Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win32/Zperm


  • This topic is locked This topic is locked
21 replies to this topic

#1 Daidaft

Daidaft

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 04 June 2014 - 05:20 AM

Hi,

I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm

As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.

I am operating on windows Vista and being relatively PC niave would appreciate guidance.

Many Thanks

 



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 04 June 2014 - 01:15 PM

Hello Daidaft

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 06 June 2014 - 12:07 PM

Hi Seedy21,

just a quick note for know to say thanks for the reply. I am away from the infected PC presently so hope to be able to get back and attend to it over the weekend. I shall endevour to reply to you by close Monday latest.

Many thanks for your help



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 07 June 2014 - 12:11 PM

Hi Daidaft

Please don't Person Message me your logs. I have re-posted the logs you sent me. We will continue all work on here.

 

Can you boot into Normal mode ?


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014

Ran by kev (administrator) on KEV-PC on 07-06-2014 09:22:41

Running from C:\Users\kev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP45HOIW

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 7

Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\rstrui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Farbar) C:\Users\kev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP45HOIW\FRST[1].exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)

HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1745648 2008-11-03] ()

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)

HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2013-01-29] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2557976 2014-04-28] ()

HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [Box Edit] => C:\Users\kev\AppData\Local\Box Edit\Box Edit.exe [457912 2013-01-07] (Box)

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-14] (Google Inc.)

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe [844976 2014-04-30] (Adobe Systems Incorporated)

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\MountPoints2: {c042bef3-3180-11de-95ad-00217020abcd} - J:\LaunchU3.exe -a

HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2927104 2008-10-29] (Microsoft Corporation) <==== ATTENTION

AppInit_DLLs: AVGRSSTX.DLL => C:\Windows\system32\AVGRSSTX.DLL [12536 2010-07-26] (AVG Technologies CZ, s.r.o.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk

ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk

ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk

ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\kev\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/?gws_rd=cr&ei=uzE3Uue-D4WThQfTkoHwBw

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3090114

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8812-90&apn_uid=0614546223064900&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}

SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D72059E2-BD09-4AB2-A652-B42B03303B10}&mid=283222053405392365a84865c4a39087-c64f05bb8c075012c27f6ce77688781a815056e9&lang=us&ds=AVG&pr=fr&d=2013-01-29 13:58:08&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b9262e9&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File

Toolbar: HKCU - No Name - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: box.com/BoxEdit - C:\Users\kev\AppData\Local\Box Edit\npBoxEdit.dll (Box)

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()

S2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-26] (AVG Technologies CZ, s.r.o.)

S2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-26] (AVG Technologies CZ, s.r.o.)

S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)

S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)

S2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)

S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-28] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-29] (AVG Technologies CZ, s.r.o.)

S1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2013-01-25] (AVG Technologies CZ, s.r.o.)

R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-12] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)

S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.)

S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()

R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-11] (Realtek Semiconductor Corporation )

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-06-07 09:22 - 2014-06-07 09:22 - 00000000 ____D () C:\FRST

2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000

2014-06-07 08:54 - 2013-01-29 10:43 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Trusteer

2014-06-07 08:54 - 2006-11-02 11:23 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Temp

2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer

2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer

2014-06-02 20:02 - 2014-05-10 09:24 - 00000229 _____ () C:\Users\Public\Desktop\LionSea Software.url

2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft

2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics

2014-06-02 17:06 - 2014-06-02 20:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-06-02 17:06 - 2014-06-02 17:07 - 00000000 ____D () C:\Program Files\Lavasoft

2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp

2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-06-02 16:46 - 2014-06-02 16:47 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu

2014-06-02 16:45 - 2014-06-02 16:47 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu

2014-06-02 16:45 - 2014-06-02 16:47 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu

2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt

2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager

2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup

2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp

2014-06-02 16:25 - 2014-06-02 16:27 - 00000000 ____D () C:\Program Files\Right Backup

2014-06-02 16:05 - 2014-06-02 16:26 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-02 15:47 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak

2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft

==================== One Month Modified Files and Folders =======

2014-06-07 09:23 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev\AppData\Local\Temp

2014-06-07 09:22 - 2014-06-07 09:22 - 00000000 ____D () C:\FRST

2014-06-07 09:20 - 2006-11-02 11:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-07 09:18 - 2013-09-12 10:10 - 00001356 _____ () C:\Users\kev\AppData\Local\d3d9caps.dat

2014-06-07 09:14 - 2013-09-19 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Basic PAYE Tools - Real Time Information

2014-06-07 09:14 - 2013-08-14 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-06-07 09:14 - 2013-06-12 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects

2014-06-07 09:14 - 2013-06-12 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak

2014-06-07 09:14 - 2013-06-12 10:13 - 00000000 ____D () C:\ProgramData\Kodak

2014-06-07 09:14 - 2013-01-29 14:58 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-06-07 09:14 - 2010-03-06 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0

2014-06-07 09:14 - 2009-06-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-06-07 09:14 - 2009-06-09 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-06-07 09:14 - 2009-02-17 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2 Viewer

2014-06-07 09:14 - 2009-02-17 20:44 - 00000000 ____D () C:\timidity

2014-06-07 09:14 - 2009-02-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2

2014-06-07 09:14 - 2009-02-04 18:37 - 00000000 ____D () C:\Windows\system32\Drivers\Avg

2014-06-07 09:14 - 2009-01-21 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts

2014-06-07 09:14 - 2009-01-20 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage

2014-06-07 09:14 - 2009-01-20 13:25 - 00000000 ____D () C:\SFW

2014-06-07 09:14 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev

2014-06-07 09:14 - 2009-01-14 18:19 - 00000000 ____D () C:\DELL

2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2014-06-07 09:14 - 2009-01-14 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe

