Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Mail account hacked, being used to send viruses to contacts?


  • This topic is locked This topic is locked
63 replies to this topic

#1 Lily123

Lily123

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 20 April 2014 - 08:19 AM

Hi there,

 

I wondered if someone could please offer me a little advice about a problem I’ve been having for a number of weeks.

 

I have a Yahoo Mail account and recently received a message from my service provider informing me that the security of my account had been compromised and that I should run a system scan and change my password.  

 

I ran a system scan right away and changed my password and I thought that this was the end of the issue.

 

Then in the last couple of weeks, I’ve been receiving numerous messages from ‘Mail Delivery System’ informing me:

 

‘Mail delivery failed: returning message to sender’

 

The thing is, I have NOT been sending the messages that are being returned to me – messages are being sent by someone (posing as me) to my contacts.

 

Some of these messages are actually getting through to my contacts, but a large majority are failing to get through and are being returned. 

 

I have opened the ‘failed messages’ and I can see that whoever is sending these messages is also sending an attachment.  The attachment has MY FIRST NAME as the title (which concerns me a lot) and the file type is ‘.eml’ (which I believe may be a virus).

 

I have checked my ‘sent’ folder and there is NO record of these emails being sent. 

 

I have tried changing my password 4 times, ran a boot-time scan with my Avast! Antivirus (the system was found to be clean) and followed all of the instructions from Yahoo on how to stop this, but I still keep getting ‘Mail delivery failed’ messages in my inbox most days.

 

I’m really worried that my account is being used to circulate viruses and the last thing I want is for my contacts to think that these emails are genuine and open the attachment.

 

If someone could please advise me on what to do to stop this, I would be extremely grateful.

 

Thank you very much in advance



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 25 April 2014 - 08:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531740 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 26 April 2014 - 07:40 PM

Hello there,

 

Just in response to Helpbot…I would still very much appreciate some help please as I am still having the above problem.

 

I have run DDS as requested.  Here is the dds.txt log report produced:

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 DSREPAIR

Internet Explorer: 8.0.6001.18702

Run by Lily at 1:29:20 on 2014-04-27

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.314 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\BT Cloud\fshoster32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.yahoo.com/

mStart Page = about:blank

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

EB: BT Yahoo! Sidebar: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} -

EB: &Discuss: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE

mRun: [Motive SmartBridge] c:\progra~1\bttota~1\help\smartb~1\BTHelpNotifier.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe

mRun: [F-Secure Hoster (47188)] "c:\program files\bt cloud\fshoster32.exe" -app -hosterid:1

mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"

mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe

mRun: [UpdReg] c:\windows\UpdReg.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe

mRun: [nwiz] nwiz.exe /install

mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [DataCaching] c:\progra~1\dataca~1\FLashKsk.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE

mRun: [BCMSMMSG] BCMSMMSG.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\bc826726-391e-4b21-8487-ff4c6ac84382.exe /check

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bttotalbroadband220v\help\bin\matcli.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photoe~1.lnk - c:\program files\ulead systems\ulead photo express 2 se\CalCheck.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - <orphaned>

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{9352B787-CDE7-4FA1-BE70-428485EB13F4} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-6-14 98392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-31 410784]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-1-31 67824]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-31 50344]

R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]

R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006]

S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-31 49944]

S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-31 180248]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-31 775952]

S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2014-03-13 16:34:25          692616  ----a-w-   c:\windows\system32\FlashPlayerApp.exe

2014-03-13 16:34:24          71048    ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-06 17:59:23          920064  ----a-w-   c:\windows\system32\wininet.dll

2014-03-06 17:59:22          43520    ----a-w-   c:\windows\system32\licmgr10.dll

2014-03-06 17:59:22          18944    ----a-w-   c:\windows\system32\corpol.dll

2014-03-06 17:59:22          1469440                ----a-w-   c:\windows\system32\inetcpl.cpl

2014-03-06 00:46:54          385024  ----a-w-   c:\windows\system32\html.iec

2014-02-26 01:59:05          13312    ------w-    c:\windows\system32\xp_eos.exe

2014-02-07 02:01:37          1879040                ----a-w-   c:\windows\system32\win32k.sys

2014-02-05 13:16:52          67824    ----a-w-   c:\windows\system32\drivers\aswmonflt.sys

2014-02-05 08:55:04          562688  ----a-w-   c:\windows\system32\qedit.dll

2014-01-31 15:08:33          775952  ----a-w-   c:\windows\system32\drivers\aswSnx.sys

2014-01-31 15:08:33          49944    ----a-w-   c:\windows\system32\drivers\aswRvrt.sys

2014-01-31 15:08:33          180248  ----a-w-   c:\windows\system32\drivers\aswVmm.sys

2014-01-31 15:08:31          43152    ----a-w-   c:\windows\avastSS.scr

.

============= FINISH:  1:31:43.12 ===============

 

 

Many Thanks



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 26 April 2014 - 10:12 PM

Greetings Lily and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 29 April 2014 - 05:22 AM

Hello Gary :-)

 

Thank you very much for taking the time to respond to my post and for your advice!

 

I have now followed your instructions.  The FRST results and Addition.txt are as follows:

 

FRST log report

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014

Ran by Lily (administrator) on D2DM8N0J on 27-04-2014 21:35:32

Running from C:\Documents and Settings\Lily\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode:

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

(Creative Technology Ltd) C:\WINDOWS\System32\CTsvcCDA.exe

(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\WINDOWS\System32\MsPMSPSv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\System32\NvCpl.dll [5058560 2003-10-06] (NVIDIA Corporation)

HKLM\...\Run: [OneTouch Monitor] => C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)

HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)

HKLM\...\Run: [PrinTray] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)

HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [684032 2002-10-02] (Roxio)

HKLM\...\Run: [btbb_wcm_McciTrayApp] => C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)

HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)

HKLM\...\Run: [PE2CKFNT SE] => C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [LXSUPMON] => C:\WINDOWS\System32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)

HKLM\...\Run: [DataCaching] => C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )

HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)

HKLM\...\Run: [CTDVDDet] => C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [45056 2002-09-30] (Creative Technology Ltd)

HKLM\...\Run: [Camera Detector] => C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)

HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-08] (Apple Inc.)

HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\bc826726-391e-4b21-8487-ff4c6ac84382.exe /check [181136 2014-04-27] (AVAST Software)

HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Back] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Forward] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Stop] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Refresh] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Home] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Search] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_History] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Favorites] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Media] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Folders] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Fullscreen] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Tools] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_MailNews] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Size] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Print] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Edit] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Discussions] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Cut] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Copy] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Paste] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Encoding] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_PrintPreview] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetHood] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoFileMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetConnectDisconnect] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default

FF Homepage: hxxp://uk.yahoo.com

FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.10.835 - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.1136 - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF Plugin: @real.com/nprpjplug;version=6.0.11.847 - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-02-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-16]

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

 

========================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)

R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)

R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)

S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation)

R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-31] (AVAST Software)

S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-31] ()

S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-31] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-31] (AVAST Software)

S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-31] (AVAST Software)

S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-31] ()

R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)

S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2002-05-13] ()

R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio)

R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio)

R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio)

S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()

R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio)

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)

R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)

S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)

S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)

S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)

S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)

S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)

S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)

S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)

S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)

S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)

S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)

S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio)

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)

S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation)

S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)

R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.)

R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.)

R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio)

R3 scrcap; C:\WINDOWS\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft)

R0 SMR322; C:\WINDOWS\System32\drivers\SMR322.SYS [98392 2013-06-14] (Symantec Corporation)

R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio)

S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

R3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)

R3 vidcap; C:\WINDOWS\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft)

S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

U3 TrueSight; \??\ [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-27 21:35 - 2014-04-27 21:35 - 00020330 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-04-15 13:35 - 2014-04-15 14:23 - 00040960 ___SH () C:\Documents and Settings\Lily\Desktop\Thumbs.db

2014-04-10 00:14 - 2014-04-10 00:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-04-09 23:52 - 2014-04-10 00:07 - 00016517 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-04-08 23:53 - 2014-04-10 00:15 - 00015639 _____ () C:\WINDOWS\KB2922229.log

2014-04-06 11:23 - 2014-04-27 10:53 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-04-06 11:23 - 2014-04-06 20:56 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

 

==================== One Month Modified Files and Folders =======

 

2014-04-27 21:35 - 2014-04-27 21:35 - 00020330 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-04-27 21:34 - 2013-12-17 14:05 - 01049600 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2014-04-27 21:26 - 2013-06-12 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-04-27 21:08 - 2010-02-23 18:32 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-27 21:08 - 2010-02-23 18:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-27 15:09 - 2014-01-31 16:09 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-04-27 11:15 - 2005-01-16 18:47 - 01655878 _____ () C:\WINDOWS\WindowsUpdate.log

2014-04-27 10:54 - 2013-12-05 10:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-04-27 10:54 - 2013-12-05 10:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-04-27 10:53 - 2014-04-06 11:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-04-27 10:53 - 2003-02-19 13:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-04-27 03:09 - 2003-02-19 13:26 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt

2014-04-27 00:12 - 2003-02-19 13:24 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL

2014-04-24 22:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm

2014-04-24 22:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm

2014-04-24 22:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-04-24 22:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-04-24 22:33 - 2003-03-06 16:44 - 00000278 ___SH () C:\Documents and Settings\Lily\NTUSER.INI

2014-04-19 05:21 - 2003-05-04 23:47 - 00000550 _____ () C:\WINDOWS\ULEAD32.INI

2014-04-19 05:21 - 2003-03-06 16:59 - 00000022 _____ () C:\WINDOWS\FLASHKSK.INI

2014-04-15 14:26 - 2014-03-26 02:09 - 00096777 _____ () C:\Documents and Settings\Lily\Desktop\pspbrwse.jbf

2014-04-15 14:26 - 2003-03-06 16:44 - 00000000 ____D () C:\Documents and Settings\Lily

2014-04-15 14:23 - 2014-04-15 13:35 - 00040960 ___SH () C:\Documents and Settings\Lily\Desktop\Thumbs.db

2014-04-15 14:13 - 2014-01-15 14:30 - 00002619 _____ () C:\Documents and Settings\Lily\Desktop\Jasc Paint Shop Pro 8.lnk

2014-04-15 14:13 - 2003-09-16 00:04 - 00000000 ____D () C:\Documents and Settings\Lily\My Documents\My PSP8 Files

2014-04-15 13:35 - 2014-03-15 00:52 - 00000000 ____D () C:\Documents and Settings\Lily\Desktop\ Correspondance

2014-04-15 13:18 - 2003-03-08 17:01 - 00239616 _____ () C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-10 00:15 - 2014-04-08 23:53 - 00015639 _____ () C:\WINDOWS\KB2922229.log

2014-04-10 00:15 - 2013-12-13 13:33 - 00037230 _____ () C:\WINDOWS\setupapi.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00117466 _____ () C:\WINDOWS\FaxSetup.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00056164 _____ () C:\WINDOWS\ocgen.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00044821 _____ () C:\WINDOWS\tsoc.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00038398 _____ () C:\WINDOWS\comsetup.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00023673 _____ () C:\WINDOWS\ntdtcsetup.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00018719 _____ () C:\WINDOWS\iis6.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00006498 _____ () C:\WINDOWS\ocmsn.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00005871 _____ () C:\WINDOWS\msgsocm.log

2014-04-10 00:15 - 2013-12-13 13:32 - 00001374 _____ () C:\WINDOWS\imsins.log

2014-04-10 00:14 - 2014-04-10 00:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-04-10 00:07 - 2014-04-09 23:52 - 00016517 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-04-10 00:07 - 2002-09-03 10:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK

2014-04-10 00:03 - 2013-12-13 14:09 - 00015813 _____ () C:\WINDOWS\updspapi.log

2014-04-10 00:00 - 2009-07-25 21:37 - 00000000 ____D () C:\WINDOWS\ie8updates

2014-04-06 20:56 - 2014-04-06 11:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-04-06 20:50 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

2014-03-30 16:23 - 2003-02-19 13:25 - 00510150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

 

Files to move or delete:

====================

C:\Documents and Settings\Lily\Application Data\dm.ini

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

 

 

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014

Ran by Lily at 2014-04-27 21:36:53

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

ACD FotoSlate 2.0.1 (HKLM\...\{3AE804DF-58A6-4C6C-9A01-B6E700420985}) (Version: 2.00.0001 - ACD Systems Ltd)

ACDSee for PENTAX 3.0 (HKLM\...\{92022F8E-2E55-4A16-88EB-B4778B35E942}) (Version: 9.0.34 - ACD Systems Ltd.)

Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)

Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden

Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)

Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)

Avery Wizard 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)

Avery Wizard 3.1 (Version: 3.1.0.2153 - Avery) Hidden

B57Inst (Version: 3.40 - Broadcom) Hidden

BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )

Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden

BitZipper 2010 (HKLM\...\BitZipper_is1) (Version:  - Bitberry Software)

BOB Books Version 1.5.0.4 (HKLM\...\BOB Books_is1) (Version:  - BOB Books Ltd.)

Bob Designer (HKLM\...\Bob Designer) (Version:  - )

Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)

BT Broadband Desktop Help (HKLM\...\btbb.MCCInstall) (Version:  - )

BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version:  - BT)

BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.77.243.0 - F-Secure Corporation)

BT Cloud (Version: 1.77.243.0 - F-Secure Corporation) Hidden

BT Voyager 220V USB Driver (HKLM\...\{D35D2AB6-E86B-4A9A-92DB-88E9CE49D619}) (Version: 7.3 - British Telecom)

BT Wireless Connection Manager (HKLM\...\BT Wireless Connection Manager) (Version:  - )

BT Yahoo! Applications (HKLM\...\BT Yahoo! Applications) (Version:  - )

BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version:  - )

CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden

Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)

Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )

Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)

Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)

Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)

DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)

Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.2.34 - Roxio Inc)

FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)

Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.21.53 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.1698.5652 - Google Inc.)

Help and Support Customization (Version: 1.00.0000 - Dell) Hidden

HP Celebrations (HKLM\...\HP Celebrations) (Version:  - )

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)

HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)

HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

Hypertron (HKLM\...\{392C2B49-A68F-4579-9CC9-A91AE756D143}) (Version:  - )

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)

Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )

Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)

Intense Language Office (HKLM\...\Intense Language Office) (Version:  - )

IS Express for C++Builder (HKLM\...\IS Express for C++Builder) (Version:  - )

Jasc Digital Camera Support v5.0 (HKLM\...\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}) (Version: 5.00.0000 - Jasc Software Inc)

Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)

Lexmark Photo Center (HKLM\...\InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}) (Version: 1.0 - Lexmark International)

Lexmark Photo Center (Version: 1.0 - Lexmark International) Hidden

Lexmark Supplies Monitor (HKLM\...\Lexmark Supplies Monitor) (Version:  - )

Lexmark Z65 (HKLM\...\Lexmark Z65) (Version:  - )

Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:  - )

LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)

Macromedia Dreamweaver 3 (HKLM\...\Macromedia Dreamweaver 3) (Version: 3 - Macromedia)

Macromedia Flash 5 (HKLM\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)

Media Library Management Wizard (HKLM\...\mplibwiz.inf) (Version:  - )

Micrografx Windows Draw 6 Limited Edition (HKLM\...\WindowsDrawLE) (Version:  - )

Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden

Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )

Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft MPEG-4 VKI Video Codec V1/V2/V3 (HKLM\...\MS-MPEG4) (Version:  - )

Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)

Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )

Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.00.00.2239 - Microsoft Corporation)

Microsoft Plus! for Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.01.0732 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)

Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )

Movie Maker Background Music Files (HKLM\...\mmmusic) (Version:  - )

Movie Maker Sound Effects (HKLM\...\mmsounds) (Version:  - )

Movie Maker Title Images (HKLM\...\mmtitle) (Version:  - )

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MULTIPEDIA (HKLM\...\MULTIPEDIAV2.0) (Version:  - )

MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version:  - )

NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )

NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )

OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)

Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)

PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )

Personal License Update Wizard for Windows Media Player (HKLM\...\drmtool.inf) (Version:  - )

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)

plankton (HKLM\...\plankton.scr) (Version:  - )

Plus! MP3 Audio Converter LE (HKLM\...\audcle) (Version:  - )

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )

QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)

QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )

RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )

Rollerbot (HKLM\...\{18CF36E6-6B05-48E3-973C-6CAB1AD0728F}) (Version:  - )

Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.635.0 - Roxio, Inc.)

Serif 3DPlus 1.0 (HKLM\...\Serif 3DPlus 1.0) (Version:  - )

Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )

Serif DrawPlus 4.0 Design CD-ROM (HKLM\...\Serif DrawPlus 4.0 Design CD-ROM) (Version:  - )

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Shockwave (HKLM\...\Shockwave) (Version:  - )

SmartDraw 6 (HKCU\...\SmartDraw 6) (Version:  - )

Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version:  - )

Sync Client 1.40.498.0 (release) (Version: 1.40.498.0 - F-Secure Corporation) Hidden

Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)

Ulead Photo Express 2.0 SE (HKLM\...\Ulead Photo Express 2.0 SE) (Version:  - )

Ulead VideoStudio 6 SE DVD (HKLM\...\{5404E185-BD7C-4A72-ABD0-91A411A05726}) (Version:  - Ulead Systems, Inc.)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

USB Card Reader (HKLM\...\USB Card Reader V1.10) (Version:  - )

UsbFix (HKLM\...\Usbfix) (Version: 7.154 - El Desaparecido - www.usbfix.net - www.sosvirus.net)

VideoCacheView (HKLM\...\VideoCacheView) (Version: 1.00 - NirSoft)

WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden

WebPainter for Win32 Version 1.0 (HKLM\...\WebPainterWin32V1.0) (Version:  - )

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Media Bonus Pack for Windows XP (HKLM\...\WMBK2) (Version:  - )

Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden

Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )

Windows Media Player Playlist Import to Excel Wizard (HKLM\...\mpxlswiz.inf) (Version:  - )

