paul66h

Hi, Yes it looks like the problem is resolved. Thanks very much for guiding me through all the various clean up tools. I've downloaded Firefox and I'm using this now. I'll have a look to see if this computer could be upgraded to Windows 7. Once again thank you for all you help and advice. Best regards, Paul

I followed your instruction, didn't get any errors. Here is the ComboFix.txt log file: ComboFix 14-04-12.01 - Paul 16/04/2014 6:59.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1244 [GMT 1:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_VTOOLBARUPDATER18.0.5 -------\Service_vToolbarUpdater18.0.5 . . ((((((((((((((((((((((((( Files Created from 2014-03-16 to 2014-04-16 ))))))))))))))))))))))))))))))) . . 2014-04-13 16:48 . 2014-04-13 16:48 -------- d-----w- c:\program files\ESET 2014-04-13 16:29 . 2014-04-13 16:29 -------- d-----w- c:\windows\ERUNT 2014-04-13 15:08 . 2014-04-13 15:33 -------- d-----w- C:\AdwCleaner 2014-04-12 12:39 . 2014-04-14 19:22 -------- d-----w- C:\FRST 2014-03-30 10:06 . 2014-03-30 10:08 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-20 23:30 . 2013-12-09 14:58 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-03-11 17:53 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-11 17:53 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-19 21:46 . 2011-12-23 12:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432] "FBackup Scheduler"="c:\program files\Softland\FBackup 4\fbaSched.exe" [2012-09-12 2532232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464] "wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoAdminPage"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) "NoChangeStartMenu"= 00000000 "MaxRecentDocs"= 0 (0x0) "NoWinKey"= 0 (0x0) "NoNetConnextDisconnect"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoControlPanle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 149272] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 222520] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 27448] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/10/2013 03:34 108816] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120600] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 210712] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22808] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 15:58 42272] R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 20:39 340432] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/10/2013 03:34 157264] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/10/2013 03:34 230448] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [23/02/2014 22:22 3782672] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24/09/2013 02:33 348008] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 21:56 10448] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/10/2013 03:34 1444120] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 07:51 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 07:51 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 07:51 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 07:51 100224] S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 09:12 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:53] . 2014-04-11 c:\windows\Tasks\fba_General Backup.job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25] . 2014-04-11 c:\windows\Tasks\fba_Outlook Express Backup.job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25] . 2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57] . 2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-04-16 07:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(3452) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\PRISMSVR.EXE c:\windows\system32\Rundll32.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\program files\Dell Wireless\PRISMCFG.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2014-04-16 07:22:21 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-16 06:22 ComboFix2.txt 2014-04-15 20:13 . Pre-Run: 169,355,567,104 bytes free Post-Run: 169,245,585,408 bytes free . - - End Of File - - A648D83516519D33B9252495E13004B9 A03E065717CB65F3034AD33AD58B6BBA Best regards, Paul

I followed all your instruction and didn't encounter any errors. Here is the Combofix.txt log file: ComboFix 14-04-12.01 - Paul 15/04/2014 20:41:16.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1384 [GMT 1:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\windows\system32\Cache c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\192ecc15269d783a.fb c:\windows\system32\Cache\1d6d69772083fc7c.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\237bc3559711a902.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\5924fd01e764774f.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\e8bf9bd4dabc0613.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb . . ((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 ))))))))))))))))))))))))))))))) . . 2014-04-13 16:48 . 2014-04-13 16:48 -------- d-----w- c:\program files\ESET 2014-04-13 16:29 . 2014-04-13 16:29 -------- d-----w- c:\windows\ERUNT 2014-04-13 15:08 . 2014-04-13 15:33 -------- d-----w- C:\AdwCleaner 2014-04-12 12:39 . 2014-04-14 19:22 -------- d-----w- C:\FRST 2014-03-30 10:06 . 2014-03-30 10:08 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-20 23:30 . 2013-12-09 14:58 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-03-11 17:53 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-11 17:53 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-19 21:46 . 2011-12-23 12:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432] "FBackup Scheduler"="c:\program files\Softland\FBackup 4\fbaSched.exe" [2012-09-12 2532232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464] "wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoAdminPage"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) "NoChangeStartMenu"= 00000000 "MaxRecentDocs"= 0 (0x0) "NoWinKey"= 0 (0x0) "NoNetConnextDisconnect"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoControlPanle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 149272] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 222520] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 27448] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/10/2013 03:34 108816] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120600] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 210712] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22808] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 15:58 42272] R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 20:39 340432] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/10/2013 03:34 157264] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/10/2013 03:34 230448] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [23/02/2014 22:22 3782672] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24/09/2013 02:33 348008] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 21:56 10448] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/10/2013 03:34 1444120] S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [?] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 07:51 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 07:51 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 07:51 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 07:51 100224] S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 09:12 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:53] . 2014-04-11 c:\windows\Tasks\fba_General Backup.job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25] . 2014-04-11 c:\windows\Tasks\fba_Outlook Express Backup.job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25] . 2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57] . 2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-04-15 21:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(868) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(4340) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\windows\system32\MsPMSPSv.exe c:\windows\system32\PRISMSVR.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\Rundll32.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\program files\Dell Wireless\PRISMCFG.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2014-04-15 21:13:51 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-15 20:13 . Pre-Run: 168,636,637,184 bytes free Post-Run: 169,269,506,048 bytes free . - - End Of File - - A082FFEA846D6626B8592E761A05E45C A03E065717CB65F3034AD33AD58B6BBA Regards, Paul