2014-06-07 09:14 - 2009-01-14 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE

2014-06-07 09:14 - 2009-01-14 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

2014-06-07 09:14 - 2009-01-14 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

2014-06-07 09:14 - 2006-11-02 13:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache

2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration

2014-06-07 09:14 - 2006-11-02 11:22 - 50593792 _____ () C:\Windows\system32\config\system_previous

2014-06-07 09:14 - 2006-11-02 11:22 - 34340864 _____ () C:\Windows\system32\config\software_previous

2014-06-07 09:14 - 2006-11-02 11:22 - 33816576 _____ () C:\Windows\system32\config\components_previous

2014-06-07 09:14 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous

2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-06-07 09:02 - 2009-01-14 10:40 - 01755199 _____ () C:\Windows\WindowsUpdate.log

2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000

2014-06-07 08:54 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-07 08:54 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-02 20:48 - 2014-06-02 17:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer

2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer

2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft

2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics

2014-06-02 17:07 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Lavasoft

2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp

2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-06-02 16:47 - 2014-06-02 16:46 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu

2014-06-02 16:47 - 2014-06-02 16:45 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu

2014-06-02 16:47 - 2014-06-02 16:45 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu

2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt

2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager

2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup

2014-06-02 16:27 - 2014-06-02 16:25 - 00000000 ____D () C:\Program Files\Right Backup

2014-06-02 16:27 - 2014-06-02 15:47 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak

2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp

2014-06-02 16:26 - 2014-06-02 16:05 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-05-17 11:03 - 2013-01-25 12:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-17 11:03 - 2013-01-25 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-17 11:03 - 2013-01-25 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-17 10:44 - 2010-10-28 19:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00.job

2014-05-17 10:44 - 2010-02-28 18:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-17 10:33 - 2013-06-03 18:51 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-05-17 10:32 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-10 09:24 - 2014-06-02 20:02 - 00000229 _____ () C:\Users\Public\Desktop\LionSea Software.url

2014-05-08 19:41 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:

====================

C:\Users\kev\AppData\Local\Temp\gcdwefdy.dll

C:\Users\kev\AppData\Local\Temp\qexi0k7c.dll

C:\Users\kev\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\kev\AppData\Local\Temp\yo_96oov.dll

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-06-04 12:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014

Ran by kev at 2014-06-07 09:23:38

Running from C:\Users\kev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP45HOIW

Boot Mode: Safe Mode (with Networking)

==========================================================

 

==================== Security Center ========================

AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)

aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden

aioscnnr (Version: 5.8.10.0 - Your Company Name) Hidden

aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden

Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )

AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version: - AVG Technologies)

AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.0.443 - AVG Technologies)

Basic PAYE Tools (HKLM\...\Basic PAYE Tools - Real Time Information) (Version: 14.0.14063.106 - HM Revenue & Customs)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

Box Edit (HKLM\...\{0AEBC85C-11F1-4106-8A14-AF3B7FFD9357}) (Version: 1.1.44 - Box)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden

Catalyst Control Center Core Implementation (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2008.0512.1133.18639 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2008.0512.1133.18639 - ATI) Hidden

CCC Help Chinese Standard (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help English (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help French (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help German (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Hungarian (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Italian (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Japanese (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Korean (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Portuguese (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Spanish (Version: 2008.0512.1132.18639 - ATI) Hidden

CCC Help Turkish (Version: 2008.0512.1132.18639 - ATI) Hidden

ccc-core-static (Version: 2008.0512.1133.18639 - ATI) Hidden

ccc-utility (Version: 2008.0512.1133.18639 - ATI) Hidden

center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0023 - Dell, Inc.)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )

essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )

Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)

Intel® PRO Network Connections 12.1.11.0 (Version: - Intel) Hidden

Internet From BT (HKLM\...\{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}) (Version: - )

iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)

Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)

Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden

KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)

ksDIP (Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Excel 97 (HKLM\...\Excel) (Version: - )

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Word 97 (HKLM\...\Word8.0) (Version: - )

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

NoteWorthy Composer 2 (HKLM\...\NoteWorthy Composer 2) (Version: Demo Version 2.0 - Noteworthy Software, Inc.)

NoteWorthy Composer 2 Viewer (HKLM\...\NoteWorthy Composer 2 Viewer) (Version: Version 2.0 - NoteWorthy Software, Inc.)

ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden

PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden

PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)

QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)

Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.8.0 - Ralink)

Rapport (Version: 3.5.1304.15 - Trusteer) Hidden

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )

Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden

Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden

Sage Accounts (HKLM\...\InstallShield_{5A550F87-B414-11D6-B627-00E029396FF8}) (Version: 9.00.0024 - Sage (UK) Ltd)

Sage Line 50 (HKLM\...\Sage Line 50) (Version: - )

Sage MIS 3.01 (HKLM\...\Sage MIS 3.01) (Version: - )

SageAcc (Version: 9.00.0024 - Sage (UK) Ltd) Hidden

Skins (Version: 2008.0512.1133.18639 - ATI) Hidden

Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1304.15 - Trusteer)

