Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'bluekai' virus / hijacked browser & email account?


  • Please log in to reply
16 replies to this topic

#1 Lily123

Lily123

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 07 September 2014 - 11:34 AM

Hi there,

 

I wondered if I could please ask for a little advice on the following:

 

Recently, while browsing online, I have noticed that my browser (IE) spontaneously closes.  A few seconds before this happens, the screen goes white and in the bottom left corner it says something like 'waiting for site: bluekai.com'.  I have googled 'blue kai' and I believe that this may be a virus.

 

Also, I have been experiencing problems with my email account (Yahoo Mail) for quite a number of months.  I posted on here a few months ago because my email account kept sending spam out to my contacts (these emails appeared to be from me, but I was NOT sending them).

 

A Bleeping Computer member very kindly talked me through what to do and this seemed to resolve the problem for a while, but the spam emails are being sent again (despite changing my password several times).

 

I am not sure if the browser issue and the issue with my email account are connected.  Any advice would be enormously appreciated.

 

Thank you



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 10 September 2014 - 05:31 PM

Hi Lily123

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

Let's have a look and see if FRST throws up any reason for these problems.


Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 11 September 2014 - 11:35 AM

Hello there,

 

Thank you very much for responding to my post – I really appreciate it!

 

I have followed your instructions.  The log reports are as follows:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014

Ran by Lily (administrator) on D2DM8N0J on 11-09-2014 17:16:40

Running from C:\Documents and Settings\Lily\Desktop

Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode:

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKLM\...\Run: [OneTouch Monitor] => C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)

HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)

HKLM\...\Run: [PrinTray] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)

HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [684032 2002-10-02] (Roxio)

HKLM\...\Run: [btbb_wcm_McciTrayApp] => C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)

HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)

HKLM\...\Run: [PE2CKFNT SE] => C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [LXSUPMON] => C:\WINDOWS\System32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)

HKLM\...\Run: [DataCaching] => C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )

HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)

HKLM\...\Run: [CTDVDDet] => C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [45056 2002-09-30] (Creative Technology Ltd)

HKLM\...\Run: [Camera Detector] => C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)

HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-08] (Apple Inc.)

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!

HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [SophosVirusRemovalTool] => C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [1167656 2014-04-30] (Sophos Limited)

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Back] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Forward] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Stop] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Refresh] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Home] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Search] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_History] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Favorites] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Media] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Folders] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Fullscreen] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Tools] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_MailNews] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Size] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Print] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Edit] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Discussions] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Cut] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Copy] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Paste] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Encoding] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_PrintPreview] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetHood] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoFileMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetConnectDisconnect] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: FSSyncErrorIcon -> {1F872D95-A1C0-452C-9662-08739211EC04} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

ShellIconOverlayIdentifiers: FSSyncOkIcon -> {164AD5E4-2B93-4FB0-8AE3-8F922BAA186B} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

ShellIconOverlayIdentifiers: FSSyncProgressingConnectingIcon -> {935591D8-7EF8-4147-80D8-C80AB6E964DF} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default

FF Homepage: hxxp://uk.yahoo.com

FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-02-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-16]

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-13]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-31]

FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-18]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)

R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]

R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation) [File not signed]

R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]

S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-06] ()

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)

S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()

S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)

S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)

S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()

R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)

S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2002-05-13] () [File not signed]

R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio) [File not signed]

R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio) [File not signed]

R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio) [File not signed]

S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()

R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio) [File not signed]

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)

R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)

S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)

S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)

S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)

S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)

S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)

S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)

S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)

S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)

S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)

S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)

S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio) [File not signed]

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.) [File not signed]

S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation) [File not signed]

R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell Computer Corporation) [File not signed]

S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)

R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.) [File not signed]

R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.) [File not signed]

R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio) [File not signed]

R3 scrcap; C:\WINDOWS\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft) [File not signed]

R0 SMR322; C:\WINDOWS\System32\drivers\SMR322.SYS [98392 2013-06-14] (Symantec Corporation)

R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio) [File not signed]

S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

R3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)

R3 vidcap; C:\WINDOWS\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft) [File not signed]

S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-11 17:16 - 2014-09-11 17:17 - 00023555 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-09-11 17:16 - 2014-09-11 17:16 - 01097728 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-11 17:17 - 2014-09-11 17:16 - 00023555 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-09-11 17:17 - 2014-06-27 15:49 - 00000000 ____D () C:\Documents and Settings\Lily\Local Settings\temp

2014-09-11 17:16 - 2014-09-11 17:16 - 01097728 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2014-09-11 17:16 - 2013-07-03 12:06 - 00000000 ____D () C:\FRST

2014-09-11 17:08 - 2010-02-23 18:32 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-11 16:46 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

2014-09-11 16:46 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.BAK

2014-09-11 16:26 - 2013-06-12 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-09-11 15:48 - 2003-02-19 12:56 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM

2014-09-11 15:36 - 2005-01-16 18:47 - 01209963 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-11 15:29 - 2014-01-31 16:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-09-11 15:26 - 2014-04-06 11:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-09-11 15:26 - 2013-12-05 10:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-09-11 15:26 - 2013-12-05 10:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-09-11 15:26 - 2010-02-23 18:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-11 15:26 - 2003-02-19 13:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-10 18:37 - 2013-06-12 16:04 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-09-10 18:37 - 2011-06-23 00:52 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-09-10 17:08 - 2003-02-19 13:26 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt

2014-09-08 21:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm

2014-09-08 21:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm

2014-09-08 21:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-09-08 21:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-09-08 21:33 - 2003-03-06 16:44 - 00000278 ___SH () C:\Documents and Settings\Lily\NTUSER.INI

2014-09-08 15:48 - 2014-04-06 11:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-09-07 06:50 - 2003-02-19 13:24 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL

2014-08-31 07:50 - 2011-09-24 20:19 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

 

 

 

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014

Ran by Lily at 2014-09-11 17:18:40

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACD FotoSlate 2.0.1 (HKLM\...\{3AE804DF-58A6-4C6C-9A01-B6E700420985}) (Version: 2.00.0001 - ACD Systems Ltd)

ACDSee for PENTAX 3.0 (HKLM\...\{92022F8E-2E55-4A16-88EB-B4778B35E942}) (Version: 9.0.34 - ACD Systems Ltd.)

Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)

Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden

Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)

Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)

Avery Wizard 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)

Avery Wizard 3.1 (Version: 3.1.0.2153 - Avery) Hidden

B57Inst (Version: 3.40 - Broadcom) Hidden

BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )

Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden

BitZipper 2010 (HKLM\...\BitZipper_is1) (Version:  - Bitberry Software)

BOB Books Version 1.5.0.4 (HKLM\...\BOB Books_is1) (Version:  - BOB Books Ltd.)

Bob Designer (HKLM\...\Bob Designer) (Version:  - )

Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)

BT Broadband Desktop Help (HKLM\...\btbb.MCCInstall) (Version:  - )

BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version:  - BT)

BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.77.243.0 - F-Secure Corporation)

BT Cloud (Version: 1.77.243.0 - F-Secure Corporation) Hidden

BT Voyager 220V USB Driver (HKLM\...\{D35D2AB6-E86B-4A9A-92DB-88E9CE49D619}) (Version: 7.3 - British Telecom)

BT Wireless Connection Manager (HKLM\...\BT Wireless Connection Manager) (Version:  - )

BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version:  - )

CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden

Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)

Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )

Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)

Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)

Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)

DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)

Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.2.34 - Roxio Inc)

FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)

Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.21.53 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.1698.5652 - Google Inc.)

Help and Support Customization (Version: 1.00.0000 - Dell) Hidden

HP Celebrations (HKLM\...\HP Celebrations) (Version:  - )

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)

HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)

HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

Hypertron (HKLM\...\{392C2B49-A68F-4579-9CC9-A91AE756D143}) (Version:  - )

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)

Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )

Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)

Intense Language Office (HKLM\...\Intense Language Office) (Version:  - )

IS Express for C++Builder (HKLM\...\IS Express for C++Builder) (Version:  - )

Jasc Digital Camera Support v5.0 (HKLM\...\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}) (Version: 5.00.0000 - Jasc Software Inc)

Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)

Lexmark Photo Center (HKLM\...\InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}) (Version: 1.0 - Lexmark International)

Lexmark Photo Center (Version: 1.0 - Lexmark International) Hidden

Lexmark Supplies Monitor (HKLM\...\Lexmark Supplies Monitor) (Version:  - )

Lexmark Z65 (HKLM\...\Lexmark Z65) (Version:  - )

Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:  - )

LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)

Macromedia Dreamweaver 3 (HKLM\...\Macromedia Dreamweaver 3) (Version: 3 - Macromedia)

Macromedia Flash 5 (HKLM\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)

Media Library Management Wizard (HKLM\...\mplibwiz.inf) (Version:  - )

Micrografx Windows Draw 6 Limited Edition (HKLM\...\WindowsDrawLE) (Version:  - )

Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden

Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )

Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft MPEG-4 VKI Video Codec V1/V2/V3 (HKLM\...\MS-MPEG4) (Version:  - )

Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)

Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )

Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.00.00.2239 - Microsoft Corporation)

Microsoft Plus! for Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.01.0732 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)

Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )

Movie Maker Background Music Files (HKLM\...\mmmusic) (Version:  - )

Movie Maker Sound Effects (HKLM\...\mmsounds) (Version:  - )

Movie Maker Title Images (HKLM\...\mmtitle) (Version:  - )

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MULTIPEDIA (HKLM\...\MULTIPEDIAV2.0) (Version:  - )

MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version:  - )

NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )

NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )

OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)

Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)

PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )

Personal License Update Wizard for Windows Media Player (HKLM\...\drmtool.inf) (Version:  - )

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)

plankton (HKLM\...\plankton.scr) (Version:  - )

Plus! MP3 Audio Converter LE (HKLM\...\audcle) (Version:  - )

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )

QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)

QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )

RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )

Rollerbot (HKLM\...\{18CF36E6-6B05-48E3-973C-6CAB1AD0728F}) (Version:  - )

Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.635.0 - Roxio, Inc.)

Serif 3DPlus 1.0 (HKLM\...\Serif 3DPlus 1.0) (Version:  - )

Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )

Serif DrawPlus 4.0 Design CD-ROM (HKLM\...\Serif DrawPlus 4.0 Design CD-ROM) (Version:  - )

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Shockwave (HKLM\...\Shockwave) (Version:  - )

SmartDraw 6 (HKCU\...\SmartDraw 6) (Version:  - )

Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.1 - Sophos Limited)

Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version:  - )

Sync Client 1.40.498.0 (release) (Version: 1.40.498.0 - F-Secure Corporation) Hidden

Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)

Ulead Photo Express 2.0 SE (HKLM\...\Ulead Photo Express 2.0 SE) (Version:  - )

Ulead VideoStudio 6 SE DVD (HKLM\...\{5404E185-BD7C-4A72-ABD0-91A411A05726}) (Version:  - Ulead Systems, Inc.)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