Here are the logs from Security Check (checkup.txt), Farbar Recovery Scan Tool (Fixlog.txt) and Farbar Service Scanner (FSS.txt). I encounted one error when running the Security Check. The title of the pop up box was: "Autolt Error" and in the pop up was: Line -1: followed by: Error: Variable must be of type "Object". I clicked OK in the pop up box and the Security Check appeared to continue and prodiced the log file. Here is checkup.txt Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! AVG 2014 ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log`````````````````````` Here is Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014 Ran by Paul at 2014-04-14 20:22:48 Run:1 Running from C:\Documents and Settings\Paul\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Quote start Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk ShortcutTarget: vhh47tod.lnk -> C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp (Microsoft Corporation) S2 winmgmt; C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp [186441 2014-04-11] (Microsoft Corporation) Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk ShortcutTarget: vhh47tod.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp (No File) S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\2992199F9A\dot74hhv.cpp [X] URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.co...{language}&nt=1 BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File HO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06] S3 bvrp_pci; No ImagePath U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [X] 2014-04-11 16:07 - 2014-04-12 19:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A 2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job 2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08 end ***************** C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk => Moved successfully. C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp not found. winmgmt => Service restored successfully. C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk not found. C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp not found. winmgmt => Service restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} => Value not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C} => Key not found. HKCR\Wow6432Node\CLSID\{D20AAB8B-6887-40DB-B7B7-10600B97623C} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} => Key not found. HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully. HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully. HKCR\PROTOCOLS\Handler\viprotocol => Key not found. HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found. "C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx" => File/Directory not found. bvrp_pci => Service deleted successfully. TlntSvr => Service deleted successfully. wanatw => Service deleted successfully. C:\Documents and Settings\All Users\Application Data\2992199F9A => Moved successfully. C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => Moved successfully. C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job => Moved successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":0CFF5F08" ADS removed successfully. The system needed a reboot. ==== End of Fixlog ==== Here is FSS.txt Farbar Service Scanner Version: 25-02-2014 Ran by Paul (administrator) on 14-04-2014 at 20:30:31 Running from "C:\Documents and Settings\Paul\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys [2004-08-10 12:50] - [2008-10-16 15:43] - 0138496 ___AH (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37 C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x09000000040000000100000002000000030000000900000005000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** When the computer restarted during the reboot there was no DLL error message. Once again thanks for your help. Paul

Hi TheJoker, Thanks for your post. The actions I have taken so far: When the computer started and the lock screen appeared I could briefly get the start button by keying Ctrl+Alt+Delete. I managed to click on this and started MalwareBytes Anti Malware and got it running. Problem was that it was running but I couldn't see it even if it was the live window. I used another computer to work out what key presses to use to start a scan, and then to deal with any threats it might have found. I couldn't see if there were any threats found, or if I managed to remove them. I then used AVG to scan for viruses managing to start this from the icons bottom right - again I couldn't see the result. Also when shutting down I managed to stop the computer from shutting down by getting an error using MalwareBytes Anti Malware. I can't remember the sequence of events I used to achieve this. This gave me back the desktop as the lock screen had closed. At this point I downloaded FRST.exe and ran it (having seen this was often requested in other posts I had searched). I posted (above) the result of the two files it created FRST.txt and addition.txt. Then as I had the desktop back I ran MalwareBytes Anti Malware again - it found two threats which I asked it to remove. I think it needed the computer to restart to complete the removal. At this point the computer started without the lock screen. I also ran an AVG scan which didn't find anything. I then ran FRST.exe again and posted (also above) the new FRST.txt file (no addition.txt that time). Now I have removed 'MyWay Search Assistant' ...and here are the results you asked for: AdwCleaner produced two files, AdwCleaner[R0] and Adwcleaner[s0]. I've copied both below in that order: # AdwCleaner v3.023 - Report created 13/04/2014 at 16:08:36 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Paul - HOMEDESKTOP # Running from : C:\Documents and Settings\Paul\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\Lydia\Start Menu\Programs\iLivid.lnk Folder Found C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found C:\Documents and Settings\Amanda\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Amanda\Local Settings\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Lydia\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Lydia\Local Settings\Application Data\iLivid Folder Found C:\Documents and Settings\Paul\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Paul\Application Data\iWin Folder Found C:\Documents and Settings\Paul\Local Settings\Application Data\AVG SafeGuard toolbar Folder Found C:\Documents and Settings\Paul\Start Menu\Programs\Free Ride Games Folder Found C:\Program Files\AVG SafeGuard toolbar Folder Found C:\Program Files\Common Files\AVG Secure Search Folder Found C:\Program Files\Viewpoint ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AVG SafeGuard toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\MyWaySA Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\Software\AVG SafeGuard toolbar Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\Viewpoint Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8953 octets] - [13/04/2014 16:08:36] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9013 octets] ########## # AdwCleaner v3.023 - Report created 13/04/2014 at 16:31:33 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Paul - HOMEDESKTOP # Running from : C:\Documents and Settings\Paul\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Program Files\Common Files\AVG Secure Search [!] Folder Deleted : C:\Documents and Settings\Paul\Local Settings\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Paul\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Paul\Application Data\iWin Folder Deleted : C:\Documents and Settings\Paul\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Documents and Settings\Amanda\Local Settings\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Amanda\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Lydia\Local Settings\Application Data\iLivid Folder Deleted : C:\Documents and Settings\Lydia\Application Data\AVG SafeGuard toolbar File Deleted : C:\Documents and Settings\Lydia\Start Menu\Programs\iLivid.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\MyWaySA Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [9093 octets] - [13/04/2014 16:08:36] AdwCleaner[s0].txt - [9106 octets] - [13/04/2014 16:31:33] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9166 octets] ########## Here is JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Paul on 13/04/2014 at 17:29:11.07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C} ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13/04/2014 at 17:42:48.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ESET found no threats having scanned 280051 files. There was no option to list threats or to export. Thanks very much for you help so far. Best regards, Paul

I've run malwarebytes Anti-Malware again which didn't find anything else. When I log on I still get a RUNDLL error message which reads: "Error loading C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp" Can anyone advise how this can be fixed. Can anyone tell if there is anything malicious that still needs to be corrected from the FRST.txt file posted above? Regards, Paul