Windows Media Player Skin Importer (HKLM\...\wa2wmp) (Version:  - )

Windows Media Player Tray Control (HKLM\...\mpxptray.inf) (Version:  - )

Windows Movie Maker 2.0 (Version: 2.0.0000 - Microsoft Corporation) Hidden

Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

Windows XP Winter Fun Pack for Windows Movie Maker 2 (HKLM\...\{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}) (Version: 1.00.0000 - Microsoft Corporation)

Xara Webstyle 3.0 (HKLM\...\{954619BB-D48B-4B20-9BE7-06FBE5E69768}) (Version:  - )

ZD Soft Screen Recorder (HKLM\...\ZD Soft Screen Recorder) (Version: 2.6 - )

ZD Soft Screen Video Decoder (HKLM\...\ZDSV) (Version:  - )

ZD Soft Video Recorder (HKLM\...\ZD Soft Video Recorder) (Version: 2.1 - )

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2002-08-29 06:00 - 2014-01-20 20:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-27 19:44 - 2014-04-27 16:18 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042701\algo.dll

2003-03-13 12:36 - 2003-03-13 12:36 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: MAC Bridge Miniport

Description: MAC Bridge Miniport

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: BridgeMP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/21/2014 01:20:43 AM) (Source: Application Hang) (User: )

Description: Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (04/07/2014 11:35:16 PM) (Source: Application Error) (User: )

Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23569, fault address 0x0014c563.

Processing media-specific event for [iexplore.exe!ws!]

 

Error: (04/05/2014 01:09:07 AM) (Source: Application Error) (User: )

Description: Faulting application paint shop pro.exe, version 8.0.0.0, faulting module jascbrowser.dll, version 8.0.0.0, fault address 0x00017ba3.

Processing media-specific event for [paint shop pro.exe!ws!]

 

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/30/2014 04:38:31 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/30/2014 04:33:21 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

System errors:

=============

Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

aswRvrt

aswSnx

aswTdi

aswVmm

 

Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )

Description: The Java Quick Starter service failed to start due to the following error:

%%3

 

Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

 

Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

 

Error: (04/27/2014 10:53:38 AM) (Source: Dhcp) (User: )

Description: The IP address lease 192.168.1.2 for the Network Card with network address 001B9E2729B7 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

Error: (04/27/2014 10:53:28 AM) (Source: 0) (User: )

Description: C:

 

Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

aswRvrt

aswSnx

aswTdi

aswVmm

 

Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )

Description: The Java Quick Starter service failed to start due to the following error:

%%3

 

Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

 

Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (04/21/2014 01:20:43 AM) (Source: Application Hang)(User: )

Description: WINWORD.EXE10.0.2627.0hungapp0.0.0.000000000

 

Error: (04/07/2014 11:35:16 PM) (Source: Application Error)(User: )

Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235690014c563

 

Error: (04/05/2014 01:09:07 AM) (Source: Application Error)(User: )

Description: paint shop pro.exe8.0.0.0jascbrowser.dll8.0.0.000017ba3

 

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/30/2014 04:38:31 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/30/2014 04:33:21 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 47%

Total physical RAM: 511 MB

Available physical RAM: 268.87 MB

Total Pagefile: 1246.32 MB

Available Pagefile: 997.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1949.08 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.75 GB) (Free:43.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 9DC96E9E)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

I have attempted to access ‘System Summary Information’, but I just keep getting a timer symbol.  I will keep trying and attach the file if / when I manage to access it.

 

Finally, I thought I would mention that a family member has recently received an email from my account (that was not sent by me).  It has my name in the ‘from’ box, my name as the ‘subject’ and the email itself just contains the following text:

 

http://www.promefarm.com/qdwbyig/qjckbsou.kxnabgjrwpbzhtfg

 

I have not visited the above website because I’m not sure what it is / if it is malicious.

 

There was no attachment on this particular email, although I know attachments have been sent out to various other contacts.

 

I thought I would include this information just incase it would be of help to you.

 

 

Many Thanks for your help, I look forward to hearing back from you :-)



#6 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 29 April 2014 - 05:26 AM

Hello Gary :-)
 
Thank you very much for taking the time to respond to my post and for your advice!
 
I have now followed your instructions.  The FRST results and Addition.txt are as follows:
 
FRST log report
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Lily (administrator) on D2DM8N0J on 27-04-2014 21:35:32
Running from C:\Documents and Settings\Lily\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode:
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
(Creative Technology Ltd) C:\WINDOWS\System32\CTsvcCDA.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\MsPMSPSv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\System32\NvCpl.dll [5058560 2003-10-06] (NVIDIA Corporation)
HKLM\...\Run: [OneTouch Monitor] => C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)
HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)
HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)
HKLM\...\Run: [PrinTray] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)
HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [684032 2002-10-02] (Roxio)
HKLM\...\Run: [btbb_wcm_McciTrayApp] => C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)
HKLM\...\Run: [PE2CKFNT SE] => C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [LXSUPMON] => C:\WINDOWS\System32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)
HKLM\...\Run: [DataCaching] => C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)
HKLM\...\Run: [CTDVDDet] => C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [45056 2002-09-30] (Creative Technology Ltd)
HKLM\...\Run: [Camera Detector] => C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\bc826726-391e-4b21-8487-ff4c6ac84382.exe /check [181136 2014-04-27] (AVAST Software)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Back] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Forward] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Stop] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Refresh] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Search] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_History] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Favorites] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Media] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Folders] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_MailNews] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Size] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Discussions] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_PrintPreview] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetConnectDisconnect] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0
SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default
FF Homepage: hxxp://uk.yahoo.com
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.10.835 - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1136 - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF Plugin: @real.com/nprpjplug;version=6.0.11.847 - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-02-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-16]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)
S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-31] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-31] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-31] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-31] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-31] ()
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2002-05-13] ()
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()
R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio)
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio)
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)
S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio)
R3 scrcap; C:\WINDOWS\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft)
R0 SMR322; C:\WINDOWS\System32\drivers\SMR322.SYS [98392 2013-06-14] (Symantec Corporation)
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
R3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
R3 vidcap; C:\WINDOWS\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft)
S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U3 TrueSight; \??\ [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-27 21:35 - 2014-04-27 21:35 - 00020330 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt
2014-04-15 13:35 - 2014-04-15 14:23 - 00040960 ___SH () C:\Documents and Settings\Lily\Desktop\Thumbs.db
2014-04-10 00:14 - 2014-04-10 00:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:52 - 2014-04-10 00:07 - 00016517 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 23:53 - 2014-04-10 00:15 - 00015639 _____ () C:\WINDOWS\KB2922229.log
2014-04-06 11:23 - 2014-04-27 10:53 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-06 11:23 - 2014-04-06 20:56 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== One Month Modified Files and Folders =======
 