USB Card Reader (HKLM\...\USB Card Reader V1.10) (Version:  - )

VideoCacheView (HKLM\...\VideoCacheView) (Version: 1.00 - NirSoft)

WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden

WebPainter for Win32 Version 1.0 (HKLM\...\WebPainterWin32V1.0) (Version:  - )

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Media Bonus Pack for Windows XP (HKLM\...\WMBK2) (Version:  - )

Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden

Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )

Windows Media Player Playlist Import to Excel Wizard (HKLM\...\mpxlswiz.inf) (Version:  - )

Windows Media Player Skin Importer (HKLM\...\wa2wmp) (Version:  - )

Windows Media Player Tray Control (HKLM\...\mpxptray.inf) (Version:  - )

Windows Movie Maker 2.0 (Version: 2.0.0000 - Microsoft Corporation) Hidden

Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

Windows XP Winter Fun Pack for Windows Movie Maker 2 (HKLM\...\{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}) (Version: 1.00.0000 - Microsoft Corporation)

Xara Webstyle 3.0 (HKLM\...\{954619BB-D48B-4B20-9BE7-06FBE5E69768}) (Version:  - )

ZD Soft Screen Recorder (HKLM\...\ZD Soft Screen Recorder) (Version: 2.6 - )

ZD Soft Screen Video Decoder (HKLM\...\ZDSV) (Version:  - )

ZD Soft Video Recorder (HKLM\...\ZD Soft Video Recorder) (Version: 2.1 - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{1641a647-23aa-4baa-b72b-c8982bb5113f}\InprocServer32 -> C:\DOCUME~1\Lily\LOCALS~1\Temp\mstmp. No File

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\InprocServer32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\System32\Msvbvm60.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2002-08-29 06:00 - 2014-01-20 20:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-02 03:09 - 2014-08-06 15:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-09-11 15:40 - 2014-09-11 15:40 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091100\algo.dll

2003-03-13 12:36 - 2003-03-13 12:36 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: MAC Bridge Miniport

Description: MAC Bridge Miniport

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: BridgeMP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/07/2014 08:59:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.

Processing media-specific event for [iexplore.exe!ws!]

 

 

System errors:

=============

Error: (09/11/2014 03:41:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:41:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

aswRvrt

aswSnx

aswTdi

aswVmm

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Java Quick Starter service failed to start due to the following error:

%%3

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

 

Microsoft Office Sessions:

=========================

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/07/2014 08:59:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

 

 

==================== Memory info ===========================

 

Processor:  Intel® Pentium® 4 CPU 2.80GHz

Percentage of memory in use: 92%

Total physical RAM: 511 MB

Available physical RAM: 39.03 MB

Total Pagefile: 1246.24 MB

Available Pagefile: 692.14 MB

Total Virtual: 2047.88 MB

Available Virtual: 1929.93 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.75 GB) (Free:41.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

Thank you



#4 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 11 September 2014 - 11:46 AM

Hello there,

 

Thank you very much for responding to my post – I really appreciate it!

 

I have followed your instructions.  The log reports are as follows:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014

Ran by Lily (administrator) on D2DM8N0J on 11-09-2014 17:16:40

Running from C:\Documents and Settings\Lily\Desktop

Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode:

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKLM\...\Run: [OneTouch Monitor] => C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-04-16] (Visioneer Inc)

HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\BTTotalBroadband220V\Help\SmartBridge\BTHelpNotifier.exe [462935 2006-02-06] (Motive)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [53248 2002-09-11] (Creative Technology Ltd)

HKLM\...\Run: [PrinTray] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)

HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [684032 2002-10-02] (Roxio)

HKLM\...\Run: [btbb_wcm_McciTrayApp] => C:\Program Files\btbb_wcm\McciTrayApp.exe [543232 2006-12-08] (Motive Communications, Inc.)

HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-03-06] (RealNetworks, Inc.)

HKLM\...\Run: [PE2CKFNT SE] => C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [LXSUPMON] => C:\WINDOWS\System32\LXSUPMON.EXE [886272 2002-09-30] (Lexmark International Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)

HKLM\...\Run: [DataCaching] => C:\Program Files\Data Caching\FlashKsk.exe [290816 2002-10-09] ( )

HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [24576 2002-09-03] (Creative Technology Ltd)

HKLM\...\Run: [CTDVDDet] => C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [45056 2002-09-30] (Creative Technology Ltd)

HKLM\...\Run: [Camera Detector] => C:\Program Files\ACD Systems\DevDetect\DevDetect.exe [196608 2002-10-08] (ACD Systems, Ltd.)

HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-08] (Apple Inc.)

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!

HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [SophosVirusRemovalTool] => C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [1167656 2014-04-30] (Sophos Limited)

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Back] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Forward] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Stop] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Refresh] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Home] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Search] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_History] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Favorites] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Media] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Folders] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Fullscreen] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Tools] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_MailNews] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Size] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Print] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Edit] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Discussions] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Cut] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Copy] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Paste] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_Encoding] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [Btn_PrintPreview] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetHood] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoFileMenu] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKU\S-1-5-21-2751949522-2880115294-1817265548-1006\...\Policies\Explorer: [NoNetConnectDisconnect] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

ShortcutTarget: BT Broadband Desktop Help.lnk -> C:\Program Files\BTTotalBroadband220V\Help\bin\matcli.exe (Motive Communications, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: FSSyncErrorIcon -> {1F872D95-A1C0-452C-9662-08739211EC04} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