Hello Malwarebytes, I've made some progress with my problem. I've run Malwarebytes Anti-Malware and got ride of a couple of threats. On restart there is a .dll file error, but the PC starts without the lockout screen. I've also run AVG to scan for viruses - nothing found. I've run FRST.exe again and got one txt file - copied below. Any advice you could offer would be gratefully received. Regards, Paul Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 Ran by Paul (administrator) on HOMEDESKTOP on 12-04-2014 23:31:24 Running from C:\Documents and Settings\Paul\Desktop Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVR.EXE () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe () C:\Program Files\Dell\Media Experience\DMXLauncher.exe (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (BT Voyager Corporation) C:\WINDOWS\system32\wltray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe () C:\Program Files\AVG SafeGuard toolbar\vprot.exe (Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe () C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Softland) C:\Program Files\Softland\FBackup 4\fbaSched.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Dell Inc.) C:\Program Files\Dell Wireless\PRISMCFG.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.) HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd) HKLM\...\Run: [P17Helper] - C:\WINDOWS\system32\P17.dll [60928 2004-06-10] () HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.) HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-10-18] (RealNetworks, Inc.) HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] () HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions) HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard) HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.) HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-21] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0 HKLM\...\Policies\Explorer: [NoComputersNearMe] 0 HKLM\...\Policies\Explorer: [NoSetTaskBar] 0 HKLM\...\Policies\Explorer: [NoFileMenu] 0 HKLM\...\Policies\Explorer: [NoNetworkConnections] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000 HKLM\...\Policies\Explorer: [MaxRecentDocs] 0 HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0 HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000 HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000 HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000 HKLM\...\Policies\Explorer: [NoWinKey] 0 HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0 HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0 HKLM\...\Policies\Explorer: [NoControlPanle] 0 HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0 HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.) HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung) HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] () HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [FBackup Scheduler] - C:\Program Files\Softland\FBackup 4\fbaSched.exe [2532232 2012-09-12] (Softland) HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.) HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Documents and Settings\Amanda\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=1f4a4ae2700047d68bc4d14acce4e9e6-61470c91c26475264c0397ea84a464d7cb6913ab /CMPID=1113a HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.) HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.) HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-06] (Google Inc.) HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk ShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.) Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk ShortcutTarget: vhh47tod.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-13] (Oracle Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.) R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search) S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation) R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\2992199F9A\dot74hhv.cpp [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies) R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP) R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP) R3 P17; C:\WINDOWS\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.) R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.) R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] () R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI) S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation) S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation) R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) S3 bvrp_pci; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-12 13:39 - 2014-04-12 23:31 - 00021569 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt 2014-04-12 13:39 - 2014-04-12 23:31 - 00000000 ____D () C:\FRST 2014-04-12 13:39 - 2014-04-12 13:46 - 00024142 _____ () C:\Documents and Settings\Paul\Desktop\Addition.txt 2014-04-12 13:38 - 2014-04-12 12:51 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe 2014-04-12 13:38 - 2014-04-12 12:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe 2014-04-11 16:07 - 2014-04-12 19:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A 2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar 2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-03-30 11:06 - 2014-03-30 11:08 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP ==================== One Month Modified Files and Folders ======= 2014-04-12 23:31 - 2014-04-12 13:39 - 00021569 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt 2014-04-12 23:31 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST 2014-04-12 22:56 - 2012-09-06 06:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-12 22:53 - 2013-11-29 07:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-12 21:18 - 2011-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-04-12 20:56 - 2013-12-07 11:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-12 20:35 - 2004-08-10 13:02 - 01791856 ____H () C:\WINDOWS\WindowsUpdate.log 2014-04-12 19:13 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job 2014-04-12 19:13 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job 2014-04-12 19:11 - 2004-08-10 12:59 - 00000049 ____H () C:\WINDOWS\wiaservc.log 2014-04-12 19:10 - 2011-02-15 15:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2_0$ 2014-04-12 19:10 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-12 19:09 - 2012-06-12 08:16 - 01262850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat 2014-04-12 19:09 - 2012-06-12 08:16 - 00303514 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-04-12 19:09 - 2011-02-21 21:39 - 00000178 ___SH () C:\Documents and Settings\Paul\ntuser.ini 2014-04-12 19:09 - 2004-08-10 13:08 - 00032590 ____H () C:\WINDOWS\SchedLgU.Txt 2014-04-12 19:04 - 2014-04-11 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A 2014-04-12 13:46 - 2014-04-12 13:39 - 00024142 _____ () C:\Documents and Settings\Paul\Desktop\Addition.txt 2014-04-12 12:51 - 2014-04-12 13:38 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe 2014-04-12 12:49 - 2014-04-12 13:38 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe 2014-04-11 21:30 - 2013-11-21 08:20 - 00000494 _____ () C:\WINDOWS\Tasks\fba_Outlook Express Backup.job 2014-04-11 21:00 - 2013-11-21 08:19 - 00000478 _____ () C:\WINDOWS\Tasks\fba_General Backup.job 2014-04-11 14:34 - 2011-02-21 23:38 - 00000000 ____D () C:\Documents and Settings\Paul\Application Data\MailWasherFree 2014-04-10 23:43 - 2011-07-17 11:31 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2014-04-10 23:43 - 2011-02-21 21:39 - 00000000 ____D () C:\Documents and Settings\Paul 2014-04-10 23:32 - 2011-02-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Amanda\ntuser.ini 2014-04-06 22:42 - 2011-02-21 23:14 - 00000000 ____D () C:\Documents and Settings\Amanda 2014-04-05 13:43 - 2011-02-21 22:39 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\Paul's 2014-04-03 23:22 - 2011-02-21 23:43 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\General 2014-04-03 19:27 - 2011-02-21 23:49 - 00000178 ___SH () C:\Documents and Settings\Lydia\ntuser.ini 2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar 2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-03-31 14:23 - 2013-09-27 15:29 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk 2014-03-30 11:08 - 2014-03-30 11:06 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP 2014-03-29 19:53 - 2004-08-10 12:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl 2014-03-22 07:39 - 2004-08-10 13:01 - 00000000 ___HD () C:\WINDOWS\system32\FxsTmp 2014-03-21 00:30 - 2013-12-09 15:58 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys 2014-03-21 00:30 - 2013-12-09 15:58 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-03-21 00:30 - 2013-12-09 15:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar 2014-03-16 17:43 - 2012-02-07 20:40 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\My Scans 2014-03-15 12:03 - 2014-02-28 21:55 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\VW golf Some content of TEMP: ==================== C:\Documents and Settings\Amanda\Local Settings\Temp\uninst.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

I've managed to post the same request twice - sorry.