U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

==================== Restore Points =========================

15-01-2014 09:32:12 Scheduled Checkpoint

18-01-2014 15:48:39 Avg Update

20-01-2014 17:24:09 Scheduled Checkpoint

30-01-2014 17:32:02 Avg Update

31-01-2014 12:59:09 Scheduled Checkpoint

04-02-2014 13:58:17 Scheduled Checkpoint

14-02-2014 09:55:48 Avg Update

18-02-2014 08:42:59 Scheduled Checkpoint

19-02-2014 17:43:09 Scheduled Checkpoint

23-02-2014 13:19:28 Scheduled Checkpoint

25-02-2014 15:58:15 Scheduled Checkpoint

26-02-2014 08:31:43 Scheduled Checkpoint

27-02-2014 17:57:08 Scheduled Checkpoint

03-03-2014 10:39:42 Scheduled Checkpoint

06-03-2014 19:37:00 Avg Update

07-03-2014 13:41:14 Scheduled Checkpoint

18-03-2014 18:07:56 Scheduled Checkpoint

21-03-2014 17:42:23 Scheduled Checkpoint

04-04-2014 17:23:23 Scheduled Checkpoint

07-04-2014 13:35:22 Scheduled Checkpoint

20-04-2014 11:53:31 Scheduled Checkpoint

25-04-2014 21:05:42 Scheduled Checkpoint

28-04-2014 17:15:22 Scheduled Checkpoint

01-05-2014 10:17:55 Scheduled Checkpoint

17-05-2014 10:38:39 Scheduled Checkpoint

17-05-2014 16:36:58 Installed Rapport

20-05-2014 15:10:39 Scheduled Checkpoint

28-05-2014 10:50:24 Scheduled Checkpoint

02-06-2014 15:06:49 RegClean Pro Mon, Jun 02, 14 16:06

02-06-2014 15:40:18 Installed Microsoft Download Manager

02-06-2014 15:48:12 Windows Update

02-06-2014 15:58:23 AA11

02-06-2014 16:03:30 AA11

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1D7A0A3B-8896-40E7-82D5-6B1C5E903457} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)

Task: {2D1E757D-CC6D-4EB5-9C23-C2F05156A47F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {50DE7488-904F-4B55-BD08-C786AA95B246} - System32\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)

Task: {631C42F4-EEAB-41B4-B500-65B4E6E476FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)

Task: {7DF46672-32D8-4F66-9E3D-00BE6FBB8F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries

Task: {E168B7B8-04F8-4223-A9C1-E0279F962ACF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)

Task: {E3F43EAF-1FBC-41C1-ABF2-9340823B4053} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4B6ABD10-C201-4FB1-99FA-6B6F5C34B2A6}.exe

Task: {E486CFB7-C857-409E-BB1D-58AE52EBEA7F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kev => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4B6ABD10-C201-4FB1-99FA-6B6F5C34B2A6}.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

 

==================== Alternate Data Streams (whitelisted) =========

 

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

 

==================== Disabled items from MSCONFIG ==============

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (06/07/2014 09:17:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:16:24 AM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2014 09:02:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:01:21 AM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2014 09:01:12 AM) (Source: profsvc) (EventID: 1505) (User: kev-PC)

Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Access is denied.

Error: (06/07/2014 08:57:01 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

DETAIL - The system cannot find the file specified.

Error: (06/07/2014 08:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:56:03 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

DETAIL - The system cannot find the file specified.

Error: (06/07/2014 08:55:47 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

DETAIL - The system cannot find the file specified.

Error: (06/07/2014 08:55:00 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

DETAIL - Access is denied.

 

System errors:

=============

Error: (06/07/2014 09:17:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: AvgLdx86

AvgMfx86

RapportKELL

spldr

Wanarpv6

Error: (06/07/2014 09:17:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Computer BrowserServer%%1068

Error: (06/07/2014 09:16:38 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/07/2014 09:16:27 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/07/2014 09:16:25 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/07/2014 09:16:24 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/07/2014 09:16:13 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/07/2014 09:02:14 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/07/2014 09:02:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/07/2014 09:02:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Microsoft Office Sessions:

=========================

Error: (06/07/2014 09:17:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:16:24 AM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2014 09:02:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:01:21 AM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2014 09:01:12 AM) (Source: profsvc) (EventID: 1505) (User: kev-PC)

Description: Access is denied.

Error: (06/07/2014 08:57:01 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: The system cannot find the file specified.

Error: (06/07/2014 08:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:56:03 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: The system cannot find the file specified.

Error: (06/07/2014 08:55:47 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: The system cannot find the file specified.

Error: (06/07/2014 08:55:00 AM) (Source: profsvc) (EventID: 1500) (User: kev-PC)

Description: Access is denied.

 

CodeIntegrity Errors:

===================================

Date: 2014-06-07 09:23:20.027

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.949

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.856

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.762

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.622

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.544

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.450

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.372

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.185

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-07 09:23:19.044

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys because the set of per-page image hashes could not be found on the system.

 

==================== Memory info ===========================

Percentage of memory in use: 22%

Total physical RAM: 3069.45 MB

Available physical RAM: 2391.78 MB

Total Pagefile: 6339.89 MB

Available Pagefile: 5843.77 MB

Total Virtual: 2047.88 MB

Available Virtual: 1929.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.09 GB) (Free:445.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:9.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: E8000000)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=586 GB) - (Type=07 NTFS)

==================== End Of Log ============================


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 07 June 2014 - 03:41 PM

Hi,

 

Please can you answer the following:-

 

Why are you booted in safe mode?
Can you boot into normal mode?
Why have you been running system restore?
This is a business machine? do you have an IT DEPT? Do you have permission to fix this machine?

 

 

Thank you


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 June 2014 - 03:20 AM

Thanks Speedy,

Booted in safemode after virus was detected as a precausion not sure if this helps though I can boot in normal mode

Have previously ran system restore as my login profile was not recognised. System restore recovered this. Virus was detected, after downloading AD-AWARE Software on 2/6/14. Then next day windows login profile not recognised.

This was formerly a business machine. When I left the company the machine passed to me for personal use. I do not have an IT dept. and am free to do what ever necessary with the PC.

hope all that helps and that I am w posting to the correct destination



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 08 June 2014 - 11:15 AM

Hi Daidaft

please boot up in Normal mode.