2014-04-27 21:35 - 2014-04-27 21:35 - 00020330 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt
2014-04-27 21:34 - 2013-12-17 14:05 - 01049600 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe
2014-04-27 21:26 - 2013-06-12 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-27 21:08 - 2010-02-23 18:32 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 21:08 - 2010-02-23 18:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 15:09 - 2014-01-31 16:09 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-27 11:15 - 2005-01-16 18:47 - 01655878 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-27 10:54 - 2013-12-05 10:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-27 10:54 - 2013-12-05 10:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-27 10:53 - 2014-04-06 11:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-27 10:53 - 2003-02-19 13:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-27 03:09 - 2003-02-19 13:26 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-27 00:12 - 2003-02-19 13:24 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2014-04-24 22:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-04-24 22:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-04-24 22:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat
2014-04-24 22:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat
2014-04-24 22:33 - 2003-03-06 16:44 - 00000278 ___SH () C:\Documents and Settings\Lily\NTUSER.INI
2014-04-19 05:21 - 2003-05-04 23:47 - 00000550 _____ () C:\WINDOWS\ULEAD32.INI
2014-04-19 05:21 - 2003-03-06 16:59 - 00000022 _____ () C:\WINDOWS\FLASHKSK.INI
2014-04-15 14:26 - 2014-03-26 02:09 - 00096777 _____ () C:\Documents and Settings\Lily\Desktop\pspbrwse.jbf
2014-04-15 14:26 - 2003-03-06 16:44 - 00000000 ____D () C:\Documents and Settings\Lily
2014-04-15 14:23 - 2014-04-15 13:35 - 00040960 ___SH () C:\Documents and Settings\Lily\Desktop\Thumbs.db
2014-04-15 14:13 - 2014-01-15 14:30 - 00002619 _____ () C:\Documents and Settings\Lily\Desktop\Jasc Paint Shop Pro 8.lnk
2014-04-15 14:13 - 2003-09-16 00:04 - 00000000 ____D () C:\Documents and Settings\Lily\My Documents\My PSP8 Files
2014-04-15 13:35 - 2014-03-15 00:52 - 00000000 ____D () C:\Documents and Settings\Lily\Desktop\ Correspondance
2014-04-15 13:18 - 2003-03-08 17:01 - 00239616 _____ () C:\Documents and Settings\Lily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-10 00:15 - 2014-04-08 23:53 - 00015639 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 00:15 - 2013-12-13 13:33 - 00037230 _____ () C:\WINDOWS\setupapi.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00117466 _____ () C:\WINDOWS\FaxSetup.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00056164 _____ () C:\WINDOWS\ocgen.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00044821 _____ () C:\WINDOWS\tsoc.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00038398 _____ () C:\WINDOWS\comsetup.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00023673 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00018719 _____ () C:\WINDOWS\iis6.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00006498 _____ () C:\WINDOWS\ocmsn.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00005871 _____ () C:\WINDOWS\msgsocm.log
2014-04-10 00:15 - 2013-12-13 13:32 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-10 00:14 - 2014-04-10 00:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 00:07 - 2014-04-09 23:52 - 00016517 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 00:07 - 2002-09-03 10:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-10 00:03 - 2013-12-13 14:09 - 00015813 _____ () C:\WINDOWS\updspapi.log
2014-04-10 00:00 - 2009-07-25 21:37 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-06 20:56 - 2014-04-06 11:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-06 20:50 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF
2014-03-30 16:23 - 2003-02-19 13:25 - 00510150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\Documents and Settings\Lily\Application Data\dm.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Lily at 2014-04-27 21:36:53
Running from C:\Documents and Settings\Lily\Desktop
Boot Mode:
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
ACD FotoSlate 2.0.1 (HKLM\...\{3AE804DF-58A6-4C6C-9A01-B6E700420985}) (Version: 2.00.0001 - ACD Systems Ltd)
ACDSee for PENTAX 3.0 (HKLM\...\{92022F8E-2E55-4A16-88EB-B4778B35E942}) (Version: 9.0.34 - ACD Systems Ltd.)
Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Avery Wizard 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)
Avery Wizard 3.1 (Version: 3.1.0.2153 - Avery) Hidden
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
BitZipper 2010 (HKLM\...\BitZipper_is1) (Version:  - Bitberry Software)
BOB Books Version 1.5.0.4 (HKLM\...\BOB Books_is1) (Version:  - BOB Books Ltd.)
Bob Designer (HKLM\...\Bob Designer) (Version:  - )
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
BT Broadband Desktop Help (HKLM\...\btbb.MCCInstall) (Version:  - )
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version:  - BT)
BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.77.243.0 - F-Secure Corporation)
BT Cloud (Version: 1.77.243.0 - F-Secure Corporation) Hidden
BT Voyager 220V USB Driver (HKLM\...\{D35D2AB6-E86B-4A9A-92DB-88E9CE49D619}) (Version: 7.3 - British Telecom)
BT Wireless Connection Manager (HKLM\...\BT Wireless Connection Manager) (Version:  - )
BT Yahoo! Applications (HKLM\...\BT Yahoo! Applications) (Version:  - )
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version:  - )
CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden
Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )
Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.2.34 - Roxio Inc)
FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.53 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1698.5652 - Google Inc.)
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
HP Celebrations (HKLM\...\HP Celebrations) (Version:  - )
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Hypertron (HKLM\...\{392C2B49-A68F-4579-9CC9-A91AE756D143}) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)
Intense Language Office (HKLM\...\Intense Language Office) (Version:  - )
IS Express for C++Builder (HKLM\...\IS Express for C++Builder) (Version:  - )
Jasc Digital Camera Support v5.0 (HKLM\...\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}) (Version: 5.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Lexmark Photo Center (HKLM\...\InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}) (Version: 1.0 - Lexmark International)
Lexmark Photo Center (Version: 1.0 - Lexmark International) Hidden
Lexmark Supplies Monitor (HKLM\...\Lexmark Supplies Monitor) (Version:  - )
Lexmark Z65 (HKLM\...\Lexmark Z65) (Version:  - )
Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:  - )
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)
Macromedia Dreamweaver 3 (HKLM\...\Macromedia Dreamweaver 3) (Version: 3 - Macromedia)
Macromedia Flash 5 (HKLM\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)
Media Library Management Wizard (HKLM\...\mplibwiz.inf) (Version:  - )
Micrografx Windows Draw 6 Limited Edition (HKLM\...\WindowsDrawLE) (Version:  - )
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 (HKLM\...\MS-MPEG4) (Version:  - )
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.00.00.2239 - Microsoft Corporation)
Microsoft Plus! for Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.01.0732 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Movie Maker Background Music Files (HKLM\...\mmmusic) (Version:  - )
Movie Maker Sound Effects (HKLM\...\mmsounds) (Version:  - )
Movie Maker Title Images (HKLM\...\mmtitle) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MULTIPEDIA (HKLM\...\MULTIPEDIAV2.0) (Version:  - )
MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )
Personal License Update Wizard for Windows Media Player (HKLM\...\drmtool.inf) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
plankton (HKLM\...\plankton.scr) (Version:  - )
Plus! MP3 Audio Converter LE (HKLM\...\audcle) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )
RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )
Rollerbot (HKLM\...\{18CF36E6-6B05-48E3-973C-6CAB1AD0728F}) (Version:  - )
Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.635.0 - Roxio, Inc.)
Serif 3DPlus 1.0 (HKLM\...\Serif 3DPlus 1.0) (Version:  - )
Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )
Serif DrawPlus 4.0 Design CD-ROM (HKLM\...\Serif DrawPlus 4.0 Design CD-ROM) (Version:  - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SmartDraw 6 (HKCU\...\SmartDraw 6) (Version:  - )
Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version:  - )
Sync Client 1.40.498.0 (release) (Version: 1.40.498.0 - F-Secure Corporation) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
Ulead Photo Express 2.0 SE (HKLM\...\Ulead Photo Express 2.0 SE) (Version:  - )
Ulead VideoStudio 6 SE DVD (HKLM\...\{5404E185-BD7C-4A72-ABD0-91A411A05726}) (Version:  - Ulead Systems, Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB Card Reader (HKLM\...\USB Card Reader V1.10) (Version:  - )
UsbFix (HKLM\...\Usbfix) (Version: 7.154 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
VideoCacheView (HKLM\...\VideoCacheView) (Version: 1.00 - NirSoft)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebPainter for Win32 Version 1.0 (HKLM\...\WebPainterWin32V1.0) (Version:  - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Bonus Pack for Windows XP (HKLM\...\WMBK2) (Version:  - )
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Playlist Import to Excel Wizard (HKLM\...\mpxlswiz.inf) (Version:  - )
Windows Media Player Skin Importer (HKLM\...\wa2wmp) (Version:  - )
Windows Media Player Tray Control (HKLM\...\mpxptray.inf) (Version:  - )
Windows Movie Maker 2.0 (Version: 2.0.0000 - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windows XP Winter Fun Pack for Windows Movie Maker 2 (HKLM\...\{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}) (Version: 1.00.0000 - Microsoft Corporation)
Xara Webstyle 3.0 (HKLM\...\{954619BB-D48B-4B20-9BE7-06FBE5E69768}) (Version:  - )
ZD Soft Screen Recorder (HKLM\...\ZD Soft Screen Recorder) (Version: 2.6 - )
ZD Soft Screen Video Decoder (HKLM\...\ZDSV) (Version:  - )
ZD Soft Video Recorder (HKLM\...\ZD Soft Video Recorder) (Version: 2.1 - )
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2002-08-29 06:00 - 2014-01-20 20:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-27 19:44 - 2014-04-27 16:18 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042701\algo.dll
2003-03-13 12:36 - 2003-03-13 12:36 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: MAC Bridge Miniport
Description: MAC Bridge Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: BridgeMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/21/2014 01:20:43 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/07/2014 11:35:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23569, fault address 0x0014c563.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (04/05/2014 01:09:07 AM) (Source: Application Error) (User: )
Description: Faulting application paint shop pro.exe, version 8.0.0.0, faulting module jascbrowser.dll, version 8.0.0.0, fault address 0x00017ba3.
Processing media-specific event for [paint shop pro.exe!ws!]
 
Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 04:38:31 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 04:33:21 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswTdi
aswVmm
 
Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3
 
Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053
 
Error: (04/27/2014 10:54:28 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
 
Error: (04/27/2014 10:53:38 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001B9E2729B7 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (04/27/2014 10:53:28 AM) (Source: 0) (User: )
Description: C:
 
Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswTdi
aswVmm
 
Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3
 
Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053
 
Error: (04/27/2014 00:13:19 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (04/21/2014 01:20:43 AM) (Source: Application Hang)(User: )
Description: WINWORD.EXE10.0.2627.0hungapp0.0.0.000000000
 
Error: (04/07/2014 11:35:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235690014c563
 
Error: (04/05/2014 01:09:07 AM) (Source: Application Error)(User: )
Description: paint shop pro.exe8.0.0.0jascbrowser.dll8.0.0.000017ba3
 
Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/30/2014 04:38:31 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/30/2014 04:33:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
 
==================== Memory info ===========================
 
Percentage of memory in use: 47%
Total physical RAM: 511 MB
Available physical RAM: 268.87 MB
Total Pagefile: 1246.32 MB
Available Pagefile: 997.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.75 GB) (Free:43.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
I have attempted to access ‘System Summary Information’, but I just keep getting a timer symbol.  I will keep trying and attach the file if / when I manage to access it.
 