Dear Malwarebytes, I've got an PC infection that takes over the desktop when starting the computer - Windows XP operating system. I've searched and found that a start point to getting this solved is to get the Farbar recovery scan tool onto the desktop, run the scan and then to post the results of the scan. I managed to get to the desktop eventually by trying various things - however the result is I've run FRST.exe from the desktop and the result was two text files FRST.txt and Addition.txt which I've posted the result of below. Can you help me with the next steps? Regards, Paul Here is FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014Ran by Paul (administrator) on HOMEDESKTOP on 12-04-2014 13:39:09Running from C:\Documents and Settings\Paul\DesktopMicrosoft Windows XP Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)HKLM\...\Run: [P17Helper] - C:\WINDOWS\system32\P17.dll [60928 2004-06-10] ()HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-10-18] (RealNetworks, Inc.)HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-21] ()Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0HKLM\...\Policies\Explorer: [NoComputersNearMe] 0HKLM\...\Policies\Explorer: [NoSetTaskBar] 0HKLM\...\Policies\Explorer: [NoFileMenu] 0HKLM\...\Policies\Explorer: [NoNetworkConnections] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000HKLM\...\Policies\Explorer: [MaxRecentDocs] 0HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000HKLM\...\Policies\Explorer: [NoWinKey] 0HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0HKLM\...\Policies\Explorer: [NoControlPanle] 0HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startupHKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [FBackup Scheduler] - C:\Program Files\Softland\FBackup 4\fbaSched.exe [2532232 2012-09-12] (Softland)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnkShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnkShortcutTarget: vhh47tod.lnk -> C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No FileURLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No FileBHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: =======CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-13] (Oracle Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.)R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)S2 winmgmt; C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp [186441 2014-04-11] (Microsoft Corporation)S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation)R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider)R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)R3 P17; C:\WINDOWS\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] ()R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)S3 bvrp_pci; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST2014-04-12 13:38 - 2014-04-12 12:51 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe2014-04-12 13:38 - 2014-04-12 12:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe2014-04-11 16:07 - 2014-04-12 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-30 11:06 - 2014-03-30 11:08 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP ==================== One Month Modified Files and Folders ======= 2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST2014-04-12 13:37 - 2004-08-10 13:02 - 01778330 ____H () C:\WINDOWS\WindowsUpdate.log2014-04-12 13:32 - 2014-04-11 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job2014-04-12 13:31 - 2013-12-07 11:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-12 13:31 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-12 13:31 - 2004-08-10 12:59 - 00000049 ____H () C:\WINDOWS\wiaservc.log2014-04-12 13:23 - 2012-06-12 08:16 - 01262850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat2014-04-12 13:23 - 2012-06-12 08:16 - 00303514 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat2014-04-12 13:23 - 2004-08-10 13:08 - 00032590 ____H () C:\WINDOWS\SchedLgU.Txt2014-04-12 13:21 - 2011-02-21 21:39 - 00000178 ___SH () C:\Documents and Settings\Paul\ntuser.ini2014-04-12 12:56 - 2012-09-06 06:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-12 12:53 - 2013-11-29 07:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-04-12 12:51 - 2014-04-12 13:38 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe2014-04-12 12:49 - 2014-04-12 13:38 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe2014-04-12 12:04 - 2011-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-04-11 21:30 - 2013-11-21 08:20 - 00000494 _____ () C:\WINDOWS\Tasks\fba_Outlook Express Backup.job2014-04-11 21:00 - 2013-11-21 08:19 - 00000478 _____ () C:\WINDOWS\Tasks\fba_General Backup.job2014-04-11 14:34 - 2011-02-21 23:38 - 00000000 ____D () C:\Documents and Settings\Paul\Application Data\MailWasherFree2014-04-10 23:43 - 2011-07-17 11:31 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt2014-04-10 23:43 - 2011-02-21 21:39 - 00000000 ____D () C:\Documents and Settings\Paul2014-04-10 23:32 - 2011-02-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Amanda\ntuser.ini2014-04-06 22:42 - 2011-02-21 23:14 - 00000000 ____D () C:\Documents and Settings\Amanda2014-04-05 13:43 - 2011-02-21 22:39 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\Paul's2014-04-03 23:22 - 2011-02-21 23:43 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\General2014-04-03 19:27 - 2011-02-21 23:49 - 00000178 ___SH () C:\Documents and Settings\Lydia\ntuser.ini2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-31 14:23 - 2013-09-27 15:29 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-03-30 11:08 - 2014-03-30 11:06 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP2014-03-29 19:53 - 2004-08-10 12:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl2014-03-22 07:39 - 2004-08-10 13:01 - 00000000 ___HD () C:\WINDOWS\system32\FxsTmp2014-03-21 00:30 - 2013-12-09 15:58 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys2014-03-21 00:30 - 2013-12-09 15:58 - 00000000 ____D () C:\WINDOWS\system32\cache2014-03-21 00:30 - 2013-12-09 15:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar2014-03-16 17:43 - 2012-02-07 20:40 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\My Scans2014-03-15 12:03 - 2014-02-28 21:55 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\VW golf Some content of TEMP:====================C:\Documents and Settings\Amanda\Local Settings\Temp\uninst.dllC:\Documents and Settings\Paul\Local Settings\Temp\qhxib.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014Ran by Paul at 2014-04-12 13:39:53Running from C:\Documents and Settings\Paul\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) HiddenAdobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version: - )Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)ARTEuro (HKLM\...\{1D3C662A-F6C6-4767-A788-7AA43A9A1317}) (Version: 1.00.0000 - Dell)ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)AVG 2014 (Version: 14.0.3882 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4259 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4355 - AVG Technologies) HiddenAVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)BT Voyager Wireless Utility (HKLM\...\{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}) (Version: 1.00.010 - )BufferChm (Version: 130.0.331.000 - Hewlett-Packard) HiddenCoffeeCup Free FTP (HKLM\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.4.4 - CoffeeCup Software Inc.)Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Copy (Version: 130.0.366.000 - Hewlett-Packard) HiddenCreative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)Dell Support 5.0.0 (630) (HKLM\...\DellSupport) (Version: - )Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)Destinations (Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) HiddenDigital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) HiddeneReg (Version: 1.20.138.34 - Logitech, Inc.) HiddenF4500 (Version: 130.0.406.000 - Hewlett-Packard) HiddenFBackup 4 (HKLM\...\FBackup 4_is1) (Version: - Softland)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.23.9 - Google Inc.) HiddenGPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) HiddenHigh Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) HiddenHPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (Version: 130.0.371.000 - Hewlett-Packard) HiddenhpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) HiddenIntel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) HiddeniTunes (HKLM\...\{D6B5B017-7643-46A5-AC4D-E58A7B4798A0}) (Version: 10.3.0.54 - Apple Inc.)Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.22 - Jasc Software, Inc.)Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.01.0000 - Jasc Software Inc)Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenLearn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech)MailWasher Free 6.5.2 (HKLM\...\MailWasher Free_is1) (Version: - FireTrust Limited)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MyWay Search Assistant (HKLM\...\{E7559288-223B-453C-9F06-340E3BE21E39}) (Version: 1.0.1 - MyWay)NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)Network (Version: 130.0.572.000 - Hewlett-Packard) HiddenOLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Rapport (Version: 3.5.1304.15 - Trusteer) HiddenRealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )Safari (HKLM\...\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}) (Version: 5.33.18.5 - Apple Inc.)Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.)Samsung Kies (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)Scan (Version: 13.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) HiddenSonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)Sound Blaster Live! 24-bit (HKLM\...\{CEB481CC-F57C-4397-81A0-DADD22257047}) (Version: - )Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version: - )Status (Version: 130.0.373.000 - Hewlett-Packard) HiddenTiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.25 - Tiscali)Toolbox (Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (Version: 130.0.376.000 - Hewlett-Packard) HiddenTrueCrypt (HKLM\...\TrueCrypt) (Version: 6.1a - TrueCrypt Foundation)Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1304.15 - Trusteer)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)USB 2.0 Wireless LAN Card Utility (HKLM\...\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}) (Version: 8.1.20 - Dell Inc.)Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Wanadoo Europe Installer (HKLM\...\{B7AC5A96-C8BC-431C-B661-27A09781DFA8}) (Version: 1.02.008 - Wanadoo)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebReg (Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)Yahoo! Detect (HKLM\...\YTdetect) (Version: - )Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2004-08-10 12:51 - 2013-11-11 22:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exeTask: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exeTask: C:\WINDOWS\Tasks\fba_General Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exeTask: C:\WINDOWS\Tasks\fba_Outlook Express Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-18 20:39 - 2013-10-18 20:39 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2014-02-05 20:53 - 2014-02-05 20:52 - 02606616 _____ () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-03-21 00:30 - 2014-03-21 00:30 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe2014-03-21 00:30 - 2014-03-21 00:30 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll2012-06-27 16:09 - 2012-06-27 16:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors:==================Error: (04/12/2014 10:40:23 AM) (Source: Application Hang) (User: )Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/11/2014 03:59:42 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/09/2014 04:58:07 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/07/2014 10:30:32 PM) (Source: Microsoft Office 14) (User: )Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1. Error: (04/05/2014 04:08:48 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/05/2014 03:01:42 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/04/2014 03:10:09 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/03/2014 11:24:29 PM) (Source: Microsoft Office 14) (User: )Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1. Error: (04/03/2014 05:48:15 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/03/2014 05:46:46 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. System errors:=============Error: (04/12/2014 01:46:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:45:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:45:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:44:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:44:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:43:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:43:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:42:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:42:20 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:41:50 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 27%Total physical RAM: 2046.07 MBAvailable physical RAM: 1473.24 MBTotal Pagefile: 3938.52 MBAvailable Pagefile: 3439.53 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:229.76 GB) (Free:153.23 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive j: () (Removable) (Total:3.89 GB) (Free:2.45 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C) Partition: GPT Partition Type. ========================================================Disk: 5 (Size: 4 GB) (Disk ID: B193A6D3) Partition: GPT Partition Type. ==================== End Of Log ============================