ShellIconOverlayIdentifiers: FSSyncOkIcon -> {164AD5E4-2B93-4FB0-8AE3-8F922BAA186B} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

ShellIconOverlayIdentifiers: FSSyncProgressingConnectingIcon -> {935591D8-7EF8-4147-80D8-C80AB6E964DF} => C:\Program Files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll (F-Secure Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {2624CA7D-96CE-4F9C-86B2-1FC800A4516D} URL = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17043,0,8,0

SearchScopes: HKCU - {C37CDA7C-2F36-4485-A0B4-C677283E716E} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {CD23EF35-0E2D-4E4B-B5D8-648B41E93176} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

SearchScopes: HKCU - {F3D080AB-5ED9-4FC9-AEAE-0CA7580130C3} URL = http://www.flickr.com/search/?q={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default

FF Homepage: hxxp://uk.yahoo.com

FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)

FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-02-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-16]

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-13]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-31]

FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-18]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)

R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]

R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation) [File not signed]

R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]

S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-06] ()

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)

S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()

S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)

S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)

S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()

R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)

S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2002-05-13] () [File not signed]

R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2003-02-19] (Roxio) [File not signed]

R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2003-02-19] (Roxio) [File not signed]

R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [240640 2002-10-02] (Roxio) [File not signed]

S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [298384 2002-12-04] ()

R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25674 2002-10-02] (Roxio) [File not signed]

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [816576 2002-11-26] (Creative Technology Ltd)

R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [135728 2002-11-26] (Creative Technology Ltd)

S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)

S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)

S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)

S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)

S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)

S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)

S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)

S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)

S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)

S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)

S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30406 2002-10-02] (Roxio) [File not signed]

S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.) [File not signed]

S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation) [File not signed]

R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell Computer Corporation) [File not signed]

S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)

R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.) [File not signed]

R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10477 2002-10-09] (Creative Technology Ltd.) [File not signed]

R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [134426 2002-10-02] (Roxio) [File not signed]

R3 scrcap; C:\WINDOWS\System32\DRIVERS\scrcap.sys [9006 2006-12-27] (ZD Soft) [File not signed]

R0 SMR322; C:\WINDOWS\System32\drivers\SMR322.SYS [98392 2013-06-14] (Symantec Corporation)

R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2002-10-02] (Roxio) [File not signed]

S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)

R3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)

R3 vidcap; C:\WINDOWS\System32\DRIVERS\vidcap.sys [9006 2006-12-27] (ZD Soft) [File not signed]

S3 catchme; \??\C:\DOCUME~1\Lily\LOCALS~1\Temp\catchme.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-11 17:16 - 2014-09-11 17:17 - 00023555 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-09-11 17:16 - 2014-09-11 17:16 - 01097728 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-11 17:17 - 2014-09-11 17:16 - 00023555 _____ () C:\Documents and Settings\Lily\Desktop\FRST.txt

2014-09-11 17:17 - 2014-06-27 15:49 - 00000000 ____D () C:\Documents and Settings\Lily\Local Settings\temp

2014-09-11 17:16 - 2014-09-11 17:16 - 01097728 _____ (Farbar) C:\Documents and Settings\Lily\Desktop\FRST.exe

2014-09-11 17:16 - 2013-07-03 12:06 - 00000000 ____D () C:\FRST

2014-09-11 17:08 - 2010-02-23 18:32 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-11 16:46 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.CDF

2014-09-11 16:46 - 2003-02-19 13:43 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10031102}.BAK

2014-09-11 16:26 - 2013-06-12 16:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-09-11 15:48 - 2003-02-19 12:56 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM

2014-09-11 15:36 - 2005-01-16 18:47 - 01209963 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-11 15:29 - 2014-01-31 16:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-09-11 15:26 - 2014-04-06 11:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-09-11 15:26 - 2013-12-05 10:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-09-11 15:26 - 2013-12-05 10:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-09-11 15:26 - 2010-02-23 18:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-11 15:26 - 2003-02-19 13:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-10 18:37 - 2013-06-12 16:04 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-09-10 18:37 - 2011-06-23 00:52 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-09-10 17:08 - 2003-02-19 13:26 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt

2014-09-08 21:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm

2014-09-08 21:34 - 2003-02-19 13:51 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm

2014-09-08 21:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-09-08 21:34 - 2003-02-19 13:51 - 00000288 _____ () C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat

2014-09-08 21:33 - 2003-03-06 16:44 - 00000278 ___SH () C:\Documents and Settings\Lily\NTUSER.INI

2014-09-08 15:48 - 2014-04-06 11:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-09-07 06:50 - 2003-02-19 13:24 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL

2014-08-31 07:50 - 2011-09-24 20:19 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

 

 

 

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014

Ran by Lily at 2014-09-11 17:18:40

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACD FotoSlate 2.0.1 (HKLM\...\{3AE804DF-58A6-4C6C-9A01-B6E700420985}) (Version: 2.00.0001 - ACD Systems Ltd)

ACDSee for PENTAX 3.0 (HKLM\...\{92022F8E-2E55-4A16-88EB-B4778B35E942}) (Version: 9.0.34 - ACD Systems Ltd.)

Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)

Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden

Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)

Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)

Avery Wizard 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)

Avery Wizard 3.1 (Version: 3.1.0.2153 - Avery) Hidden

B57Inst (Version: 3.40 - Broadcom) Hidden

BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )

Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden

BitZipper 2010 (HKLM\...\BitZipper_is1) (Version:  - Bitberry Software)

BOB Books Version 1.5.0.4 (HKLM\...\BOB Books_is1) (Version:  - BOB Books Ltd.)