Finally, I thought I would mention that a family member has recently received an email from my account (that was not sent by me).  It has my name in the ‘from’ box, my name as the ‘subject’ and the email itself just contains the following text:

 



http://www.promefarm.com/qdwbyig/qjckbsou.kxnabgjrwpbzhtfg

 
I have not visited the above website because I’m not sure what it is / if it is malicious.
 
There was no attachment on this particular email, although I know attachments have been sent out to various other contacts.
 
I thought I would include this information just incase it would be of help to you.
 
 
Many Thanks for your help, I look forward to hearing back from you :-)

from you :-)


Edited by Oh My, 29 April 2014 - 01:15 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 29 April 2014 - 01:22 PM

Hi Lily,

Thank you for providing the additional information. Don't worry about the System Summary for now. Please run these programs for me.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached TDSSKiller zipped file
  • aswMBR information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 30 April 2014 - 07:18 PM

Hi again Gary :) 

 

Thank you for getting back to me so quickly! 

 

I have followed all of your further instructions. I firstly ran TDSS Killer as you advised.  I have attached the log report to my reply.

 

I then ran aswMBR.  The log report produced is as follows:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-04-30 00:56:49

-----------------------------

00:56:49.765    OS Version: Windows 5.1.2600 Service Pack 3

00:56:49.765    Number of processors: 1 586 0x207

00:56:49.765    ComputerName: D2DM8N0J  UserName: Lily

00:56:50.953    Initialize success

00:56:56.062    AVAST engine defs: 14042801

00:57:56.281    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

00:57:56.281    Disk 0 Vendor: ST3120023A 3.33 Size: 114473MB BusType: 3

00:57:56.421    Disk 0 MBR read successfully

00:57:56.421    Disk 0 MBR scan

00:57:56.421    Disk 0 Windows XP default MBR code

00:57:56.437    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       39 MB offset 63

00:57:56.437    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114431 MB offset 80325

00:57:56.453    Disk 0 scanning sectors +234436545

00:57:56.640    Disk 0 scanning C:\WINDOWS\system32\drivers

00:58:38.687    Service scanning

00:59:06.687    Modules scanning

00:59:23.796    Disk 0 trace - called modules:

00:59:23.828    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

00:59:24.343    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8378cab8]

00:59:24.343    3 CLASSPNP.SYS[f88b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x837dfb00]

00:59:25.140    AVAST engine scan C:\WINDOWS

00:59:45.671    AVAST engine scan C:\WINDOWS\system32

01:02:12.750    AVAST engine scan C:\WINDOWS\system32\drivers

01:02:55.750    AVAST engine scan C:\Documents and Settings\Lily

02:21:00.828    AVAST engine scan C:\Documents and Settings\All Users

02:23:12.890    Scan finished successfully

10:23:36.125    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lily\Desktop\MBR.dat"

10:23:36.218    The log file has been saved successfully to "C:\Documents and Settings\Lily\Desktop\aswMBR log.txt"

 

 

 

 

 

 

Many Thanks! :) 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 30 April 2014 - 10:36 PM

Hi Lily,

Those reports look fine. Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 03 May 2014 - 09:19 PM

Hi Gary,
 
Thank you once again for your help :)   I have now followed your further instructions. 
 
I downloaded and ran Farbar’s MiniToolBox and RogueKiller as you advised. 
 
For some reason my response would not post on the forum when I included the log reports (even though the reports are quite short).  As a result, I have used ‘pastebin’ to store the results and copied the links below so that you can see them.
 
MiniToolBox log report:
http://pastebin.com/JHSALR85
 
RogueKiller log report:
http://pastebin.com/kcSH61aY
 
Thanks again! :) 



MiniToolBox by Farbar Version: 23-01-2014
Ran by Lily (administrator) on 02-05-2014 at 01:07:55
Running from "C:\Documents and Settings\Lily\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode:
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

MAC Bridge Miniport = Network Bridge (Disconnected)
Voyager 220V USB Remote NDIS Device = Local Area Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : D2DM8N0J
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Voyager 220V USB Remote NDIS Device
Physical Address. . . . . . . . . : 00-1B-9E-27-29-B7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : 01 May 2014 23:59:10
Lease Expires . . . . . . . . . . : 02 May 2014 23:59:10
Server: voyager220v.home
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.34.66, 173.194.34.78, 173.194.34.72, 173.194.34.68
173.194.34.65, 173.194.34.67, 173.194.34.70, 173.194.34.64, 173.194.34.69
173.194.34.71, 173.194.34.73


Pinging google.com [173.194.34.66] with 32 bytes of data:

Reply from 173.194.34.66: bytes=32 time=38ms TTL=52
Reply from 173.194.34.66: bytes=32 time=40ms TTL=52

Ping statistics for 173.194.34.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 40ms, Average = 39ms
Server: voyager220v.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=165ms TTL=45
Reply from 98.138.253.109: bytes=32 time=219ms TTL=45

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 165ms, Maximum = 219ms, Average = 192ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1b 9e 27 29 b7 ...... Voyager 220V USB Remote NDIS Device - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 30
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 30
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 30
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/21/2014 01:20:43 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/07/2014 11:35:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23569, fault address 0x0014c563.
Processing media-specific event for [iexplore.exe!ws!]

Error: (04/05/2014 01:09:07 AM) (Source: Application Error) (User: )
Description: Faulting application paint shop pro.exe, version 8.0.0.0, faulting module jascbrowser.dll, version 8.0.0.0, fault address 0x00017ba3.
Processing media-specific event for [paint shop pro.exe!ws!]