Dear Malwarebytes, I've got an PC infection that takes over the desktop when starting the computer - Windows XP operating system. I've searched and found that a start point to getting this solved is to get the Farbar recovery scan tool onto the desktop, run the scan and then to post the results of the scan. I managed to get to the desktop eventually by trying various things - however the result is I've run FRST.exe from the desktop and the result was two text files FRST.txt and Addition.txt which I've posted the result of below. Can you help me with the next steps? Regards, Paul Here is FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014Ran by Paul (administrator) on HOMEDESKTOP on 12-04-2014 13:39:09Running from C:\Documents and Settings\Paul\DesktopMicrosoft Windows XP Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)HKLM\...\Run: [P17Helper] - C:\WINDOWS\system32\P17.dll [60928 2004-06-10] ()HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-10-18] (RealNetworks, Inc.)HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-21] ()Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0HKLM\...\Policies\Explorer: [NoComputersNearMe] 0HKLM\...\Policies\Explorer: [NoSetTaskBar] 0HKLM\...\Policies\Explorer: [NoFileMenu] 0HKLM\...\Policies\Explorer: [NoNetworkConnections] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000HKLM\...\Policies\Explorer: [MaxRecentDocs] 0HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000HKLM\...\Policies\Explorer: [NoWinKey] 0HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0HKLM\...\Policies\Explorer: [NoControlPanle] 0HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startupHKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [FBackup Scheduler] - C:\Program Files\Softland\FBackup 4\fbaSched.exe [2532232 2012-09-12] (Softland)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnkShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnkShortcutTarget: vhh47tod.lnk -> C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No FileURLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No FileBHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: =======CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-13] (Oracle Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.)R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)S2 winmgmt; C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp [186441 2014-04-11] (Microsoft Corporation)S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation)R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider)R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)R3 P17; C:\WINDOWS\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] ()R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)S3 bvrp_pci; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST2014-04-12 13:38 - 2014-04-12 12:51 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe2014-04-12 13:38 - 2014-04-12 12:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe2014-04-11 16:07 - 2014-04-12 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-30 11:06 - 2014-03-30 11:08 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP ==================== One Month Modified Files and Folders ======= 2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST2014-04-12 13:37 - 2004-08-10 13:02 - 01778330 ____H () C:\WINDOWS\WindowsUpdate.log2014-04-12 13:32 - 2014-04-11 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job2014-04-12 13:31 - 2013-12-07 11:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-12 13:31 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-12 13:31 - 2004-08-10 12:59 - 00000049 ____H () C:\WINDOWS\wiaservc.log2014-04-12 13:23 - 2012-06-12 08:16 - 01262850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat2014-04-12 13:23 - 2012-06-12 08:16 - 00303514 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat2014-04-12 13:23 - 2004-08-10 13:08 - 00032590 ____H () C:\WINDOWS\SchedLgU.Txt2014-04-12 13:21 - 2011-02-21 21:39 - 00000178 ___SH () C:\Documents and Settings\Paul\ntuser.ini2014-04-12 12:56 - 2012-09-06 06:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-12 12:53 - 2013-11-29 07:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-04-12 12:51 - 2014-04-12 13:38 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe2014-04-12 12:49 - 2014-04-12 13:38 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe2014-04-12 12:04 - 2011-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-04-11 21:30 - 2013-11-21 08:20 - 00000494 _____ () C:\WINDOWS\Tasks\fba_Outlook Express Backup.job2014-04-11 21:00 - 2013-11-21 08:19 - 00000478 _____ () C:\WINDOWS\Tasks\fba_General Backup.job2014-04-11 14:34 - 2011-02-21 23:38 - 00000000 ____D () C:\Documents and Settings\Paul\Application Data\MailWasherFree2014-04-10 23:43 - 2011-07-17 11:31 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt2014-04-10 23:43 - 2011-02-21 21:39 - 00000000 ____D () C:\Documents and Settings\Paul2014-04-10 23:32 - 2011-02-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Amanda\ntuser.ini2014-04-06 22:42 - 2011-02-21 23:14 - 00000000 ____D () C:\Documents and Settings\Amanda2014-04-05 13:43 - 2011-02-21 22:39 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\Paul's2014-04-03 23:22 - 2011-02-21 23:43 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\General2014-04-03 19:27 - 2011-02-21 23:49 - 00000178 ___SH () C:\Documents and Settings\Lydia\ntuser.ini2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-31 14:23 - 2013-09-27 15:29 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-03-30 11:08 - 2014-03-30 11:06 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP2014-03-29 19:53 - 2004-08-10 12:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl2014-03-22 07:39 - 2004-08-10 13:01 - 00000000 ___HD () C:\WINDOWS\system32\FxsTmp2014-03-21 00:30 - 2013-12-09 15:58 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys2014-03-21 00:30 - 2013-12-09 15:58 - 00000000 ____D () C:\WINDOWS\system32\cache2014-03-21 00:30 - 2013-12-09 15:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar2014-03-16 17:43 - 2012-02-07 20:40 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\My Scans2014-03-15 12:03 - 2014-02-28 21:55 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\VW golf Some content of TEMP:====================C:\Documents and Settings\Amanda\Local Settings\Temp\uninst.dllC:\Documents and Settings\Paul\Local Settings\Temp\qhxib.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014Ran by Paul at 2014-04-12 13:39:53Running from C:\Documents and Settings\Paul\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) HiddenAdobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version: - )Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)ARTEuro (HKLM\...\{1D3C662A-F6C6-4767-A788-7AA43A9A1317}) (Version: 1.00.0000 - Dell)ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)AVG 2014 (Version: 14.0.3882 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4259 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4355 - AVG Technologies) HiddenAVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)BT Voyager Wireless Utility (HKLM\...\{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}) (Version: 1.00.010 - )BufferChm (Version: 130.0.331.000 - Hewlett-Packard) HiddenCoffeeCup Free FTP (HKLM\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.4.4 - CoffeeCup Software Inc.)Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Copy (Version: 130.0.366.000 - Hewlett-Packard) HiddenCreative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)Dell Support 5.0.0 (630) (HKLM\...\DellSupport) (Version: - )Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)Destinations (Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) HiddenDigital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) HiddeneReg (Version: 1.20.138.34 - Logitech, Inc.) HiddenF4500 (Version: 130.0.406.000 - Hewlett-Packard) HiddenFBackup 4 (HKLM\...\FBackup 4_is1) (Version: - Softland)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.23.9 - Google Inc.) HiddenGPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) HiddenHigh Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) HiddenHPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (Version: 130.0.371.000 - Hewlett-Packard) HiddenhpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) HiddenIntel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) HiddeniTunes (HKLM\...\{D6B5B017-7643-46A5-AC4D-E58A7B4798A0}) (Version: 10.3.0.54 - Apple Inc.)Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.22 - Jasc Software, Inc.)Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.01.0000 - Jasc Software Inc)Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenLearn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech)MailWasher Free 6.5.2 (HKLM\...\MailWasher Free_is1) (Version: - FireTrust Limited)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MyWay Search Assistant (HKLM\...\{E7559288-223B-453C-9F06-340E3BE21E39}) (Version: 1.0.1 - MyWay)NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)Network (Version: 130.0.572.000 - Hewlett-Packard) HiddenOLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Rapport (Version: 3.5.1304.15 - Trusteer) HiddenRealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )Safari (HKLM\...\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}) (Version: 5.33.18.5 - Apple Inc.)Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.)Samsung Kies (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)Scan (Version: 13.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) HiddenSonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)Sound Blaster Live! 24-bit (HKLM\...\{CEB481CC-F57C-4397-81A0-DADD22257047}) (Version: - )Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version: - )Status (Version: 130.0.373.000 - Hewlett-Packard) HiddenTiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.25 - Tiscali)Toolbox (Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (Version: 130.0.376.000 - Hewlett-Packard) HiddenTrueCrypt (HKLM\...\TrueCrypt) (Version: 6.1a - TrueCrypt Foundation)Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1304.15 - Trusteer)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)USB 2.0 Wireless LAN Card Utility (HKLM\...\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}) (Version: 8.1.20 - Dell Inc.)Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Wanadoo Europe Installer (HKLM\...\{B7AC5A96-C8BC-431C-B661-27A09781DFA8}) (Version: 1.02.008 - Wanadoo)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebReg (Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)Yahoo! Detect (HKLM\...\YTdetect) (Version: - )Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2004-08-10 12:51 - 2013-11-11 22:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exeTask: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exeTask: C:\WINDOWS\Tasks\fba_General Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exeTask: C:\WINDOWS\Tasks\fba_Outlook Express Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-18 20:39 - 2013-10-18 20:39 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2014-02-05 20:53 - 2014-02-05 20:52 - 02606616 _____ () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-03-21 00:30 - 2014-03-21 00:30 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe2014-03-21 00:30 - 2014-03-21 00:30 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll2012-06-27 16:09 - 2012-06-27 16:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors:==================Error: (04/12/2014 10:40:23 AM) (Source: Application Hang) (User: )Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/11/2014 03:59:42 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/09/2014 04:58:07 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/07/2014 10:30:32 PM) (Source: Microsoft Office 14) (User: )Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1. Error: (04/05/2014 04:08:48 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/05/2014 03:01:42 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/04/2014 03:10:09 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/03/2014 11:24:29 PM) (Source: Microsoft Office 14) (User: )Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1. Error: (04/03/2014 05:48:15 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/03/2014 05:46:46 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. System errors:=============Error: (04/12/2014 01:46:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:45:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:45:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:44:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:44:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:43:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:43:20 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:42:50 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:42:20 PM) (Source: DCOM) (User: NT AUTHORITY)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error: (04/12/2014 01:41:50 PM) (Source: DCOM) (User: HOMEDESKTOP)Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 27%Total physical RAM: 2046.07 MBAvailable physical RAM: 1473.24 MBTotal Pagefile: 3938.52 MBAvailable Pagefile: 3439.53 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:229.76 GB) (Free:153.23 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive j: () (Removable) (Total:3.89 GB) (Free:2.45 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C) Partition: GPT Partition Type. ========================================================Disk: 5 (Size: 4 GB) (Disk ID: B193A6D3) Partition: GPT Partition Type. ==================== End Of Log ============================