Step 1

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

AVG Security Toolbar
AVG Secure search
Dell Browser Address Error Redirector


Step 2



Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Edited by seedy21, 08 June 2014 - 03:09 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 June 2014 - 01:01 PM

from normal mode......

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by kev (administrator) on KEV-PC on 08-06-2014 18:55:00
Running from C:\Users\kev\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Box) C:\Users\kev\AppData\Local\Box Edit\Box Edit.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files\Microsoft Office\Office\OSA.EXE
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgscanx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1745648 2008-11-03] ()
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2013-01-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [Box Edit] => C:\Users\kev\AppData\Local\Box Edit\Box Edit.exe [457912 2013-01-07] (Box)
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-14] (Google Inc.)
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\MountPoints2: {c042bef3-3180-11de-95ad-00217020abcd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2927104 2008-10-29] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: AVGRSSTX.DLL => C:\Windows\system32\AVGRSSTX.DLL [12536 2010-07-26] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\kev\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/?gws_rd=cr&ei=uzE3Uue-D4WThQfTkoHwBw
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3090114
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8812-90&apn_uid=0614546223064900&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b9262e9&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: box.com/BoxEdit - C:\Users\kev\AppData\Local\Box Edit\npBoxEdit.dll (Box)

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-26] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-26] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-29] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2013-01-25] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-12] (AVG Technologies CZ, s.r.o.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-06-07] ()
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-11] (Realtek Semiconductor Corporation                           )
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-08 18:55 - 2014-06-08 18:55 - 00014014 _____ () C:\Users\kev\Desktop\FRST.txt
2014-06-08 18:53 - 2014-06-08 18:54 - 01063424 _____ (Farbar) C:\Users\kev\Desktop\FRST.exe
2014-06-07 09:36 - 2014-06-07 09:36 - 00035262 _____ () C:\Windows\kev.acl
2014-06-07 09:22 - 2014-06-08 18:55 - 00000000 ____D () C:\FRST
2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000
2014-06-07 08:54 - 2013-01-29 10:43 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Trusteer
2014-06-07 08:54 - 2006-11-02 11:23 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Temp
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer
2014-06-02 20:02 - 2014-05-10 09:24 - 00000229 _____ () C:\Users\Public\Desktop\LionSea Software.url
2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft
2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics
2014-06-02 17:06 - 2014-06-02 20:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-02 17:06 - 2014-06-02 17:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-02 16:46 - 2014-06-02 16:47 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu
2014-06-02 16:45 - 2014-06-02 16:47 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu
2014-06-02 16:45 - 2014-06-02 16:47 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu
2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt
2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager
2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup
2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp
2014-06-02 16:25 - 2014-06-02 16:27 - 00000000 ____D () C:\Program Files\Right Backup
2014-06-02 16:05 - 2014-06-02 16:26 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 15:47 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak
2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft

==================== One Month Modified Files and Folders =======

2014-06-08 18:57 - 2014-06-08 18:55 - 00014014 _____ () C:\Users\kev\Desktop\FRST.txt
2014-06-08 18:57 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev\AppData\Local\Temp
2014-06-08 18:55 - 2014-06-07 09:22 - 00000000 ____D () C:\FRST
2014-06-08 18:54 - 2014-06-08 18:53 - 01063424 _____ (Farbar) C:\Users\kev\Desktop\FRST.exe
2014-06-08 18:47 - 2009-01-14 10:56 - 00000000 ____D () C:\Program Files\Dell
2014-06-08 18:44 - 2010-02-28 18:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 18:43 - 2006-11-02 11:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 18:41 - 2009-02-04 18:37 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-06-08 18:38 - 2009-01-14 10:40 - 01772456 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 18:37 - 2013-06-12 10:13 - 00000000 ____D () C:\ProgramData\Kodak
2014-06-08 18:36 - 2013-06-03 18:51 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-08 18:36 - 2010-10-28 19:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00.job
2014-06-08 18:36 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 18:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 18:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 09:22 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-08 09:01 - 2013-01-25 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 17:19 - 2013-08-14 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-06-07 09:36 - 2014-06-07 09:36 - 00035262 _____ () C:\Windows\kev.acl
2014-06-07 09:18 - 2013-09-12 10:10 - 00001356 _____ () C:\Users\kev\AppData\Local\d3d9caps.dat
2014-06-07 09:14 - 2013-09-19 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Basic PAYE Tools - Real Time Information
2014-06-07 09:14 - 2013-06-12 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2014-06-07 09:14 - 2013-06-12 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2014-06-07 09:14 - 2010-03-06 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
2014-06-07 09:14 - 2009-06-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 09:14 - 2009-06-09 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-07 09:14 - 2009-02-17 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2 Viewer
2014-06-07 09:14 - 2009-02-17 20:44 - 00000000 ____D () C:\timidity
2014-06-07 09:14 - 2009-02-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2
2014-06-07 09:14 - 2009-01-21 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2014-06-07 09:14 - 2009-01-20 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage
2014-06-07 09:14 - 2009-01-20 13:25 - 00000000 ____D () C:\SFW
2014-06-07 09:14 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev
2014-06-07 09:14 - 2009-01-14 18:19 - 00000000 ____D () C:\DELL
2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-07 09:14 - 2009-01-14 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-06-07 09:14 - 2009-01-14 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE
2014-06-07 09:14 - 2009-01-14 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-06-07 09:14 - 2009-01-14 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-07 09:14 - 2006-11-02 13:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-06-07 09:14 - 2006-11-02 11:22 - 50593792 _____ () C:\Windows\system32\config\system_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 34340864 _____ () C:\Windows\system32\config\software_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 33816576 _____ () C:\Windows\system32\config\components_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000
2014-06-02 20:48 - 2014-06-02 17:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer
2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft
2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics
2014-06-02 17:07 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-02 16:47 - 2014-06-02 16:46 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu
2014-06-02 16:47 - 2014-06-02 16:45 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu
2014-06-02 16:47 - 2014-06-02 16:45 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu
2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt
2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager
2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup
2014-06-02 16:27 - 2014-06-02 16:25 - 00000000 ____D () C:\Program Files\Right Backup
2014-06-02 16:27 - 2014-06-02 15:47 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak
2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp
2014-06-02 16:26 - 2014-06-02 16:05 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-17 11:03 - 2013-01-25 12:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-17 11:03 - 2013-01-25 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 09:24 - 2014-06-02 20:02 - 00000229 _____ () C:\Users\Public\Desktop\LionSea Software.url