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 04:38:31 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 04:33:21 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/02/2014 00:00:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswTdi
aswVmm

Error: (05/02/2014 00:00:15 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3

Error: (05/02/2014 00:00:15 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/02/2014 00:00:15 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (05/01/2014 00:27:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswTdi
aswVmm

Error: (05/01/2014 00:27:39 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3

Error: (05/01/2014 00:27:39 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/01/2014 00:27:39 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (05/01/2014 00:26:34 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001B9E2729B7 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/30/2014 00:36:39 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (04/21/2014 01:20:43 AM) (Source: Application Hang)(User: )
Description: WINWORD.EXE10.0.2627.0hungapp0.0.0.000000000

Error: (04/07/2014 11:35:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235690014c563

Error: (04/05/2014 01:09:07 AM) (Source: Application Error)(User: )
Description: paint shop pro.exe8.0.0.0jascbrowser.dll8.0.0.000017ba3

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/05/2014 01:08:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/30/2014 04:38:31 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/30/2014 04:33:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/28/2014 02:52:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


**** End of log ****



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in :
User : Lily [Admin rights]
Mode : Scan -- Date : 05/02/2014 01:17:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3120023A +++++
--- User ---
[MBR] 708866f52ec9c0a9b05ffacbb1c1a1a4
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 114431 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05022014_011701.txt >>

Edited by Oh My, 03 May 2014 - 09:21 PM.
Logs posted


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 03 May 2014 - 09:27 PM

Hi Lily,

That all looks fine as well. Can you tell me if other computers are using the same wireless router you use? If so, any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 04 May 2014 - 06:04 PM

Hi Gary,

 

Thank you for getting back to me.  I am glad that the reports look fine.  In response to your question, there are no other computers using the same wireless router.

 

While I am pleased to say that I have not received any 'Mail delivery failed' messages in the last couple of days, I am still at a loss as to how emails were sent (by someone else) from my account, especially when I have changed my password several times.  I was wondering if I could have a virus that records what I am typing (e.g. the new passwords I keep creating), but if this was the case, then surely this would have showed up on the log reports?

 

Many Thanks :) 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 05 May 2014 - 12:02 AM

Hi Lily,
 

if this was the case, then surely this would have showed up on the log reports?

Not necessarily at this point. There are still a couple of unexplored options. One it to reset your Router since that could have been compromised causing the issue. The other is to take a look at your computer before Windows has a chance to load. I would recommend doing both.

Please do these things for me.

===================================================

Router Reset

--------------------

Please read this: Malware Silently Alters Wireless Router Settings
Consult Router Passwords to find out what default username and password for your brand of router and make a note of that for future reference.

Now let's reset your router to its factory default settings.
  • Typically a reset can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)
  • In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
  • Fill in the password you have already found and you will get the configuration page.
  • Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
  • If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
  • Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
Please make sure of the following settings on your computer:
  • Click Start, Control panel, then double-click Network and Sharing Center.
  • In the left window select Manage Network Connection.
  • In the right window right-click Local Area Connection and select Properties .
  • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.
  • Click OK.
  • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you need to change any of these settings you will need to reboot your computer.
===================================================

Ubuntu MRB and Driver Report Using a USB

--------------
  • You will need a USB device with at least 2 GB of space. Warning: During this process all information will be removed from your USB device.
  • Download Ubuntu Live Ubuntu 12.04 LTS (either 64 or 32 bit) and save it to your desktop. This is a large file so allow it some time to download.
  • Download Pen Drive Linux's USB Installer and save it to your desktop
  • Double click the Universal-USB-Installer icon, select Run, then I Agree
  • On the dropdown list under Step 1 select Ubuntu 12.04 Desktop you downloaded to your desktop

create-usb-windows-1-12.png

  • Select the Browse button under Step 2, locate, and double click the Ubuntu file you downloaded to your desktop

create-usb-windows-2-12.png
create-usb-windows-3.png

  • Select your USB device under Step 3

create-usb-windows-4-12.png

  • Place a check mark in the Format (your USB drive letter, i.e E):\ Drive (Erases Content) box
  • Disregard Step 4
  • Click Create, then Yes
  • Once the process has completed click Close
  • Download udriver.sh to your USB device
  • With the USB device inserted into the infected computer restart your computer
  • If your computer does not automatically boot from the USB device please see here
  • Select Run from USB device
  • Please allow the program to automatically load to the Ubuntu desktop
  • Select English, then click Try Ubuntu
  • Click on the Dash Home icon located just underneath the Ubuntu Desktop title bar at the top
  • Type terminal in the search box then press Enter
  • A command prompt window will open
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

sudo dd if=/dev/sda of=mbr.txt bs=512 count=1

  • A mbr.txt file will be created in your Home folder
  • Type Exit then press Enter
  • Click on the Home Folder which is most likely the third icon down on the left
  • Under Devices please click the USB device (if that is not present remove the USB device and plug it back in)
  • Locate the udriver.sh icon listed in the USB contents window, right click, select Move to, then click Home
  • Close any open windows
  • Click the Dash Home icon (1st icon on left)
  • Select the Terminal icon
  • Type the following at the prompt and hit Enter

sudo bash udriver.sh

  • Wait until report.txt pops up or the command line indicates the search is finished. This can take a while, so please be patient!
  • The report.txt file will be located in the Home folder (same folder as mbr.txt)
  • Type the following at the prompt and hit Enter

sudo bash udriver.sh -af

  • You will be prompted to input a file name. Please type the following then press Enter:

Winlogon.exe

  • After the search is completed please type the following then press Enter:

volsnap.sys

  • After the search is completed please type the following then press Enter:

explorer.exe

  • After the search is completed please type the following then press Enter:

Userinit.exe

  • After the last search is complete please type Exit and press Enter
  • Click the Home Folder
  • Right click on filefind.txt, and select Send to...
  • Click the drop down list next to Send as:, select Removable disks and shares, click the USB device (may be there by default), then click Send
  • Repeat these steps for report.txt
  • Remove the USB device from your computer
  • In the upper right hand corner of your screen select the icon just to the right of the time
  • Click Shut down..., then Restart
  • Your computer should reboot into Windows
  • Insert the USB device back into your computer
  • Zip the report.txt file and attach it to your reply. Attach but do not zip the mbr.txt and filefind.txt files.
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Were you able to reset your router?
  • report.zip
  • mbr.txt
  • filefind.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 09 May 2014 - 11:02 AM

Hi Lily,

Are you still with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:36 AM

Posted 11 May 2014 - 04:18 PM

Hello Gary,

 

Yes, I am still with you - I'm so sorry for the delay in getting back to you, I have been ill for the past few days.

 

I will follow your latest instructions asap and post back as soon as I have completed them.

 

Many thanks :) 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users