37708 2005-04-29] () [File not signed]
    S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-25] (LG Electronics Inc.)
    S3 USBSER34; C:\WINDOWS\System32\Drivers\USBSER34.SYS [35440 2005-12-27] (WCH) [File not signed]
    R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
    R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
    S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S4 IntelIde; No ImagePath
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S3 NgFilter; system32\DRIVERS\ngfilter.sys [X]
    S3 NgLog; system32\DRIVERS\nglog.sys [X]
    S3 NgVpn; system32\DRIVERS\ngvpn.sys [X]
    S3 NgWfp; system32\DRIVERS\ngwfp.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 StarOpen; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 19:48 - 2014-12-21 19:49 - 00020898 _____ () C:\Documents and Settings\Simon\Desktop\FRST.txt
    2014-12-21 19:48 - 2014-12-21 19:49 - 00000000 ____D () C:\FRST
    2014-12-21 19:47 - 2014-12-21 19:47 - 01113600 _____ (Farbar) C:\Documents and Settings\Simon\Desktop\FRST.exe
    2014-12-21 18:09 - 2014-12-21 18:09 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\LavasoftStatistics
    2014-12-21 18:08 - 2014-12-21 18:08 - 00000246 _____ () C:\prefs.js
    2014-12-21 18:08 - 2014-12-21 18:08 - 00000000 ____D () C:\searchplugins
    2014-12-21 18:07 - 2014-12-21 18:12 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Lavasoft
    2014-12-21 18:07 - 2014-12-21 18:07 - 00004104 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
    2014-12-21 18:07 - 2014-12-21 18:07 - 00002128 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2014-12-21 18:06 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
    2014-12-21 18:01 - 2014-12-21 19:17 - 00002050 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
    2014-12-21 18:00 - 2014-12-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
    2014-12-21 17:57 - 2014-12-21 17:57 - 00006158 _____ () C:\WINDOWS\FaxSetup.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00002956 _____ () C:\WINDOWS\ocgen.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00002359 _____ () C:\WINDOWS\tsoc.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00002032 _____ () C:\WINDOWS\comsetup.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00001393 _____ () C:\WINDOWS\imsins.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00001233 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000991 _____ () C:\WINDOWS\iis6.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000342 _____ () C:\WINDOWS\ocmsn.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000309 _____ () C:\WINDOWS\msgsocm.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 _____ () C:\WINDOWS\setupact.log
    2014-12-21 17:56 - 2014-12-21 17:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
    2014-12-21 17:54 - 2014-12-21 17:57 - 00012882 _____ () C:\WINDOWS\KB942288-v3.log
    2014-12-21 17:45 - 2014-12-21 17:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
    2014-12-21 17:42 - 2014-11-22 12:59 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-12-21 15:59 - 2014-12-21 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\JudwUcbu
    2014-12-21 15:49 - 2014-12-21 15:49 - 00000664 _____ () C:\Documents and Settings\Aaron\Local Settings\Application Data\d3d9caps.tmp
    2014-12-21 12:11 - 2014-12-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-21 11:23 - 2014-12-21 17:39 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DEF6EE2F-DCA5-4533-9083-67BB84C619B4}
    2014-11-27 19:19 - 2014-11-27 19:10 - 00755603 _____ () C:\Documents and Settings\Simon\Desktop\Fox.m4r
    2014-11-27 18:41 - 2014-11-27 18:41 - 00001548 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    2014-11-27 18:41 - 2014-11-27 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    2014-11-27 18:40 - 2014-11-27 18:41 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-27 18:40 - 2014-11-27 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-27 18:40 - 2014-11-27 18:40 - 00000000 ____D () C:\Program Files\iPod
    2014-11-22 13:00 - 2014-12-21 17:45 - 00001748 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
    2014-11-22 12:59 - 2014-11-22 12:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 19:49 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Temp
    2014-12-21 19:26 - 2012-07-07 11:50 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-12-21 19:26 - 2011-02-27 12:43 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-12-21 19:21 - 2006-11-22 11:49 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-21 19:15 - 2012-11-11 17:16 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-21 19:14 - 2007-02-05 18:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-21 19:14 - 2007-02-05 18:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-12-21 19:12 - 2012-11-11 17:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-21 19:12 - 2006-11-22 11:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-21 19:05 - 2007-02-02 18:16 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Lavasoft
    2014-12-21 18:03 - 2008-02-04 10:01 - 00000000 ____D () C:\Program Files\Lavasoft
    2014-12-21 18:02 - 2008-02-04 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
    2014-12-21 17:59 - 2014-08-01 16:48 - 00030837 _____ () C:\WINDOWS\setupapi.log
    2014-12-21 17:57 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\mui
    2014-12-21 17:40 - 2007-02-03 11:44 - 00000000 ____D () C:\Documents and Settings\Aaron
    2014-12-21 17:40 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary
    2014-12-21 17:40 - 2007-02-02 18:28 - 00000000 ____D () C:\Documents and Settings\David
    2014-12-21 17:40 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon
    2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-21 17:40 - 2006-11-22 11:45 - 00000000 ____D () C:\WINDOWS\Registration
    2014-12-21 17:39 - 2006-11-21 22:44 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\{5B24C9B8-5E40-AE00-9000-917CADB209}
    2014-12-21 17:38 - 2014-05-13 09:11 - 00043194 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-21 17:38 - 2007-02-02 18:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
    2014-12-21 17:26 - 2007-02-03 11:44 - 00000000 ____D () C:\Documents and Settings\Aaron\Local Settings\Temp
    2014-12-21 16:34 - 2006-11-21 22:44 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-21 12:11 - 2009-06-06 21:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-12-05 12:20 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary\Local Settings\Temp
    2014-11-27 19:49 - 2007-02-03 10:55 - 00000178 ___SH () C:\Documents and Settings\Hilary\ntuser.ini
    2014-11-27 19:27 - 2007-02-03 11:09 - 00000000 ___RD () C:\Documents and Settings\Simon\Desktop\Dad's garb
    2014-11-27 18:40 - 2007-10-11 15:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-11-27 18:39 - 2014-05-03 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-11-27 18:31 - 2006-11-22 12:42 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
    2014-11-22 16:52 - 2007-02-02 13:52 - 00000278 ___SH () C:\Documents and Settings\Simon\ntuser.ini
    2014-11-22 13:00 - 2011-05-29 10:25 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-11-22 13:00 - 2008-04-03 18:24 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-11-22 12:59 - 2014-04-27 11:29 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-11-22 12:59 - 2013-03-26 17:57 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-11-22 12:59 - 2013-03-26 17:57 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
    2014-11-22 12:59 - 2013-03-26 17:57 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-11-22 12:59 - 2007-02-02 14:05 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-11-22 12:59 - 2007-02-02 14:05 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Aaron\Local Settings\Temp\contentDATs.exe
    C:\Documents and Settings\Aaron\Local Settings\Temp\SecurityScan_Release.exe
    C:\Documents and Settings\Aaron\Local Settings\Temp\stuprt.exe
    C:\Documents and Settings\Hilary\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Simon\Local Settings\Temp\111e399d-29b1-4dad-8d64-c59cc62fc1e5.exe
    C:\Documents and Settings\Simon\Local Settings\Temp\7fff3d87-3845-4740-8a34-0d32e6694806.exe
    C:\Documents and Settings\Simon\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Documents and Settings\Simon\Local Settings\Temp\SpOrder.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    0
  • Support