Some content of TEMP:
====================
C:\Users\kev\AppData\Local\Temp\gcdwefdy.dll
C:\Users\kev\AppData\Local\Temp\qexi0k7c.dll
C:\Users\kev\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\kev\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\kev\AppData\Local\Temp\yo_96oov.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-06-08 18:42

==================== End Of Log ============================



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 09 June 2014 - 02:59 PM

Hi Daidaft

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\MountPoints2: {c042bef3-3180-11de-95ad-00217020abcd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2927104 2008-10-29] (Microsoft Corporation) <==== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8812-90&apn_uid=0614546223064900&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b9262e9&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
c:\program files\music toolbar\
C:\Users\kev\AppData\Local\Temp\gcdwefdy.dll
C:\Users\kev\AppData\Local\Temp\qexi0k7c.dll
C:\Users\kev\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\kev\AppData\Local\Temp\yo_96oov.dll
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 60 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 60".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86'offline or 'Windows x64.exe' (depending on whether you are running a 32 or 64 bit system) from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

Step 3
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 10 June 2014 - 10:51 AM

run fix, many thanks here are the requested files:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 03
Ran by kev at 2014-06-10 14:47:11 Run:1
Running from C:\Users\kev\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\MountPoints2: {c042bef3-3180-11de-95ad-00217020abcd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2927104 2008-10-29] (Microsoft Corporation) <==== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8812-90&apn_uid=0614546223064900&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b9262e9&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
c:\program files\music toolbar\
C:\Users\kev\AppData\Local\Temp\gcdwefdy.dll
C:\Users\kev\AppData\Local\Temp\qexi0k7c.dll
C:\Users\kev\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\kev\AppData\Local\Temp\yo_96oov.dll
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => value deleted successfully.
AVG Security Toolbar Service => Service deleted successfully.
'HKU\S-1-5-21-728852706-401746398-1283374541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c042bef3-3180-11de-95ad-00217020abcd}' => Key deleted successfully.
'HKCR\CLSID\{c042bef3-3180-11de-95ad-00217020abcd}'=> Key not found.
HKU\S-1-5-21-728852706-401746398-1283374541-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} => value deleted successfully.
'HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
'HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}' => Key deleted successfully.
'HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin'=> Key not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll not found.
"c:\program files\music toolbar" => File/Directory not found.
C:\Users\kev\AppData\Local\Temp\gcdwefdy.dll => Moved successfully.
C:\Users\kev\AppData\Local\Temp\qexi0k7c.dll => Moved successfully.
C:\Users\kev\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\kev\AppData\Local\Temp\yo_96oov.dll => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/06/2014
Scan Time: 16:08:39
Logfile: malware..txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: kev

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364584
Time Elapsed: 19 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 11 June 2014 - 02:07 AM


Hi Daidaft

Can you tell me if Ad-Aware still detects the win32/Zperm virus?

Step 1

We need to re-run FRST

 

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 12 June 2014 - 05:07 AM

Hi Speedy here are the logs:-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by kev (administrator) on KEV-PC on 12-06-2014 09:28:26
Running from C:\Users\kev\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Box) C:\Users\kev\AppData\Local\Box Edit\Box Edit.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files\Microsoft Office\Office\OSA.EXE
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1745648 2008-11-03] ()
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [292136 2009-06-05] (Apple Inc.)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2013-01-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [Box Edit] => C:\Users\kev\AppData\Local\Box Edit\Box Edit.exe [457912 2013-01-07] (Box)
HKU\S-1-5-21-728852706-401746398-1283374541-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-14] (Google Inc.)
AppInit_DLLs: AVGRSSTX.DLL => C:\Windows\system32\AVGRSSTX.DLL [12536 2010-07-26] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\kev\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/?gws_rd=cr&ei=uzE3Uue-D4WThQfTkoHwBw
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3090114
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: box.com/BoxEdit - C:\Users\kev\AppData\Local\Box Edit\npBoxEdit.dll (Box)

