MoonPig

Sorry - went quiet on you - ran a full scan - nothing found except the items that we had quarantined. I have deleted those folders and had a tidy up. Windows update and everything seems to be working fine. Thanks so much - very much appreciated

No obvious problems. Seem to be able to browse ok now. Windows update is working too. :-)

getting there - thanks so much... Farbar Service Scanner Version: 23-11-2013 Ran by Simon Wright (administrator) on 04-12-2013 at 21:52:58 Running from "C:\Users\Simon Wright\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

Done - next log... Farbar Service Scanner Version: 23-11-2013 Ran by Simon Wright (administrator) on 04-12-2013 at 20:26:10 Running from "C:\Users\Simon Wright\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

FARBAR scan produced this... Farbar Service Scanner Version: 23-11-2013 Ran by Simon Wright (administrator) on 04-12-2013 at 13:17:56 Running from "C:\Users\Simon Wright\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist. Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist. Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

OTM ran - looks like it moved 2 .DSS files but it crashed. I left it overnight again as it was taking ages and come monrning it had crashed. 2 files moved were rlwew6jl.dss and t4a1nb4.dss Going to run the farbar part now...

All done - logs below... ESET Log.... C:\FRST\Quarantine\1346793773.exe Win32/PSW.Fareit.A trojan C:\FRST\Quarantine\ms504D9357.dat a variant of Win32/Kryptik.BQEU trojan C:\FRST\Quarantine\ms504DC32D.dat a variant of Win32/Kryptik.BQEU trojan C:\FRST\Quarantine\msmwahop.exe Win32/TrojanDownloader.Wauchos.X trojan C:\FRST\Quarantine\pn.exe Win32/PSW.Fareit.A trojan C:\FRST\Quarantine\rlwew6jl.dss a variant of Win32/Kryptik.BQEU trojan C:\FRST\Quarantine\t4a1nb4.dss a variant of Win32/Kryptik.BQEU trojan C:\Users\Simon Wright\AppData\Local\Temp\rlwew6jl.dss a variant of Win32/Kryptik.BQEU trojan C:\Users\Simon Wright\AppData\Local\Temp\t4a1nb4.dss a variant of Win32/Kryptik.BQEU Trojan SCREEN317 log below Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Scan is under way - already found some threats so will post those when it's finished. Windows update seems to be disabled at the moment too - tried to see what was available before your reply came in and it just tells me windows update cannot be started. MP

Hi got somewhat confused with which log is whish for MBAM - I've pasted below the one I think is the full scan where I clicked "fix". I've attached the other log files I have from MBAM in case these help. Since doing this I've done another full scan and nothing was found. Computer does seem to be running OK now but haven't done any browsing or anything on it yet (posting this from another PC) Ta Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.02.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Simon Wright :: SIMONWRIGHT-PC [administrator] 03/12/2013 00:15:17 MBAM-log-2013-12-03 (07-53-19).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 449825 Time elapsed: 3 hour(s), 29 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> No action taken. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken. HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. HKLM\SOFTWARE\DomaIQ (PUP.Optional.DomaIQ.A) -> No action taken. Registry Values Detected: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 5 C:\Users\Simon Wright\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files\AppGraffiti (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\Chrome (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> No action taken. C:\ProgramData\57833834 (Rogue.Multiple) -> No action taken. Files Detected: 18 C:\FRST\Quarantine\1l3dw3.dss (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\hdowjclf6j.dss (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\ms5046818E.dat (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\ms504D839B.dat (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\ms504DBD01.dat (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\ms504DFD81.dat (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\qoz8flii.dss (Trojan.FakeMS) -> No action taken. C:\FRST\Quarantine\rlz822g.dss (Trojan.FakeMS) -> No action taken. C:\Users\Simon Wright\Downloads\Setup.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Simon Wright\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\AppGraffiti64.dll (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\Chrome\graff_chr.crx (PUP.Optional.AppGraffiti.A) -> No action taken. C:\Program Files\AppGraffiti\Chrome\graff_chr.ver (PUP.Optional.AppGraffiti.A) -> No action taken. (end) mbam-log-2013-12-02 (23-42-38).txt mbam-log-2013-12-02 (23-43-11).txt mbam-log-2013-12-03 (00-15-17).txt MBAM-log-2013-12-03 (07-53-19).txt mbam-log-2013-12-03 (08-07-59).txt

Hi Kevin I hadn't re-booted. Did though and re-set MalwareBytes to do a full scan overnight - at work now but will post the logs created here later Thanks

OK - still up and first scan / fix finished - log below (bit big)... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2013 Ran by Simon Wright at 2013-12-02 22:50:24 Run:2 Running from C:\Users\Simon Wright\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms} SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www2.delta-se...40900FF18E76190 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...40900FF18E76190 SearchScopes: HKCU - {107E8020-3347-4917-A3E6-893DE3E4F458} URL = http://websearch.ask...64-D795A875D737 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...?q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://toolbar.inbox...id=80269&lng=en Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" cmd: netsh winsock reset CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 Winmgmt; C:\PROGRA~2\1l3dw3.dss [x] C:\PROGRA~2\1l3dw3.dss C:\Windows\system32\%APPDATA% C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install C:\Program Files\Google\Desktop\Install DeleteJunctionsIndirectory: C:\Program Files\Windows Defender DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client End ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{107E8020-3347-4917-A3E6-893DE3E4F458} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{107E8020-3347-4917-A3E6-893DE3E4F458} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= HKLM\SOFTWARE\Policies\Google => Key deleted successfully. Winmgmt => Service restored successfully. "C:\PROGRA~2\1l3dw3.dss" => File/Directory not found. C:\Windows\system32\%APPDATA% => Moved successfully. "C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" directory move: Could not move "C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot. "C:\Program Files\Google\Desktop\Install" directory move: Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\Antimalware" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\CleanUpPolicy.xml" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\eppmanifest.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\setup.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\setupres.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-02 23:28:24)<= C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install => Is moved successfully. C:\Program Files\Google\Desktop\Install => Is moved successfully. ==== End of Fixlog ====