Hi Kevin, Done both of those and all seem to be OK. Thank you very much for all you help in solving this problem. I shall read the informaiton in the link you sent regarding computer security. Regards, Paul

Hi Kevin, I've run the fix in the OTL application - log file below. I've also carried out all the other clean up steps in the earlier post which completed successfully. We still have the RUNDLL error when logging into 'Amanda' account. No issues other than this that I'm aware of. Regards, Paul All processes killed ========== OTL ========== C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx moved successfully. C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv moved successfully. C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg moved successfully. C:\Documents and Settings\Lydia\Application Data\Babylon folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Amanda ->Temp folder emptied: 270575 bytes ->Temporary Internet Files folder emptied: 11568646 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Emily ->Temp folder emptied: 327042 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Lydia ->Temp folder emptied: 136267 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner User: Paul ->Temp folder emptied: 484273 bytes ->Temporary Internet Files folder emptied: 52609947 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 602 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25965 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 63.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11132013_065340 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\tmp19.tmp not found! File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\tmp29.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...

Hi Kevin, OK, I've run the OTL.exe and the log files are below: Regards, Paul OTL logfile created on: 12/11/2013 23:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.03% Memory free 3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.76 Gb Total Space | 165.25 Gb Free Space | 71.92% Space Free | Partition Type: NTFS Computer Name: HOMEDESKTOP | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/12 23:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe PRC - [2013/10/01 18:23:26 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2013/10/01 18:23:24 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2013/09/15 22:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe PRC - [2013/09/03 21:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe PRC - [2013/09/02 10:19:00 | 000,669,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe PRC - [2013/08/20 22:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe PRC - [2012/05/29 17:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/05/29 17:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2010/11/09 20:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2010/10/28 23:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010/01/18 16:52:04 | 019,446,296 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2005/10/18 08:15:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe PRC - [2004/10/04 13:50:20 | 000,917,611 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe PRC - [2004/10/04 13:10:16 | 000,327,769 | -H-- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe PRC - [2004/03/18 05:56:36 | 000,156,784 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aoltray.exe PRC - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe ========== Modules (No Company Name) ========== MOD - [2013/11/12 20:41:50 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll MOD - [2013/10/18 19:39:10 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2012/06/12 07:06:04 | 000,758,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll MOD - [2012/06/12 06:54:08 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll MOD - [2012/06/12 06:52:39 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll MOD - [2012/06/12 06:44:58 | 017,632,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c5076f9a8ecf90a4c86ac5cfcb9e5528\PresentationFramework.ni.dll MOD - [2012/06/12 06:44:27 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\576f6cca332b90183be8f1807312ae43\PresentationFramework.Luna.ni.dll MOD - [2012/06/12 06:41:19 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll MOD - [2012/06/12 06:40:49 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll MOD - [2012/06/12 06:40:48 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll MOD - [2012/06/12 06:40:34 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll MOD - [2012/06/12 06:40:24 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll MOD - [2012/06/12 06:40:07 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll MOD - [2012/06/12 06:40:00 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll MOD - [2012/06/12 06:39:45 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll MOD - [2012/05/29 17:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009/08/25 18:51:10 | 000,155,320 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\mailprefs.dll MOD - [2009/06/25 16:40:38 | 000,771,256 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\ContactsLib.dll MOD - [2009/06/25 16:40:04 | 000,977,080 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\MCore.dll MOD - [2008/09/12 18:39:34 | 000,611,936 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\MailAnalysis.dll MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe MOD - [2004/06/10 15:51:00 | 000,060,928 | -H-- | M] () -- C:\WINDOWS\system32\P17.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wltrysvc.exe %C:\WINDOWS%\System32\bcmwltry.exe -- (wltrysvc) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/10/09 19:20:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/10/01 18:23:26 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2010/10/28 10:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2004/10/04 13:12:50 | 000,057,344 | -H-- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC) SRV - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci) DRV - [2013/10/18 19:39:09 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849) DRV - [2013/10/01 18:23:36 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2013/10/01 18:23:36 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2013/10/01 18:23:36 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2013/09/25 19:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2013/09/10 21:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013/09/08 21:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013/09/02 09:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013/09/02 09:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013/09/02 09:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013/09/02 09:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2013/08/20 21:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/02/21 22:37:29 | 000,215,872 | -H-- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010/12/21 05:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010/12/21 05:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2010/12/21 05:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010/12/21 05:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010/08/24 17:31:02 | 000,037,328 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/08/24 17:30:52 | 000,038,864 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010/08/24 17:30:18 | 000,010,448 | -H-- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2005/10/18 08:15:43 | 000,008,552 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/08/04 03:10:18 | 001,273,344 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/06/09 16:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2003/11/17 20:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 20:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 20:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/09/22 12:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/09/22 12:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/03/05 17:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT) DRV - [2003/01/10 15:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {351807CC-DECC-48AF-8F47-225A8B32A31C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{351807CC-DECC-48AF-8F47-225A8B32A31C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 File not found IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes,DefaultScope = {D20AAB8B-6887-40DB-B7B7-10600B97623C} IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C}: "URL" = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 File not found IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{351807CC-DECC-48AF-8F47-225A8B32A31C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{AA4B514D-24CA-44F2-887C-393CDAEB2D84}: "URL" = http://search.avg.com/?d=4dc2e448&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 21:31:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 21:31:36 | 000,000,000 | ---D | M] ========== Chrome ========== O1 HOSTS File: ([2013/11/11 21:55:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\***ERROR READING SUBKEYS*** present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Explorer = Reg Error: Value error. File not found O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HKEY_USERS = Reg Error: Value error. File not found O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297770215375 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDC95363-B025-4A10-9EE4-0612E996BF93}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009 Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/11/12 23:08:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe [2013/11/12 20:30:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/11/12 20:09:39 | 000,000,000 | ---D | C] -- C:\_OTM [2013/11/12 20:06:20 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTM.exe [2013/11/10 23:32:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/11/10 23:11:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/11/10 