    Hi nomis1963,

    1. Have you restarted the computer after you restored Windows?

    2. Since the computer is old with very little RAM memory:
    "Total physical RAM: 447.36 MB"
    I think it can't handle Avast, Ad-Aware and Malwarebytes Anti-Malware (MBAM). You have to make the computer less secure by uninstalling two of the programs and since MBAM isn't an antivirusprogram you can't have only that program.

    3. Do you have the latest version (2014) of Avast?
    It's important to always have the latest version of an antivirusprogram.

    4. J2SE Runtime Environment 5.0 Update 3
    Java 7 Update 67
    Java™ 6 Update 2
    Java™ SE Runtime Environment 6 Update 1
    Those are very old versions of Java with a lot of known vulnerabilities that can be used by a web page to infect the computer. Please, uninstall them.
    If you really need to have Java, most people don't, it's very important to always have the latest version, Version 8 Update 25 at the moment.

    5. Please uninstall Delta Chrome Toolbar since it's adware, it might slow down the computer.

    6. You shouldn't use Internet Explorer due to its known vulnerabilities, those can be used by a web page to infect the computer. Other browsers are e.g. Opera, Mozilla Firefox and Google Chrome.


    7. Please, start Notepad.
    Copy all text that is in the box:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www2.delta-se...845001167000000" <======= ATTENTION
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your answer.
    0
  • Customer

    Hi,

     

    Thanks so much for helping.

     

    In answer to your questions -

     

    1. Yes I have re-started the PC since restore

    2. MBAM removed - I will take off Avast shortly

    3. Latest Avast version is installed

    4.All Java now removed

    5. Delta Chrome Toolbar now removed

    6. I will switch to a different Browser after this is all (hopefully ) sorted

    7. Please see log below as requested.

     

    Many thanks again for your assistance.

     

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2014 01
    Ran by Simon at 2014-12-22 18:32:06 Run:1
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & David & Aaron)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www2.delta-se...845001167000000" <======= ATTENTION
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    *****************

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
    HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    Lavasoft Kernexplorer => Service deleted successfully.

    ==== End of Fixlog 18:32:06 ====

    0
  • Support

    Hi,

     

    You're welcome

     

    Good!

    I hope your computer will work better when MBAM and Avast have been uninstalled.

     

     

    To uninstall FRST, please download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.
    If any logs remain on the computer you can remove them.


    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

    0
  • Customer

    Good evening,

     

    Avast! and Malwarebytes have been uninstalled.