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-26] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-26] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-29] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2013-01-25] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-06-07] ()
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-11] (Realtek Semiconductor Corporation                           )
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-12 09:05 - 2014-06-12 09:05 - 03327000 _____ () C:\Users\kev\Desktop\WindowsXP-KB942288-v3-x86.exe
2014-06-12 08:58 - 2014-06-12 08:58 - 01707144 _____ () C:\Users\kev\Desktop\Adaware_Installer.exe
2014-06-10 16:48 - 2014-06-10 16:48 - 00001060 _____ () C:\Users\kev\Documents\malware..txt
2014-06-10 15:46 - 2014-06-12 09:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 15:45 - 2014-06-10 15:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 15:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 15:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 15:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 15:41 - 2014-06-10 15:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kev\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-10 15:36 - 2014-06-10 15:36 - 00000000 ____D () C:\Users\kev\AppData\Local\Stardock_Corporation
2014-06-10 15:27 - 2014-06-10 15:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Oracle
2014-06-10 15:26 - 2014-06-10 15:26 - 00000000 ____D () C:\Windows\Sun
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-10 15:24 - 2014-06-10 15:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:59 - 2014-06-10 14:59 - 29405096 _____ (Oracle Corporation) C:\Users\kev\Desktop\jre-7u60-windows-i586.exe
2014-06-10 14:46 - 2014-06-12 09:26 - 00000000 ____D () C:\Users\kev\Desktop\FRST-OlderVersion
2014-06-08 18:55 - 2014-06-12 09:28 - 00013048 _____ () C:\Users\kev\Desktop\FRST.txt
2014-06-08 18:53 - 2014-06-12 09:26 - 01073152 _____ (Farbar) C:\Users\kev\Desktop\FRST.exe
2014-06-07 09:36 - 2014-06-07 09:36 - 00035262 _____ () C:\Windows\kev.acl
2014-06-07 09:22 - 2014-06-12 09:28 - 00000000 ____D () C:\FRST
2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000
2014-06-07 08:54 - 2013-01-29 10:43 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Trusteer
2014-06-07 08:54 - 2006-11-02 11:23 - 00000000 ____D () C:\Users\TEMP.kev-PC.000\AppData\Local\Temp
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer
2014-06-02 20:02 - 2014-05-10 09:24 - 00000229 _____ () C:\Users\Public\Desktop\LionSea Software.url
2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft
2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics
2014-06-02 17:06 - 2014-06-02 20:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-02 17:06 - 2014-06-02 17:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-02 16:46 - 2014-06-02 16:47 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu
2014-06-02 16:45 - 2014-06-02 16:47 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu
2014-06-02 16:45 - 2014-06-02 16:47 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu
2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt
2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager
2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup
2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp
2014-06-02 16:25 - 2014-06-02 16:27 - 00000000 ____D () C:\Program Files\Right Backup
2014-06-02 16:05 - 2014-06-02 16:26 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 15:47 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak
2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft

==================== One Month Modified Files and Folders =======

2014-06-12 09:28 - 2014-06-08 18:55 - 00013048 _____ () C:\Users\kev\Desktop\FRST.txt
2014-06-12 09:28 - 2014-06-07 09:22 - 00000000 ____D () C:\FRST
2014-06-12 09:28 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev\AppData\Local\Temp
2014-06-12 09:26 - 2014-06-10 14:46 - 00000000 ____D () C:\Users\kev\Desktop\FRST-OlderVersion
2014-06-12 09:26 - 2014-06-08 18:53 - 01073152 _____ (Farbar) C:\Users\kev\Desktop\FRST.exe
2014-06-12 09:18 - 2006-11-02 11:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 09:16 - 2009-01-14 10:40 - 01816423 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 09:14 - 2014-06-10 15:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 09:12 - 2013-06-12 10:13 - 00000000 ____D () C:\ProgramData\Kodak
2014-06-12 09:12 - 2010-10-28 19:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00.job
2014-06-12 09:12 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 09:12 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 09:12 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 09:10 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 09:05 - 2014-06-12 09:05 - 03327000 _____ () C:\Users\kev\Desktop\WindowsXP-KB942288-v3-x86.exe
2014-06-12 09:01 - 2013-01-25 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 08:58 - 2014-06-12 08:58 - 01707144 _____ () C:\Users\kev\Desktop\Adaware_Installer.exe
2014-06-12 08:45 - 2009-02-04 18:37 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-06-12 08:44 - 2010-02-28 18:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 08:40 - 2008-01-21 03:47 - 00040908 _____ () C:\Windows\PFRO.log
2014-06-10 17:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tapi
2014-06-10 16:48 - 2014-06-10 16:48 - 00001060 _____ () C:\Users\kev\Documents\malware..txt
2014-06-10 15:45 - 2014-06-10 15:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 15:41 - 2014-06-10 15:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kev\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-10 15:36 - 2014-06-10 15:36 - 00000000 ____D () C:\Users\kev\AppData\Local\Stardock_Corporation
2014-06-10 15:27 - 2014-06-10 15:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Oracle
2014-06-10 15:26 - 2014-06-10 15:26 - 00000000 ____D () C:\Windows\Sun
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 15:25 - 2014-06-10 15:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-10 15:23 - 2014-06-10 15:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 15:23 - 2009-01-14 10:50 - 00000000 ____D () C:\Program Files\Java
2014-06-10 15:05 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-06-10 14:59 - 2014-06-10 14:59 - 29405096 _____ (Oracle Corporation) C:\Users\kev\Desktop\jre-7u60-windows-i586.exe
2014-06-08 18:47 - 2009-01-14 10:56 - 00000000 ____D () C:\Program Files\Dell
2014-06-07 17:19 - 2013-08-14 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-06-07 09:36 - 2014-06-07 09:36 - 00035262 _____ () C:\Windows\kev.acl
2014-06-07 09:18 - 2013-09-12 10:10 - 00001356 _____ () C:\Users\kev\AppData\Local\d3d9caps.dat
2014-06-07 09:14 - 2013-09-19 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Basic PAYE Tools - Real Time Information
2014-06-07 09:14 - 2013-06-12 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2014-06-07 09:14 - 2013-06-12 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2014-06-07 09:14 - 2010-03-06 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
2014-06-07 09:14 - 2009-06-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 09:14 - 2009-06-09 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-07 09:14 - 2009-02-17 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2 Viewer
2014-06-07 09:14 - 2009-02-17 20:44 - 00000000 ____D () C:\timidity
2014-06-07 09:14 - 2009-02-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2
2014-06-07 09:14 - 2009-01-21 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2014-06-07 09:14 - 2009-01-20 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage
2014-06-07 09:14 - 2009-01-20 13:25 - 00000000 ____D () C:\SFW
2014-06-07 09:14 - 2009-01-19 16:20 - 00000000 ____D () C:\Users\kev
2014-06-07 09:14 - 2009-01-14 18:19 - 00000000 ____D () C:\DELL
2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2014-06-07 09:14 - 2009-01-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-07 09:14 - 2009-01-14 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-06-07 09:14 - 2009-01-14 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE
2014-06-07 09:14 - 2009-01-14 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-06-07 09:14 - 2009-01-14 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-07 09:14 - 2006-11-02 13:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-06-07 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-06-07 09:14 - 2006-11-02 11:22 - 50593792 _____ () C:\Windows\system32\config\system_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 34340864 _____ () C:\Windows\system32\config\software_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 33816576 _____ () C:\Windows\system32\config\components_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-06-07 09:14 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-06-07 08:54 - 2014-06-07 08:54 - 00000000 ____D () C:\Users\TEMP.kev-PC.000
2014-06-02 20:48 - 2014-06-02 17:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2014-06-02 20:02 - 2014-06-02 20:02 - 00000000 ____D () C:\Program Files\SmartPCFixer
2014-06-02 18:27 - 2014-06-02 18:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\Lavasoft
2014-06-02 17:49 - 2014-06-02 17:49 - 00000000 ____D () C:\Users\kev\AppData\Roaming\LavasoftStatistics
2014-06-02 17:07 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Users\kev\AppData\Local\adawarebp
2014-06-02 17:06 - 2014-06-02 17:06 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-02 16:47 - 2014-06-02 16:46 - 01768236 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x86(1).msu
2014-06-02 16:47 - 2014-06-02 16:45 - 03589956 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-ia64(1).msu
2014-06-02 16:47 - 2014-06-02 16:45 - 03086960 _____ () C:\Users\kev\Downloads\Windows6.0-KB942288-v2-x64(1).msu
2014-06-02 16:41 - 2014-06-02 16:41 - 00001790 _____ () C:\Users\kev\Downloads\redist.txt
2014-06-02 16:40 - 2014-06-02 16:40 - 00000000 ____D () C:\Program Files\Microsoft Download Manager
2014-06-02 16:27 - 2014-06-02 16:27 - 00000000 ____D () C:\Users\kev\AppData\Roaming\rightbackup
2014-06-02 16:27 - 2014-06-02 16:25 - 00000000 ____D () C:\Program Files\Right Backup
2014-06-02 16:27 - 2014-06-02 15:47 - 00000000 ____D () C:\Users\kev\AppData\Roaming\systweak
2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ____D () C:\rbtemp
2014-06-02 16:26 - 2014-06-02 16:05 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 15:44 - 2014-06-02 15:44 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-17 11:03 - 2013-01-25 12:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-17 11:03 - 2013-01-25 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\kev\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-12 09:20