Bob Designer (HKLM\...\Bob Designer) (Version:  - )

Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)

BT Broadband Desktop Help (HKLM\...\btbb.MCCInstall) (Version:  - )

BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version:  - BT)

BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.77.243.0 - F-Secure Corporation)

BT Cloud (Version: 1.77.243.0 - F-Secure Corporation) Hidden

BT Voyager 220V USB Driver (HKLM\...\{D35D2AB6-E86B-4A9A-92DB-88E9CE49D619}) (Version: 7.3 - British Telecom)

BT Wireless Connection Manager (HKLM\...\BT Wireless Connection Manager) (Version:  - )

BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version:  - )

CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden

Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)

Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )

Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)

Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)

Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)

DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)

Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.2.34 - Roxio Inc)

FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)

Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.21.53 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.1698.5652 - Google Inc.)

Help and Support Customization (Version: 1.00.0000 - Dell) Hidden

HP Celebrations (HKLM\...\HP Celebrations) (Version:  - )

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)

HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)

HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

Hypertron (HKLM\...\{392C2B49-A68F-4579-9CC9-A91AE756D143}) (Version:  - )

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)

Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )

Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)

Intense Language Office (HKLM\...\Intense Language Office) (Version:  - )

IS Express for C++Builder (HKLM\...\IS Express for C++Builder) (Version:  - )

Jasc Digital Camera Support v5.0 (HKLM\...\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}) (Version: 5.00.0000 - Jasc Software Inc)

Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)

Lexmark Photo Center (HKLM\...\InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}) (Version: 1.0 - Lexmark International)

Lexmark Photo Center (Version: 1.0 - Lexmark International) Hidden

Lexmark Supplies Monitor (HKLM\...\Lexmark Supplies Monitor) (Version:  - )

Lexmark Z65 (HKLM\...\Lexmark Z65) (Version:  - )

Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:  - )

LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)

Macromedia Dreamweaver 3 (HKLM\...\Macromedia Dreamweaver 3) (Version: 3 - Macromedia)

Macromedia Flash 5 (HKLM\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)

Media Library Management Wizard (HKLM\...\mplibwiz.inf) (Version:  - )

Micrografx Windows Draw 6 Limited Edition (HKLM\...\WindowsDrawLE) (Version:  - )

Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden

Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )

Microsoft .NET Framework 1.0 Hotfix (KB928367) (HKLM\...\M928367) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft MPEG-4 VKI Video Codec V1/V2/V3 (HKLM\...\MS-MPEG4) (Version:  - )

Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)

Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )

Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.00.00.2239 - Microsoft Corporation)

Microsoft Plus! for Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.01.0732 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)

Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )

Movie Maker Background Music Files (HKLM\...\mmmusic) (Version:  - )

Movie Maker Sound Effects (HKLM\...\mmsounds) (Version:  - )

Movie Maker Title Images (HKLM\...\mmtitle) (Version:  - )

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MULTIPEDIA (HKLM\...\MULTIPEDIAV2.0) (Version:  - )

MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version:  - )

NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )

NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )

OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)

Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)

PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )

Personal License Update Wizard for Windows Media Player (HKLM\...\drmtool.inf) (Version:  - )

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)

plankton (HKLM\...\plankton.scr) (Version:  - )

Plus! MP3 Audio Converter LE (HKLM\...\audcle) (Version:  - )

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )

QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)

QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )

RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )

Rollerbot (HKLM\...\{18CF36E6-6B05-48E3-973C-6CAB1AD0728F}) (Version:  - )

Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.635.0 - Roxio, Inc.)

Serif 3DPlus 1.0 (HKLM\...\Serif 3DPlus 1.0) (Version:  - )

Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version:  - )

Serif DrawPlus 4.0 Design CD-ROM (HKLM\...\Serif DrawPlus 4.0 Design CD-ROM) (Version:  - )

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Shockwave (HKLM\...\Shockwave) (Version:  - )

SmartDraw 6 (HKCU\...\SmartDraw 6) (Version:  - )

Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.1 - Sophos Limited)

Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version:  - )

Sync Client 1.40.498.0 (release) (Version: 1.40.498.0 - F-Secure Corporation) Hidden

Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)

Ulead Photo Express 2.0 SE (HKLM\...\Ulead Photo Express 2.0 SE) (Version:  - )

Ulead VideoStudio 6 SE DVD (HKLM\...\{5404E185-BD7C-4A72-ABD0-91A411A05726}) (Version:  - Ulead Systems, Inc.)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

USB Card Reader (HKLM\...\USB Card Reader V1.10) (Version:  - )

VideoCacheView (HKLM\...\VideoCacheView) (Version: 1.00 - NirSoft)

WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden

WebPainter for Win32 Version 1.0 (HKLM\...\WebPainterWin32V1.0) (Version:  - )

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Media Bonus Pack for Windows XP (HKLM\...\WMBK2) (Version:  - )

Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden

Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )

Windows Media Player Playlist Import to Excel Wizard (HKLM\...\mpxlswiz.inf) (Version:  - )

Windows Media Player Skin Importer (HKLM\...\wa2wmp) (Version:  - )

Windows Media Player Tray Control (HKLM\...\mpxptray.inf) (Version:  - )

Windows Movie Maker 2.0 (Version: 2.0.0000 - Microsoft Corporation) Hidden

Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

Windows XP Winter Fun Pack for Windows Movie Maker 2 (HKLM\...\{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}) (Version: 1.00.0000 - Microsoft Corporation)

Xara Webstyle 3.0 (HKLM\...\{954619BB-D48B-4B20-9BE7-06FBE5E69768}) (Version:  - )