     

    I have installed and am now using Firefox as my default browser, which seems to be an improvement in terms of speed.

     

    Just a couple of final questions -

     

    I accept that this is an old PC, but despite doing everything advised, removing circa 400mb of unwanted programmes and also reviewing/deleting which programmes start on boot up/browser load - things are still slower than they were before I had the issue - is there anything else to try?

     

    Thanks again :-)

     

    0
  • Support

    Hi,

     

    1. Is the computer faster if you disable everything in Ad-Aware?

     

    2. Are all the user accounts as slow as yours?

     

    3. Sometimes when a hard disk gets bad, read errors occur and Windows will need to read the same file many times until it's read correctly. That behaviour makes the computer slow. Have backups of all important files, Windows can crash when a hard disk is bad.

     

     

    4. Let us see if AdwCleaner finds something:

    Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Report button.
    A report will be displayed, copy its content and paste into your answer.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[R0].txt.

     

     

    5. To get a second opinion run an online scan with Eset: http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

    0
  • Customer

    Hi,

     

    1. Yes a bit I think - it takes a while on boot up (but no longer than Avast used to)

    2. Yes, they seem so

    3. Please see logs x 2 below

     

    Thanks.

     

    # AdwCleaner v4.106 - Report created 24/12/2014 at 06:46:15
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Simon - MORRISPC
    # Running from : C:\Documents and Settings\Simon\Desktop\adwcleaner_4.106.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found : C:\Documents and Settings\All Users\Application Data\BrowserProtect
    Folder Found : C:\Documents and Settings\All Users\Application Data\BrowserProtect
    Folder Found : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    Folder Found : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found : C:\Documents and Settings\Simon\Application Data\BabSolution
    Folder Found : C:\Documents and Settings\Simon\Application Data\Babylon
    Folder Found : C:\Program Files\wiseconvert

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [5770 octets] - [24/12/2014 06:46:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5830 octets] ##########

     

    C:\Documents and Settings\Aaron\Local Settings\Temp\stuprt.exe a variant of Win32/Kryptik.CTRL trojan
    C:\Documents and Settings\Aaron\Local Settings\Temp\~00467366.tmp a variant of Win32/Kryptik.CTRW trojan
    C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\Content.IE5\CAGSR1WZ\ccsetup412[1].exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb a variant of Win32/Kryptik.CTRW trojan
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Documents and Settings\Simon\Application Data\BabSolution\CR\delta2.crx a variant of Win32/Toolbar.Babylon.I potentially unwanted application
    C:\Documents and Settings\Simon\Application Data\BabSolution\Shared\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
    C:\Documents and Settings\Simon\Application Data\BabSolution\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
    C:\Documents and Settings\Simon\My Documents\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

     

    0
  • Support

    1. Please, turn off all programs, including browsers.

    Double-click on AdwCleaner to start the program.

     

    Click on the Scan button.

    Wait until the search has finished.

     

    Click on the Clean button.

     

    Click on OK.

    Click on OK on any message that pops up.

    The computer will be restarted.

     

    A report will be displayed, copy its content and paste into your answer.

    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

     

     

    2. The following instruction will delete everything in the Recycle Bin and in all folders with temporary files.

    Please, start Notepad.

    Copy all text that is in the box:


    Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu
    EmptyTemp:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

    0
  • Support

    Hallo,

     


    Are you sure that FRST hasn't a "Fix" button, maybe you started AdwCleaner instead of FRST?

    0
  • Customer

    Good morning,

     

    Please see below the results from the AdwCleaner scan. Also, when I loaded FRST the only option I had was 'Clean' rather than 'Fix', so I ran that (hope that was right?1) and it asked me to restart the PC. It has NOT left a Fixlog.txt file antwhere on the computer - not sure why!

     

    # AdwCleaner v4.106 - Report created 25/12/2014 at 09:06:33
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Simon - MORRISPC
    # Running from : C:\Documents and Settings\Simon\Desktop\Lava help stuff\adwcleaner_4.106.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    Folder Deleted : C:\Program Files\wiseconvert
    Folder Deleted : C:\Documents and Settings\Simon\Application Data\BabSolution
    Folder Deleted : C:\Documents and Settings\Simon\Application Data\Babylon

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [5910 octets] - [24/12/2014 06:46:15]
    AdwCleaner[R1].txt - [5986 octets] - [25/12/2014 09:02:53]
    AdwCleaner[s0].txt - [5598 octets] - [25/12/2014 09:06:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5658 octets] ##########

    0
  • Support

    Good, no need to apologize

     

    Now I need to know more about a file.

     

    Please, start Notepad.

    Copy all text that is in the box:


    File: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

    0
  • Customer

    Sorry - my mistake - not sure what I ran before - please see FRST log below!