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014
Ran by kev at 2014-06-12 09:29:00
Running from C:\Users\kev\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
Basic PAYE Tools (HKLM\...\Basic PAYE Tools - Real Time Information) (Version: 14.0.14063.106 - HM Revenue & Customs)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Box Edit (HKLM\...\{0AEBC85C-11F1-4106-8A14-AF3B7FFD9357}) (Version: 1.1.44 - Box)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0512.1133.18639 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help English (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help French (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help German (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Italian (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Japanese (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Korean (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Spanish (Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Turkish (Version: 2008.0512.1132.18639 - ATI) Hidden
ccc-core-static (Version: 2008.0512.1133.18639 - ATI) Hidden
ccc-utility (Version: 2008.0512.1133.18639 - ATI) Hidden
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0023 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Internet From BT (HKLM\...\{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}) (Version:  - )
iTunes (HKLM\...\{5D601655-6D54-4384-B52C-17EC5385FBBD}) (Version: 8.2.0.23 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Excel 97 (HKLM\...\Excel) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Word 97 (HKLM\...\Word8.0) (Version:  - )
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
NoteWorthy Composer 2 (HKLM\...\NoteWorthy Composer 2) (Version: Demo Version 2.0 - Noteworthy Software, Inc.)
NoteWorthy Composer 2 Viewer (HKLM\...\NoteWorthy Composer 2 Viewer) (Version: Version 2.0 - NoteWorthy Software, Inc.)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.8.0 - Ralink)
Rapport (Version: 3.5.1307.76 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Sage Accounts (HKLM\...\InstallShield_{5A550F87-B414-11D6-B627-00E029396FF8}) (Version: 9.00.0024 - Sage (UK) Ltd)
Sage Line 50 (HKLM\...\Sage Line 50) (Version:  - )
Sage MIS 3.01 (HKLM\...\Sage MIS 3.01) (Version:  - )
SageAcc (Version: 9.00.0024 - Sage (UK) Ltd) Hidden
Skins (Version: 2008.0512.1133.18639 - ATI) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