23:11:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/11/10 23:11:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/11/10 23:11:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/11/10 23:10:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/11/10 23:10:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2013/11/10 23:10:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools [2013/11/10 23:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/11/10 22:59:25 | 005,145,576 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe [2013/11/10 21:35:08 | 000,000,000 | ---D | C] -- C:\FRST [2013/11/10 21:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\New Folder [2013/11/10 18:42:54 | 001,957,590 | ---- | C] (Farbar) -- C:\FRST64.exe [2013/11/10 18:15:35 | 001,090,275 | ---- | C] (Farbar) -- C:\FRST.exe [2013/11/10 08:21:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013/11/10 06:11:46 | 000,000,000 | ---D | C] -- C:\found.000 [2013/11/09 06:53:54 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$ [2013/10/18 19:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Trusteer [2013/10/18 19:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection [2013/10/18 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer [2013/10/18 19:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer ========== Files - Modified Within 30 Days ========== [2013/11/12 23:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe [2013/11/12 22:39:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/11/12 20:39:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/11/12 20:39:44 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys [2013/11/12 20:06:21 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTM.exe [2013/11/11 21:55:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/11/11 18:02:10 | 005,145,576 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe [2013/11/11 17:36:53 | 095,025,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx [2013/11/11 17:34:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv [2013/11/11 00:04:36 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg [2013/11/10 23:33:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/11/10 18:42:57 | 001,957,590 | ---- | M] (Farbar) -- C:\FRST64.exe [2013/11/10 18:15:36 | 001,090,275 | ---- | M] (Farbar) -- C:\FRST.exe [2013/11/10 18:07:52 | 000,000,069 | ---- | M] () -- C:\.directory [2013/11/10 05:56:32 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/10/14 22:22:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat ========== Files Created - No Company Name ========== [2013/11/10 23:33:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013/11/10 23:33:03 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/11/10 23:11:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/11/10 23:11:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/11/10 23:11:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/11/10 23:11:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/11/10 23:11:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/11/10 18:07:52 | 000,000,069 | ---- | C] () -- C:\.directory [2013/11/09 02:44:21 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys [2013/11/09 00:30:46 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg [2013/11/09 00:30:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv [2013/11/09 00:29:56 | 095,025,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx [2012/11/29 20:42:08 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\dt.dat [2012/09/25 20:26:27 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini [2012/09/25 20:26:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012/09/25 20:26:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe [2012/07/22 21:52:34 | 000,175,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/06/12 07:16:19 | 000,353,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat [2012/06/12 07:16:18 | 000,303,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011/10/07 15:43:07 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/30 14:58:53 | 000,214,016 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\SharedSettings.ccs ========== ZeroAccess Check ========== [2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | -H-- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | -H-- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | -H-- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/01/21 11:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign [2013/09/27 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2013/09/27 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014 [2011/06/30 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software [2011/02/21 21:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/02/28 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2013/11/12 17:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/06/20 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache [2005/10/18 08:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism [2012/06/12 06:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012/09/14 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland [2013/10/18 19:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2005/10/18 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/06/08 05:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2013/09/27 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\AVG2014 [2011/02/22 20:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\ElevatedDiagnostics [2011/02/22 21:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\MailWasherFree [2012/09/14 17:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Softland [2011/02/21 22:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\TrueCrypt [2013/01/10 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software [2013/11/12 22:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\AVG2014 [2013/09/29 11:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\AVG2014 [2013/06/20 09:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Babylon [2013/03/02 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Amazon [2013/09/27 14:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AVG2014 [2011/06/30 15:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CoffeeCup Software [2011/02/21 21:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ElevatedDiagnostics [2011/03/12 21:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\iWin [2011/07/20 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech [2013/11/12 20:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MailWasherFree [2012/06/12 06:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Samsung [2012/09/14 17:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Softland [2011/02/21 22:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TrueCrypt [2012/12/14 12:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TuneUp Software ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/11/2013 23:13:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.03% Memory free 3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.76 Gb Total Space | 165.25 Gb Free Space | 71.92% Space Free | Partition Type: NTFS Computer Name: HOMEDESKTOP | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2 "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7DA4FC0C-4FB3-45A2-8095-B2F7A9CF8135}" = AVG 2014 "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D6B5B017-7643-46A5-AC4D-E58A7B4798A0}" = iTunes "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant "{EEAFDDCF-0B0E-44DB-995B-886FB139CF1F}" = AVG 2014 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "America Online uk" = AOL UK (Choose which version to remove) "AOL Connectivity Services" = AOL Connectivity Services "AOL Spyware Protection" = AOL Spyware Protection "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk) "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2014 "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "DellSupport" = Dell Support 5.0.0 (630) "FBackup 4_is1" = FBackup 4 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MailWasher Free_is1" = MailWasher Free 6.5.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PROSet" = Intel® PRO Network Connections Drivers "Rapport_msi" = Trusteer Endpoint Protection "RealPlayer 6.0" = RealPlayer Basic "Shop for HP Supplies" = Shop for HP Supplies "sp6" = Logitech SetPoint 6.20 "Spell Checker For OE 2.1" = Spell Checker For OE 2.1 "StreetPlugin" = Learn2 Player (Uninstall Only) "TrueCrypt" = TrueCrypt "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "YTdetect" = Yahoo! Detect ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27/10/2013 01:28:14 | Computer Name = HOMEDESKTOP | Source = LoadPerf | ID = 3013 Description = Unable to update the performance counter strings of the 009 language ID. The Win32 status returned by the call is the first DWORD in Data section. Error - 27/10/2013 01:28:14 | Computer Name = HOMEDESKTOP | Source = LoadPerf | ID = 3009 Error - 31/10/2013 02:59:58 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 31/10/2013 02:59:58 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 08/11/2013 19:47:45 | Computer Name = HOMEDESKTOP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/11/2013 20:19:49 | Computer Name = HOMEDESKTOP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/11/2013 01:57:17 | Computer Name = HOMEDESKTOP | Source = .NET Runtime Optimization Service | ID = 1111 Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070570. Error - 10/11/2013 19:42:35 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 11/11/2013 14:15:34 | Computer Name = HOMEDESKTOP | Source = Application Error | ID = 1000 Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0. Error - 11/11/2013 14:15:35 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 11/11/2013 17:19:38 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error encountered while reading event logs. < End of report >