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014
    Ran by Simon at 2014-12-25 15:11:48 Run:1
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & David & Aaron)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu
    EmptyTemp:
    *****************


    ========================= Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu ========================

    2014-12-21 15:59 - 2014-12-21 15:59 - 0267376 _____ () C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb

    ====== End of Folder: ======

    EmptyTemp: => Removed 1.6 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 15:13:44 ====

    0
  • Customer

    Hi,

     

    Results of log below -

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014
    Ran by Simon at 2014-12-25 16:29:36 Run:2
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    File: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb
    *****************


    ========================= File: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb ========================

    MD5: 7f698b89b47de3f0473fddce90e967dd
    Creation and modification date: 2014-12-21 15:59 - 2014-12-21 15:59
    Size: 0267376
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product Name:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End Of File: ======


    ==== End of Fixlog 16:29:37 ====

    0
  • Support

    Please, upload this file to http://www.virustotal.com/using the "Choose file" button (select reanalyze if asked) and post back the link to the scan report: C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb

    0
  • Support

    Sorry, but you uploaded "Fixlog.txt" and not C:\Documents and Settings\All Users\Application Data\JudwUcbu\BenuKicow.tmb.

    0
  • Support

    The following script will remove that file and its folder.

     

    Please, start Notepad.

    Copy all text that is in the box:


    2014-12-21 15:59 - 2014-12-21 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\JudwUcbu
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

    0
  • Support

    That's strange that it's non-existing when you could upload the file to Virustotal. Let's check that it's really gone.

     

    Please, start Notepad.

    Copy all text that is in the box:

    Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

    0
  • Customer

    Hi,

     

    Here is the log,

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
    Ran by Simon at 2014-12-27 19:04:08 Run:5
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu
    *****************


    ========================= Folder: C:\Documents and Settings\All Users\Application Data\JudwUcbu ========================

    Directory Not Found

    ==== End of Fixlog 19:04:09 ====

    0
  • Customer

    Hi,

     

    Please see log below,

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2014
    Ran by Simon at 2014-12-27 08:37:04 Run:4
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    2014-12-21 15:59 - 2014-12-21 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\JudwUcbu
    *****************

    "C:\Documents and Settings\All Users\Application Data\JudwUcbu" => File/Directory not found.

    ==== End of Fixlog 08:37:04 ====

    0
  • Support

    Hi,

     


    Good that the folder has been deleted.

     


    Is the computer faster now?

    0
  • Customer

    Hi,

     

    My PC reacts as follows;

     

    On boot up -

     

    Quick to get to 'welcome/log in' screen.

    Quick to get from there to my desktop

    Slow for Ad Aware and Web Companion to load (can I cancel WC from starting at boot up?)., at this point I am unable to do anything. Once I have waited for these two progs to load and the Ad Aware tray icon to turn orange, Firefox loads fairly quickly, and I am also able to carry out routine tasks at a reasonable speed too.

     

    I REALLY appreciate your help - do you think we have gone as far as we can go? Have all viruses/malware now been removed?

    0
  • Support

    Hi,

     


    1. Start menu - Run - msconfig - OK


    Startup tab


    Unselect Web Companion and maybe Ad-Aware to check.

     


    2. Scan with FRST and paste the new FRST.txt in your reply.

     


    3. Run Eset's online scan again.

    0
  • Customer

    Hi,

     

    I think two logs were saved to the desktop (both below) one as 'FRST text' and the other as 'addition text'

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
    Ran by Simon (administrator) on MORRISPC on 29-12-2014 10:16:06
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [skyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-05-10] ()
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [7700288 2014-12-18] ()
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\...\Policies\Explorer: [NoDrives] 0x00000000
    SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    HKU\S-1-5-21-2284049915-3903095038-2347252828-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {3CAB56CE-65D6-4600-9759-158502D4925F} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {A9D61C09-603C-4350-9AEF-498C58C0C3F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    SearchScopes: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms}
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} http://www.newstarsoccer.com/OSAKitPro.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} https://connect.kingfisher.com/postauthI/epi.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\l53n7bes.default-1419365226421
    FF NewTab: hxxp://www.google.co.uk/
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-16]