ZD Soft Screen Recorder (HKLM\...\ZD Soft Screen Recorder) (Version: 2.6 - )

ZD Soft Screen Video Decoder (HKLM\...\ZDSV) (Version:  - )

ZD Soft Video Recorder (HKLM\...\ZD Soft Video Recorder) (Version: 2.1 - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\System32\Mfc42.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{1641a647-23aa-4baa-b72b-c8982bb5113f}\InprocServer32 -> C:\DOCUME~1\Lily\LOCALS~1\Temp\mstmp. No File

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\InprocServer32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\System32\Msvbvm60.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2002-08-29 06:00 - 2014-01-20 20:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-02 03:09 - 2014-08-06 15:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-09-11 15:40 - 2014-09-11 15:40 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091100\algo.dll

2003-03-13 12:36 - 2003-03-13 12:36 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: MAC Bridge Miniport

Description: MAC Bridge Miniport

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: BridgeMP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/07/2014 08:59:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.

Processing media-specific event for [iexplore.exe!ws!]

 

 

System errors:

=============

Error: (09/11/2014 03:41:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:41:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

Error: (09/11/2014 03:27:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

aswRvrt

aswSnx

aswTdi

aswVmm

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Java Quick Starter service failed to start due to the following error:

%%3

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

 

Error: (09/11/2014 03:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%317

 

 

Microsoft Office Sessions:

=========================

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/08/2014 08:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (09/07/2014 08:59:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

 

 

==================== Memory info ===========================

 

Processor:  Intel® Pentium® 4 CPU 2.80GHz

Percentage of memory in use: 92%

Total physical RAM: 511 MB

Available physical RAM: 39.03 MB

Total Pagefile: 1246.24 MB

Available Pagefile: 692.14 MB

Total Virtual: 2047.88 MB

Available Virtual: 1929.93 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.75 GB) (Free:41.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

Thank you



#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 11 September 2014 - 04:45 PM

Hi Lily,
 

Percentage of memory in use: 92%
Total physical RAM: 511 MB
Available physical RAM: 39.03 MB

This will always be a problem for your system.
511MB of Ram just isn't enough to run Win XP any more.
Before SP3 came out, it would run reasonably well.... after SP3, the amount of Ram needed increased.
You should really have double that now for XP to function correctly.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
    I recommend that you UNtick this option.
  • Click Finish
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
In your next reply, please submit:
Fixlog.txt
MBAM scan report


Thanks.

Attached Files


BBPP6nz.png


#6 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 12 September 2014 - 04:27 AM

Hello again,

 

Thank you for taking the time to look over the FRST log report and for your further advice.

 

I agree with your comment that 511MB of RAM isn’t enough – my computer is extremely slow and I’m hoping to switch to another system shortly.

 

I downloaded fixlist.txt and re-run FRST.  While running the program, I got the following error messages:

 

“Farbar Recovery Scan Tool: FRST.exe – Corrupt File.

The file or directory

\DOCUME~1\Lily\LOCALS~1\APPLIC~1\MICROS~1\INTERN~1\Recovery\LASTAC~1\{2D46AD86-F8DC-11E3-A21C-001B9E2729B7}.dat

is corrupt and unreadable.

Please run the Chkdsk utility”

 

 

 

“Farbar Recovery Scan Tool: FRST.exe – Corrupt File.

The file or directory

C:\$Mft is corrupt and unreadable.

Please run the Chkdsk utility”

 

Here is fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014

Ran by Lily at 2014-09-12 08:24:33 Run:9

Running from C:\Documents and Settings\Lily\Desktop

Boot Mode:

 

==============================================

 

Content of fixlist:

*****************

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!

FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-18]

CustomCLSID: HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{1641a647-23aa-4baa-b72b-c8982bb5113f}\InprocServer32 -> C:\DOCUME~1\Lily\LOCALS~1\Temp\mstmp. No File

Hosts:

CMD: ipconfig /flushdns

EmptyTemp:

 

 

 

 

 

 

*****************

 

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.

C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found.

C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\./0123456789:;<=>?@ABCDEFGHIJKLM" => Key deleted successfully.

C:\Documents and Settings\Lily\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ => Moved successfully.

"HKU\S-1-5-21-2751949522-2880115294-1817265548-1006_Classes\CLSID\{1641a647-23aa-4baa-b72b-c8982bb5113f}" => Key deleted successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

=========  ipconfig /flushdns =========

 

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 488.9 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

 

 

 

After rebooting, I then downloaded and ran MBAM. 

Here is the MBAM log report:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/09/2014

Scan Time: 09:46:32

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.12.02

Rootkit Database: v2014.09.10.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Lily

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 434021

Time Elapsed: 19 min, 19 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.Simppull.A, HKLM\SOFTWARE\CLASSES\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}, Quarantined, [caf8ad3fa0db2f07a10b3b46f50dbf41],

PUP.Optional.Simppull.A, HKU\S-1-5-21-2751949522-2880115294-1817265548-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{627AF46B-2076-42AE-A2FD-8428734D3E74}, Quarantined, [caf8ad3fa0db2f07a10b3b46f50dbf41],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

I quarantined the 2 detected threats found by MBAM.

 

Thanks again



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 12 September 2014 - 09:37 AM

Hi Lily,

C:\$Mft is corrupt and unreadable.
Please run the Chkdsk utility”

Ok, let's run that first and then we'll see if there's any more PuP's on the system.