==================== Restore Points  =========================

18-01-2014 15:48:39 Avg Update
20-01-2014 17:24:09 Scheduled Checkpoint
30-01-2014 17:32:02 Avg Update
31-01-2014 12:59:09 Scheduled Checkpoint
04-02-2014 13:58:17 Scheduled Checkpoint
14-02-2014 09:55:48 Avg Update
18-02-2014 08:42:59 Scheduled Checkpoint
19-02-2014 17:43:09 Scheduled Checkpoint
23-02-2014 13:19:28 Scheduled Checkpoint
25-02-2014 15:58:15 Scheduled Checkpoint
26-02-2014 08:31:43 Scheduled Checkpoint
27-02-2014 17:57:08 Scheduled Checkpoint
03-03-2014 10:39:42 Scheduled Checkpoint
06-03-2014 19:37:00 Avg Update
07-03-2014 13:41:14 Scheduled Checkpoint
18-03-2014 18:07:56 Scheduled Checkpoint
21-03-2014 17:42:23 Scheduled Checkpoint
04-04-2014 17:23:23 Scheduled Checkpoint
07-04-2014 13:35:22 Scheduled Checkpoint
20-04-2014 11:53:31 Scheduled Checkpoint
25-04-2014 21:05:42 Scheduled Checkpoint
28-04-2014 17:15:22 Scheduled Checkpoint
01-05-2014 10:17:55 Scheduled Checkpoint
17-05-2014 10:38:39 Scheduled Checkpoint
17-05-2014 16:36:58 Installed Rapport
20-05-2014 15:10:39 Scheduled Checkpoint
28-05-2014 10:50:24 Scheduled Checkpoint
02-06-2014 15:06:49 RegClean Pro Mon, Jun 02, 14  16:06
02-06-2014 15:40:18 Installed Microsoft Download Manager
02-06-2014 15:48:12 Windows Update
02-06-2014 15:58:23 AA11
02-06-2014 16:03:30 AA11
07-06-2014 16:17:26 Installed Rapport
07-06-2014 16:23:13 Avg Update
08-06-2014 17:44:20 Removed Browser Address Error Redirector.
10-06-2014 14:01:53 Removed Java™ 6 Update 7
10-06-2014 14:21:38 Installed Java 7 Update 60

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D7A0A3B-8896-40E7-82D5-6B1C5E903457} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {2D1E757D-CC6D-4EB5-9C23-C2F05156A47F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {50DE7488-904F-4B55-BD08-C786AA95B246} - System32\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)
Task: {631C42F4-EEAB-41B4-B500-65B4E6E476FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)
Task: {7DF46672-32D8-4F66-9E3D-00BE6FBB8F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {95C66F42-CEE8-4E8A-8B94-ED454B50F18F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kev => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E168B7B8-04F8-4223-A9C1-E0279F962ACF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)
Task: {E3F43EAF-1FBC-41C1-ABF2-9340823B4053} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4B6ABD10-C201-4FB1-99FA-6B6F5C34B2A6}.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cb76ce22c85d00.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-11-03 10:54 - 2008-11-03 10:54 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll
2009-01-14 18:34 - 2008-06-13 12:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-11-03 10:54 - 2008-11-03 10:54 - 01745648 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2008-11-03 10:54 - 2008-11-03 10:54 - 00262384 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll
2008-11-03 10:54 - 2008-11-03 10:54 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
2008-11-03 10:54 - 2008-11-03 10:54 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll
2008-11-03 10:54 - 2008-11-03 10:54 - 00132336 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
1997-08-19 01:00 - 1997-08-19 01:00 - 00111376 _____ () C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
1997-08-19 01:00 - 1997-08-19 01:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
1997-08-19 01:00 - 1997-08-19 01:00 - 00051984 _____ () C:\Program Files\Microsoft Office\Office\OSA.EXE
2007-10-23 09:45 - 2007-10-23 09:45 - 01336632 _____ () C:\ProgramData\U3\U3Launcher\LaunchU3.exe
2011-06-27 16:43 - 2011-06-27 16:43 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\37fcf6436994c36769a13e2f60f5fe6f\VistaBridgeLibrary.ni.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 09:13:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 09:10:48 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/12/2014 08:42:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 05:48:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 05:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:33:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:27:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 03:18:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:02:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Security Toolbar Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/10/2014 02:33:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (06/12/2014 09:12:06 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/12/2014 08:40:56 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/10/2014 05:16:30 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/10/2014 03:32:03 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/10/2014 03:16:53 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/10/2014 02:32:12 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/08/2014 06:36:29 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/08/2014 08:54:34 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/07/2014 05:13:01 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/07/2014 09:17:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AvgLdx86
AvgMfx86
RapportKELL
spldr
Wanarpv6

Microsoft Office Sessions:
=========================
Error: (06/12/2014 09:13:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 09:10:48 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/12/2014 08:42:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 05:48:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 05:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:33:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:27:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 03:18:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:02:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Security Toolbar Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/10/2014 02:33:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-06-12 09:28:54.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:54.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:54.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:54.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:43.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:43.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:43.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:42.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:42.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 09:28:42.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3069.45 MB
Available physical RAM: 1789.79 MB
Total Pagefile: 6371.91 MB
Available Pagefile: 4795.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.08 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.09 GB) (Free:443.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:9.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: E8000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=586 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

and ESETSCANLOG:-

C:\Users\kev\From GNL Jan 2013\Lap Top Backup\Desktop\Kev Hughes\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

 

Have not been able to rerun Ad-aware yet. You may recall I rebooted system at start of threat.

Have tried to download Ad-aware software again but got error message:- "Windows Installer Lower 4.5"

so have also tried downloading windows installer 4.5 but on running download get message:- Extraction Failed - The requested operation required elevation.

not quite sure what to do to overcome this or if it is now necessary.
 



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 13 June 2014 - 03:35 PM

Hi Daidaft
 

Have tried to download Ad-aware software again but got error message:- "Windows Installer Lower 4.5"


OK, I hope your going to un-install AVG before installing Ad-aware. You shouldn't run more than one Anti-virus software on a machine at a time.

If your going to install Ad-aware, please right click the installer file and select Run as Administrator.


How is your machine now? Do you have any further issues?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 Daidaft

Daidaft
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 16 June 2014 - 01:53 AM

Hi Seedy21,

OK, I ll leave downloading Ad-aware now as everything appears to be working fine agan now. Many thanks for all your assistance.

Daidaft



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:24 PM

Posted 16 June 2014 - 12:27 PM

Hi Daidaft

Your logs look clean, If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :
Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.


    Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.
    Turn On Automatic Updates:


    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them



    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users