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
    R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec) [File not signed]
    S3 BLKWGU(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
    R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
    R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
    R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
    S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
    R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
    R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
    S3 BTIAUSB; C:\WINDOWS\System32\DRIVERS\btiausb.sys [23808 2008-07-30] (iAnywhere Solutions)
    S3 BTPROT; C:\WINDOWS\System32\DRIVERS\btprot.sys [453120 2008-08-02] (iAnywhere Solutions)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-10-09] (BitDefender LLC)
    S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
    S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-27] (LG Electronics Inc.)
    S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-27] (LG Electronics Inc.)
    S3 Usblink; C:\WINDOWS\System32\Drivers\ulink.sys [37708 2005-04-29] () [File not signed]
    S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-25] (LG Electronics Inc.)
    S3 USBSER34; C:\WINDOWS\System32\Drivers\USBSER34.SYS [35440 2005-12-27] (WCH) [File not signed]
    R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
    R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
    S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S4 IntelIde; No ImagePath
    S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
    S3 NgFilter; system32\DRIVERS\ngfilter.sys [X]
    S3 NgLog; system32\DRIVERS\nglog.sys [X]
    S3 NgVpn; system32\DRIVERS\ngvpn.sys [X]
    S3 NgWfp; system32\DRIVERS\ngwfp.sys [X]
    S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
    S3 RimUsb; System32\Drivers\RimUsb.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 StarOpen; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-29 10:16 - 2014-12-29 10:17 - 00014994 _____ () C:\Documents and Settings\Simon\Desktop\FRST.txt
    2014-12-28 19:27 - 2014-12-28 19:27 - 00000854 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-28 19:22 - 2014-12-28 19:22 - 00011966 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141228_192232.reg
    2014-12-25 17:17 - 2014-12-25 17:17 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Adobe
    2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
    2014-12-25 17:13 - 2014-12-25 17:13 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla
    2014-12-25 16:08 - 2014-12-25 16:08 - 00010310 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141225_160836.reg
    2014-12-25 15:58 - 2014-12-25 15:58 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
    2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
    2014-12-25 15:57 - 2014-12-25 15:59 - 00091728 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000794 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Windows Media Player.lnk
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000773 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000744 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Outlook Express.lnk
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000128 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 __SHD () C:\Documents and Settings\Guest\IETldCache
    2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Documents and Settings\Guest
    2014-12-25 15:57 - 2006-11-22 13:22 - 00000178 ___SH () C:\Documents and Settings\Guest\ntuser.ini
    2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\ATI
    2014-12-25 15:57 - 2006-11-22 12:55 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\ATI
    2014-12-25 15:57 - 2006-11-22 12:46 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Macromedia
    2014-12-25 15:57 - 2006-11-22 11:49 - 00000000 ___RD () C:\Documents and Settings\Guest\Start Menu\Programs\Accessories
    2014-12-25 15:57 - 2006-11-22 11:46 - 00001605 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Remote Assistance.lnk
    2014-12-25 15:10 - 2014-12-29 10:16 - 00000000 ____D () C:\FRST
    2014-12-25 15:09 - 2014-12-27 19:03 - 01114624 _____ (Farbar) C:\Documents and Settings\Simon\Desktop\FRST.exe
    2014-12-24 16:27 - 2014-12-27 19:06 - 00000000 ____D () C:\Documents and Settings\Simon\Desktop\Lava help stuff
    2014-12-24 06:56 - 2014-12-24 06:56 - 00000000 ____D () C:\Program Files\ESET
    2014-12-24 06:46 - 2014-12-25 09:06 - 00000000 ____D () C:\AdwCleaner
    2014-12-23 21:07 - 2014-12-23 21:07 - 00000000 __SHD () C:\found.001
    2014-12-23 20:38 - 2014-12-23 20:38 - 00465464 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141223_203845.reg
    2014-12-23 20:21 - 2014-12-23 20:21 - 00000260 _____ () C:\WINDOWS\_delis32.ini
    2014-12-23 20:17 - 2014-12-23 20:18 - 00000630 _____ () C:\Documents and Settings\Simon\Installer.log
    2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Mozilla
    2014-12-22 22:58 - 2014-12-22 22:58 - 00000736 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2014-12-22 22:58 - 2014-12-22 22:58 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-12-22 22:58 - 2014-12-22 22:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
    2014-12-22 18:30 - 2014-12-22 18:30 - 00000450 _____ () C:\Documents and Settings\Simon\My Documents\fixlist.txt
    2014-12-21 22:12 - 2014-12-28 19:27 - 00952840 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-12-21 18:09 - 2014-12-21 18:09 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\LavasoftStatistics
    2014-12-21 18:08 - 2014-12-21 18:08 - 00000246 _____ () C:\prefs.js
    2014-12-21 18:08 - 2014-12-21 18:08 - 00000000 ____D () C:\searchplugins
    2014-12-21 18:07 - 2014-12-21 18:12 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Application Data\Lavasoft
    2014-12-21 18:07 - 2014-12-21 18:07 - 00004104 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
    2014-12-21 18:07 - 2014-12-21 18:07 - 00002128 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2014-12-21 18:06 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
    2014-12-21 18:01 - 2014-12-29 10:02 - 00002050 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
    2014-12-21 18:00 - 2014-12-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
    2014-12-21 17:57 - 2014-12-21 17:57 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2014-12-21 17:56 - 2014-12-21 17:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
    2014-12-21 12:11 - 2014-12-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-21 11:23 - 2014-12-21 17:39 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DEF6EE2F-DCA5-4533-9083-67BB84C619B4}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-29 10:17 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Temp
    2014-12-29 10:03 - 2006-11-21 22:44 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-29 10:00 - 2007-02-05 18:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-29 10:00 - 2007-02-05 18:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-12-29 09:59 - 2006-11-22 11:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-28 19:27 - 2007-02-02 18:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
    2014-12-28 19:27 - 2007-02-02 13:52 - 00000278 ___SH () C:\Documents and Settings\Simon\ntuser.ini
    2014-12-28 19:27 - 2006-11-22 11:49 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-28 19:21 - 2007-02-02 13:52 - 00000000 ____D () C:\Documents and Settings\Simon
    2014-12-28 19:20 - 2007-02-17 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\National Lottery Ticket Checker
    2014-12-28 19:20 - 2007-02-03 11:09 - 00000000 ___RD () C:\Documents and Settings\Simon\Desktop\Dad's garb
    2014-12-25 18:37 - 2011-02-27 12:43 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-12-25 17:12 - 2007-02-03 10:55 - 00008224 _____ () C:\Documents and Settings\Hilary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-12-25 17:12 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary\Local Settings\Temp
    2014-12-25 16:55 - 2006-11-22 12:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-25 16:54 - 2009-12-25 11:01 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Amazon
    2014-12-25 16:54 - 2009-12-25 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
    2014-12-25 16:53 - 2008-11-01 10:55 - 00000000 ____D () C:\Program Files\New Star Soccer
    2014-12-25 15:12 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2014-12-25 15:11 - 2006-11-22 11:49 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
    2014-12-25 15:10 - 2007-02-10 11:49 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
    2014-12-25 09:25 - 2007-02-02 13:52 - 00091728 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-12-25 09:22 - 2006-11-22 12:40 - 00338648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-12-23 20:35 - 2013-10-28 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-12-23 20:26 - 2008-12-10 13:57 - 00000000 ____D () C:\Program Files\Sony
    2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
    2014-12-23 20:22 - 2010-12-01 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Research In Motion
    2014-12-23 20:22 - 2010-12-01 20:42 - 00000000 ____D () C:\Program Files\Research In Motion
    2014-12-23 20:22 - 2007-02-06 17:33 - 00000000 ____D () C:\Program Files\Common Files\Logitech
    2014-12-23 20:22 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\twain_32
    2014-12-23 20:18 - 2007-02-06 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Labtec
    2014-12-23 20:17 - 2009-07-22 18:32 - 00000000 ____D () C:\Program Files\Panda Security
    2014-12-23 20:14 - 2008-09-11 15:46 - 00000000 ____D () C:\Program Files\Safari
    2014-12-23 20:12 - 2007-03-17 11:04 - 00001856 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    2014-12-23 20:11 - 2006-11-22 12:47 - 00000000 ____D () C:\Program Files\Microsoft Office
    2014-12-23 20:11 - 2006-11-22 12:46 - 00000000 ____D () C:\Program Files\Microsoft Works
    2014-12-23 19:27 - 2012-11-11 17:16 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-23 19:27 - 2012-11-11 17:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-23 19:13 - 2009-07-20 18:09 - 00000000 ____D () C:\WINDOWS\pss
    2014-12-22 23:00 - 2008-01-12 12:02 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Mozilla
    2014-12-22 22:58 - 2013-05-08 17:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-12-21 19:05 - 2007-02-02 18:16 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Lavasoft
    2014-12-21 18:03 - 2008-02-04 10:01 - 00000000 ____D () C:\Program Files\Lavasoft
    2014-12-21 18:02 - 2008-02-04 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
    2014-12-21 17:57 - 2006-11-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\mui
    2014-12-21 17:40 - 2007-02-03 10:55 - 00000000 ____D () C:\Documents and Settings\Hilary
    2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-21 17:40 - 2006-11-22 11:49 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-21 17:40 - 2006-11-22 11:45 - 00000000 ____D () C:\WINDOWS\Registration
    2014-12-21 17:39 - 2006-11-21 22:44 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\{5B24C9B8-5E40-AE00-9000-917CADB209}