Step 1
  • Click Start >> Computer
  • Right click on your main drive (usually 'C')
  • Select Properties
  • Click on the Tools tab
  • Under Error Checking.. Click Check Now
  • Tick the options that you require ( Please tick both options )
  • Click Start
  • On the screen that comes up.. Click Yes then OK
  • Now restart your computer.
Note: Be patient. Analyzing the drive can be a lengthy process



Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
In your next reply, please submit:
JRT.txt
AdwCleaner report
and let me know if there was any problem running the Chkdsk utility.


Thanks.

BBPP6nz.png


#8 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 13 September 2014 - 02:35 PM

Hi there

 

Sorry for the delay in posting back – running Chkdsk took longer than expected (about 8 hours and I ran it twice).

 

As far as I am aware, there was no problem while Chkdsk was running, but when it had finished running, Windows loaded but all of my desktop icons, start button etc. disappeared (there was just my desktop wallpaper visible).  As a result, I had to hold down CTRL, ALT, DEL to try and shut down the computer.  When I did this, a blue screen appeared with the error message:

 

“STOP: c000021a Unknown Hard Error

Unknown Hard Error”

 

I then had to force a reboot.  The computer rebooted okay.

 

I tried running Chkdsk again and the same happened.

 

I then ran the Junkware Removal Tool.  Here is the log report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by Lily on 13/09/2014 at 18:36:52.04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13/09/2014 at 18:45:26.23

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I then run AdwCleaner.  Here is the log report:

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 20:12:05

# Updated 12/09/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Lily - D2DM8N0J

# Running from : C:\Documents and Settings\Lily\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found : C:\Documents and Settings\Lily\Application Data\GrabPro

Folder Found : C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\adawarebp

Key Found : HKCU\Software\Bitberry

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Found : HKLM\SOFTWARE\Uniblue

Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Documents and Settings\Lily\Application Data\Mozilla\Firefox\Profiles\l86ltxuc.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R1].txt - [2037 octets] - [13/09/2014 20:12:05]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2097 octets] ##########

 

 

 

Many Thanks



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 14 September 2014 - 03:14 AM

Hi Lily,

running Chkdsk took longer than expected (about 8 hours and I ran it twice)

Running Chkdsk on XP is not a quick thing.
It obviously runs faster on newer systems.

“STOP: c000021a Unknown Hard Error
Unknown Hard Error”

This could very well be like looking for a needle in a haystack.
There are numerous causes for this.
Software/Hardware conflict, corrupt registry, incorrect drivers etc.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.
Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

BBPP6nz.png


#10 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 15 September 2014 - 01:39 AM

Hi there,

 

Thank you for your further advice.  I downloaded Combofix, renamed it, saved it to desktop and then ran it.

 

Here is the log report:

 

ComboFix 14-09-14.01 - Lily 15/09/2014   4:40.17.1 - x86 DSREPAIR

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.85 [GMT 1:00]

Running from: c:\documents and settings\Lily\Desktop\flower.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((   Files Created from 2014-08-15 to 2014-09-15  )))))))))))))))))))))))))))))))

.

.

2014-09-13 19:12 . 2014-09-13 19:15            --------     d-----w-   C:\AdwCleaner

2014-09-12 18:01 . 2014-09-12 18:01            --------     d-----w-   C:\found.000

2014-09-12 08:37 . 2014-09-12 09:20            110296  ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-09-12 08:36 . 2014-09-12 08:36            --------     d-----w-   c:\program files\Malwarebytes Anti-Malware

2014-09-12 08:36 . 2014-05-12 06:26            53208    ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys

2014-09-12 08:36 . 2014-05-12 06:25            23256    ----a-w-   c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-12 20:38 . 2013-06-12 15:04            701104  ----a-w-   c:\windows\system32\FlashPlayerApp.exe

2014-09-12 20:38 . 2011-06-22 23:52            71344    ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl

2014-08-06 14:19 . 2014-01-31 15:08            414520  ----a-w-   c:\windows\system32\drivers\aswsp.sys

2014-08-06 14:18 . 2014-01-31 15:08            57800    ----a-w-   c:\windows\system32\drivers\aswTdi.sys

2014-08-06 14:18 . 2014-01-31 15:08            192352  ----a-w-   c:\windows\system32\drivers\aswVmm.sys

2014-08-06 14:18 . 2014-08-06 14:18            24184    ----a-w-   c:\windows\system32\drivers\aswHwid.sys

2014-08-06 14:18 . 2014-01-31 15:08            779536  ----a-w-   c:\windows\system32\drivers\aswSnx.sys

2014-08-06 14:18 . 2014-01-31 15:08            67824    ----a-w-   c:\windows\system32\drivers\aswmonflt.sys

2014-08-06 14:18 . 2014-01-31 15:08            49944    ----a-w-   c:\windows\system32\drivers\aswRvrt.sys

2014-08-06 14:18 . 2014-01-31 15:08            55112    ----a-w-   c:\windows\system32\drivers\aswRdr.sys

2014-08-06 14:18 . 2014-08-06 14:18            43152    ----a-w-   c:\windows\avastSS.scr

2014-08-06 14:18 . 2014-01-31 15:08            276432  ----a-w-   c:\windows\system32\aswBoot.exe

2014-06-28 10:57 . 2014-06-28 10:57            73728    ----a-r-    c:\documents and settings\Lily\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2014-06-28 10:57 . 2014-06-28 10:57            73728    ----a-r-    c:\documents and settings\Lily\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2014-06-28 10:57 . 2014-06-28 10:57            73728    ----a-r-    c:\documents and settings\Lily\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-08-06 14:18               578240  ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncErrorIcon]