Hi Kevin, Before I carry out the instruction above I've just logged into the other users to check all is OK and on user Amanda I get the RUNDLL error message as I had on my log in: "Error loading C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss The specified module could not be found". Should I continue with the instruciton above or is there something else to do first? Regards, Paul

Hi Kevin, Followed your instructions and the log file is below. No issues during reboot. Once again than you for your help and clear instructions in resolving my computer problems. Regards, Paul All processes killed ========== FILES ========== C:\Documents and Settings\Amanda\Local Settings\Temp\9dj0t7g.dss moved successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP868\A0180365.exe moved successfully. c:\documents and settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnk moved successfully. c:\documents and settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnk moved successfully. File/Folder c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Amanda ->Temp folder emptied: 431070609 bytes ->Temporary Internet Files folder emptied: 354260322 bytes ->Java cache emptied: 2078979 bytes ->Flash cache emptied: 47624 bytes User: Default User ->Temp folder emptied: 32768 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56468 bytes User: Emily ->Temp folder emptied: 19559051 bytes ->Temporary Internet Files folder emptied: 251761253 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 3438 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Lydia ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 296919 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 35234 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Owner User: Paul ->Temp folder emptied: 358439 bytes ->Temporary Internet Files folder emptied: 26802461 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 2535424 bytes ->Flash cache emptied: 98758 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 531033 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 23604 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,039.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 11122013_200939 Files moved on Reboot... File C:\Documents and Settings\Paul\Local Settings\Temp\tmp19.tmp not found! File C:\Documents and Settings\Paul\Local Settings\Temp\tmp2B.tmp not found! Registry entries deleted on Reboot...