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
    Ran by Simon at 2014-12-29 10:17:55
    Running from C:\Documents and Settings\Simon\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
    FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
    Ad-Aware Web Companion (Version: 1.1.844.1586 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
    Adjunct Blaster 1.2 (HKLM\...\Adjunct Blaster_is1) (Version: - StudyLamp Software)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
    Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
    Adobe Reader 7.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A71000000002}) (Version: 7.1.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Control Center (HKLM\...\{27B6A08F-4C54-4659-B0CF-47B640B8CA00}) (Version: 1.2.2390.37472 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.282-060802a-035722C-ATI - )
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
    Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
    BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28 - Research In Motion Ltd.) Hidden
    Bluesoleil2.6.0.8 Release 070517 (HKLM\...\{438BB9B4-65FE-4626-91D9-A8F57B18001D}) (Version: 2.6.0.8 Release 070517 - IVT Corporation)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    D2300 (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    D2300_Help (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 1.17 - Piriform)
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Email Updater (HKLM\...\{2F1E5C4C-B20C-42C3-B5F1-1FE2CA207AFE}) (Version: 1.0.4 - Virgin Media)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
    HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
    HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}) (Version: 7.1 - HP)
    HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
    HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard)
    HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
    hph_ProductContext (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    hph_readme (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    hph_software (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
    HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.780 - InterVideo Inc.)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
    LavasoftTcpService (Version: 2.2.9.5 - Lavasoft) Hidden
    MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Creative Writer 2 (HKLM\...\Creative Writer 2) (Version: - )
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
    Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )
    Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
    Nero Digital (HKLM\...\NeroVision!UninstallKey) (Version: - )
    Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
    NeroVision Express Content (HKLM\...\NVEContent!UninstallKey) (Version: - )
    PASSAGE 1995 Edition (Freeware) (HKLM\...\Passage) (Version: - )
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)
    PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.10213 - Sony Computer Entertainment Inc.)
    PrintMaster Gold 4.03 (HKLM\...\PrintMaster Gold 4.03) (Version: - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Skype™ 5.1 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
    Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
    SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Spotify (HKLM\...\Spotify) (Version: 0.4.3 - )
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
    Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Web Companion (HKLM\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinZip (HKLM\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{156ACF3D-3BB5-328B-8682-CED029D43C01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{1DB47FBB-7AC1-3880-8AAE-4297395A7876}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{236A05F6-385C-3B02-A1E4-1714BAA11BA0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{2CCAE74C-424B-3F5B-8CDE-D443542BB33D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{369E689F-3511-341F-AD83-CCE40620775E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{86E6A200-3173-31C5-B4A9-206733589FF7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{8999D250-5337-37A2-890A-50B98505A511}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{93ED95FB-B4EE-399C-AF77-A19F1250A4B8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{94C900E8-824F-3340-9926-99298FDD976E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9B5997C1-125F-39D7-B6F1-2F9F8D862D9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{9ED30511-AF2B-3E23-8D7D-CDE7DFD994E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{A87ACD9A-94E4-3F0F-A414-228C4B3460BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{ABF3F743-D1CA-3D70-B2F8-7259FCD53CFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{B334831F-99BC-3DFB-9758-64EE98D92BDE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C6DB4841-51DD-33FE-862A-678F9B7FC91C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{C87166D1-9E22-3D59-85DA-F96CA8A2004B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2284049915-3903095038-2347252828-1007_Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.DLL (Microsoft Corporation)