@="{1F872D95-A1C0-452C-9662-08739211EC04}"

[HKEY_CLASSES_ROOT\CLSID\{1F872D95-A1C0-452C-9662-08739211EC04}]

2013-03-07 09:32               601024  ----a-w-   c:\program files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncOkIcon]

@="{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}"

[HKEY_CLASSES_ROOT\CLSID\{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}]

2013-03-07 09:32               601024  ----a-w-   c:\program files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncProgressingConnectingIcon]

@="{935591D8-7EF8-4147-80D8-C80AB6E964DF}"

[HKEY_CLASSES_ROOT\CLSID\{935591D8-7EF8-4147-80D8-C80AB6E964DF}]

2013-03-07 09:32               601024  ----a-w-   c:\program files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]

"Motive SmartBridge"="c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-10 36864]

"F-Secure Hoster (47188)"="c:\program files\BT Cloud\fshoster32.exe" [2013-01-18 188400]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 684032]

"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-03-06 151597]

"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]

"nwiz"="nwiz.exe" [2003-10-06 741376]

"LXSUPMON"="c:\windows\System32\LXSUPMON.EXE" [2002-09-30 886272]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]

"DataCaching"="c:\progra~1\DATACA~1\FLashKsk.exe" [2002-10-09 290816]

"CTHelper"="CTHELPER.EXE" [2002-09-03 24576]

"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BT Broadband Desktop Help.lnk - c:\program files\BTTotalBroadband220V\Help\bin\matcli.exe -boot [2014-1-5 217088]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-19 45056]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2003-5-4 55296]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\SYSTEM32\DRIVERS\SMR322.SYS [14/06/2013 00:28 98392]

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswsp.sys [31/01/2014 16:08 414520]

R2 aswMonFlt;aswMonFlt;c:\windows\SYSTEM32\DRIVERS\aswmonflt.sys [31/01/2014 16:08 67824]

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [10/02/2012 11:28 193816]

R2 fshoster;F-Secure Dll Hoster;c:\program files\BT Cloud\fshoster32.exe [18/01/2013 11:06 188400]

R3 scrcap;scrcap;c:\windows\SYSTEM32\DRIVERS\scrcap.sys [27/12/2006 15:47 9006]

R3 vidcap;vidcap;c:\windows\SYSTEM32\DRIVERS\vidcap.sys [27/12/2006 15:47 9006]

S0 aswRvrt;avast! Revert;c:\windows\SYSTEM32\DRIVERS\aswRvrt.sys [31/01/2014 16:08 49944]

S0 aswVmm;avast! VM Monitor;c:\windows\SYSTEM32\DRIVERS\aswVmm.sys [31/01/2014 16:08 192352]

S1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [31/01/2014 16:08 779536]

S2 aswHwid;avast! HardwareID;c:\windows\SYSTEM32\DRIVERS\aswHwid.sys [06/08/2014 15:18 24184]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [10/02/2012 11:28 240408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 03:32               128512  ----a-w-   c:\windows\SYSTEM32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 20:38]

.

2014-09-14 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06 14:18]

.

2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 17:27]

.

2014-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 17:27]

.

2014-09-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-03-07 01:59]

.

2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-03-07 01:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://uk.yahoo.com/

mStart Page = about:blank

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-09-15 05:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\fshoster]

"ImagePath"="\"c:\program files\BT Cloud\fshoster32.exe\" -hosterid:0"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2751949522-2880115294-1817265548-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="2730edb2-5e5c-46f7-ad6f-f4463086a35c"

"AuthorizationCode"=""

"47188_AgentIdentifier"="2730edb2-5e5c-46f7-ad6f-f4463086a35c"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2336)

c:\windows\system32\WININET.dll

c:\program files\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

.

Completion time: 2014-09-15  05:14:02

ComboFix-quarantined-files.txt  2014-09-15 04:13

ComboFix2.txt  2014-06-27 14:48

.

Pre-Run: 44,672,692,224 bytes free

Post-Run: 44,492,988,416 bytes free

.

- - End Of File - - 1E8D960781D0924FF2E40A088B9E47DF

8F558EB6672622401DA993E1E865C861

 

 

 

Thanks again for all your help



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 15 September 2014 - 03:37 PM

Hi Lily,

That looks ok.
Are you still experiencing any problems?

BBPP6nz.png


#12 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 15 September 2014 - 04:44 PM

Hi there,

 

Thank you for looking over the Combofix log.  I'm glad that everything looks okay.

 

My browser has not spontaneously closed for a while and I have not had any spam messages sent from my email account in a few days.

 

Do you feel that these issues may be sorted now?

 

Many Thanks



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 16 September 2014 - 04:37 PM

Hi Lily,

Give the system another day or two and if still no problems, let me know and we'll finish off the cleaning process.

BBPP6nz.png


#14 Lily123

Lily123
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 22 September 2014 - 05:16 AM

Hi there,

 

Apologies for the delay in responding.  I have recently upgraded my broadband and since the upgrade have had no internet connection whatsoever (I'm posting on a library computer now).  Hopefully this problem will be resolved in the next couple of days.

 

When I have re-established a connection, I will post back to let you know whether I'm still having any problems regarding my email account / browser.

 

Thanks again for your help.



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:50 AM

Posted 23 September 2014 - 05:25 PM

Hi Lily,

When I have re-established a connection, I will post back to let you know whether I'm still having any problems regarding my email account / browser.

Ok thanks for letting me know.
Btw:
I'll be away on holiday from the 27th Sept - 8th Oct.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users