    ==================== Restore Points =========================

    21-11-2014 10:10:48 System Checkpoint
    22-11-2014 12:58:35 avast! antivirus system restore point
    27-11-2014 20:19:52 System Checkpoint
    04-12-2014 18:38:05 System Checkpoint
    21-12-2014 15:38:57 System Checkpoint
    21-12-2014 17:38:05 Restore Operation
    21-12-2014 17:56:51 Installed Windows XP KB942288-v3.
    21-12-2014 17:57:26 AA11
    21-12-2014 18:02:50 LavasoftWeCompanion
    22-12-2014 18:18:05 Removed Java 7 Update 67
    22-12-2014 18:20:18 Removed Java SE Runtime Environment 6 Update 1
    22-12-2014 18:21:11 Removed J2SE Runtime Environment 5.0 Update 3
    22-12-2014 22:32:08 avast! antivirus system restore point
    23-12-2014 20:11:31 Removed Microsoft Works
    23-12-2014 20:13:08 Removed Java 6 Update 2
    23-12-2014 20:14:30 Removed Safari
    23-12-2014 20:17:56 Removed Labtec WebCam
    23-12-2014 20:19:29 Removed Bing Bar
    23-12-2014 20:22:54 Removed BlackBerry® Media Sync
    23-12-2014 20:26:13 Removed PlayStation®Network Downloader.
    25-12-2014 16:55:09 Configured EZ Label Xpress Lite
    28-12-2014 18:40:07 AA11

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-21 22:44 - 2008-02-17 10:29 - 00224678 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    127.0.0.1 132.com
    127.0.0.1 www.136136.net
    127.0.0.1 136136.net
    127.0.0.1 www.139mm.com
    127.0.0.1 139mm.com
    127.0.0.1 www.163ns.com
    127.0.0.1 163ns.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-12-18 14:45 - 2014-12-18 14:45 - 00662544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    2014-12-18 15:20 - 2014-12-18 15:20 - 00090456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00110432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 10552144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00635224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00409432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00640840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00104768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00760664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00691560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00865096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00207688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00796504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 01018176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00857432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00671056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 02364240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 02665296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00990032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00046944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00766272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00298824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 02123608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00969536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00766784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00759112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00923496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00121664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
    2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
    2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 07700288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    2014-12-18 15:20 - 2014-12-18 15:20 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 01624896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
    2014-12-18 15:20 - 2014-12-18 15:20 - 00641856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
    2012-03-24 19:15 - 2012-03-24 19:15 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8ed399c6\mscorlib.dll
    2012-06-21 08:29 - 2012-06-21 08:29 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e6857051\system.windows.forms.dll
    2012-03-24 19:14 - 2012-03-24 19:14 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a73297d9\system.dll
    2012-03-24 19:15 - 2012-03-24 19:15 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_10607ec5\system.xml.dll
    2012-06-21 08:29 - 2012-06-21 08:29 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7c8b89c2\system.drawing.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk => C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^David^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkStartup
    MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LogitechVideoRepair => C:\Program Files\Logitech\Video\ISStart.exe
    MSCONFIG\startupreg: LogitechVideoTray => C:\Program Files\Logitech\Video\LogiTray.exe
    MSCONFIG\startupreg: LVCOMSX => C:\WINDOWS\system32\LVCOMSX.EXE
    MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    MSCONFIG\startupreg: Malwarebytes' Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe
    MSCONFIG\startupreg: Spotify => "C:\Program Files\Spotify\spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2284049915-3903095038-2347252828-500 - Administrator - Enabled)
    Guest (S-1-5-21-2284049915-3903095038-2347252828-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-2284049915-3903095038-2347252828-1006 - Limited - Disabled)
    Hilary (S-1-5-21-2284049915-3903095038-2347252828-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Hilary
    Simon (S-1-5-21-2284049915-3903095038-2347252828-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Simon
    SUPPORT_388945a0 (S-1-5-21-2284049915-3903095038-2347252828-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC)
    Description: Open of service failed.

    Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.

    Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
    Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
    Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: Fax Service failed to read the archive configuration, possibly due to registry corruption or a lack of system resources.


    Reinstall Fax service using Repair mode.
    Win32 error code: 13.
    This error code indicates the cause of the error.


    System errors:
    =============
    Error: (12/29/2014 10:02:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

    Error: (12/29/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The StarOpen service failed to start due to the following error:
    %%2

    Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

    Error: (12/28/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The StarOpen service failed to start due to the following error:
    %%2

    Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The iPod Service service failed to start due to the following error:
    %%1053

    Error: (12/28/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

    Error: (12/28/2014 06:13:45 PM) (Source: DCOM) (EventID: 10005) (User: MORRISPC)
    Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
    in order to run the server:
    {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

    Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

    Error: (12/28/2014 06:12:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The StarOpen service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (12/29/2014 10:00:19 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/28/2014 06:52:25 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/28/2014 06:11:41 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/27/2014 06:55:09 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/27/2014 08:20:14 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/26/2014 09:48:52 AM) (Source: WmiAdapter) (EventID: 4099) (User: MORRISPC)
    Description:

    Error: (12/26/2014 09:46:41 AM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13

    Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

    Error: (12/25/2014 05:10:54 PM) (Source: EventSystem) (EventID: 4614) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

    Error: (12/25/2014 04:20:01 PM) (Source: Microsoft Fax) (EventID: 32063) (User: )
    Description: 13


    ==================== Memory info ===========================

    Processor: Intel® Pentium® 4 CPU 3.06GHz
    Percentage of memory in use: 79%
    Total physical RAM: 447.36 MB
    Available physical RAM: 89.98 MB
    Total Pagefile: 1054.59 MB
    Available Pagefile: 439.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.29 MB

    ==================== Drives ================================

    Drive c: (468385) (Fixed) (Total:149.05 GB) (Free:109.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CB2C7EC7)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    0
  • Customer

    Hi,

     

    Eset scan log below,

     

     

    C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BabMaint.exe.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Documents and Settings\Simon\Application Data\BabSolution\Shared\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined

     

    0
  • Support

    Hi,

     

    1. Please, run Avast Uninstall Utility since there are pieces of Avast in the logs.

    https://www.avast.com/uninstall-utility

     

    2. This file can sometimes be an indication of a bad hard disk:

    2014-12-23 21:07 - 2014-12-23 21:07 - 00000000 __SHD () C:\found.001

     

    3. Have you installed Panda antivirus program, too?

    If yes, you have to follow the instructions on http://www.pandasecurity.com/usa/homeusers/support/card/?id=55509

     

    4. Please, update your outdated programs, see http://www.lavasoftsupport.com/index.php?/topic/34144-virus-relating-to-xmlka-or-other-infection-help-please/#entry147370

     

     

    5. Please, start Notepad.

    Copy all text that is in the box:


    SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    S4 IntelIde; No ImagePath
    S2 StarOpen; No ImagePath
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

    0
  • Customer

    Hi,

     

    All instructions carried out - please see log below,

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
    Ran by Simon at 2014-12-30 09:01:10 Run:6
    Running from C:\Documents and Settings\Simon\Desktop
    Loaded Profile: Simon (Available profiles: Simon & Hilary & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    S4 IntelIde; No ImagePath
    S2 StarOpen; No ImagePath
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn => value deleted successfully.
    HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
    HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => Key deleted successfully.
    IntelIde => Service deleted successfully.
    StarOpen => Service deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

    ==== End of Fixlog 09:02:03 ====

    0
  • Support

    Does the computer still need very long time from login to working?

    0
  • Customer

    sadly yes! Its quick to do the initial boot up/log ins, but Ad aware takes ages to load and I would say its around 10 mins from turning it on to getting online :-(

    0

Please sign in to leave a comment.