yep - somewhat south of you though :-)

Scan / fix is running now but taking ages and it's getting late - I'll have check progress in the morning - thanks again for your help Kevin

that scan took a bit longer.... It did not seem to create "addition.txt" file - other log is below Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2013 Ran by Simon Wright (administrator) on SIMONWRIGHT-PC on 02-12-2013 22:20:25 Running from C:\Users\Simon Wright\Desktop Windows Vista Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.) HKLM\...\Run: [NDSTray.exe] - NDSTray.exe HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor) HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [PRISMSVR.EXE] - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe [295001 2004-07-02] (Conexant Systems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] () HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.) HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1 HKCU\...\Policies\Explorer: [HideSCAHealth] 1 MountPoints2: {27c17321-5ecb-11e0-9639-001e33a5e78d} - D:\autorun.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9574336305714136&q={searchTerms} SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=120518&babsrc=SP_ss&mntrId=540900FF18E76190 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=120518&babsrc=SP_ss&mntrId=540900FF18E76190 SearchScopes: HKCU - {107E8020-3347-4917-A3E6-893DE3E4F458} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=0C507988-2D67-416F-AD3F-A119B3BD51C0&apn_sauid=1C3DCF36-5B3F-4912-9664-D795A875D737 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Jg1bmakTNdAC60R02mle25Sovco?q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9574336305714136&q={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80269&lng=en BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC) BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mydesktop.ocado.com/dana-cached/sc/JuniperSetupClient.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Winsock: Catalog9 14 mswsock.dll File Not found () Winsock: Catalog9 15 mswsock.dll File Not found () Winsock: Catalog9 16 mswsock.dll File Not found () Winsock: Catalog9 17 mswsock.dll File Not found () Winsock: Catalog9 18 mswsock.dll File Not found () Winsock: Catalog9 19 mswsock.dll File Not found () Winsock: Catalog9 20 mswsock.dll File Not found () Winsock: Catalog9 21 mswsock.dll File Not found () Winsock: Catalog9 22 mswsock.dll File Not found () Winsock: Catalog9 23 mswsock.dll File Not found () Winsock: Catalog9 24 mswsock.dll File Not found () Winsock: Catalog9 25 mswsock.dll File Not found () Winsock: Catalog9 26 mswsock.dll File Not found () Winsock: Catalog9 27 mswsock.dll File Not found () Winsock: Catalog9 28 mswsock.dll File Not found () Winsock: Catalog9 29 mswsock.dll File Not found () Winsock: Catalog9 30 mswsock.dll File Not found () Winsock: Catalog9 31 mswsock.dll File Not found () Winsock: Catalog9 32 mswsock.dll File Not found () Winsock: Catalog9 33 mswsock.dll File Not found () Winsock: Catalog9 34 mswsock.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U38) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Simon Wright\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) CHR Extension: (AppGraffiti) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.1.1_0 CHR Extension: (Google Drive) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files\AppGraffiti\Chrome\graff_chr.crx CHR StartMenuInternet: Google Chrome - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [572712 2011-01-14] (Nero AG) R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x] S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x] S2 Winmgmt; C:\PROGRA~2\1l3dw3.dss [x] ==================== Drivers (Whitelisted) ==================== R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-08-12] (Juniper Networks) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-04-13] (Meetinghouse Data Communications) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation) S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-09-05] () R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) S2 BTWSp50; System32\Drivers\BTWSp50.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Tosrfcom; No ImagePath S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-03 04:44 - 2013-12-03 04:44 - 00000000 ____D C:\FRST 2013-12-02 22:20 - 2013-12-02 22:20 - 00019279 _____ C:\Users\Simon Wright\Desktop\FRST.txt 2013-12-02 22:20 - 2013-12-02 22:19 - 01092389 _____ (Farbar) C:\Users\Simon Wright\Desktop\FRST.exe 2013-12-02 21:53 - 2013-12-02 21:53 - 00000000 ____D C:\Users\Simon Wright\AppData\Roaming\Malwarebytes 2013-12-02 21:51 - 2013-12-02 21:51 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-02 21:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-02 21:50 - 2013-12-02 21:50 - 00000795 _____ C:\Windows\setupact.log 2013-12-02 21:50 - 2013-12-02 21:50 - 00000000 _____ C:\Windows\setuperr.log 2013-12-02 07:03 - 2013-12-02 07:03 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-12-01 15:27 - 2013-12-01 15:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls 2013-11-30 15:54 - 2013-11-30 15:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv 2013-11-29 18:42 - 2013-11-29 18:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls 2013-11-28 16:01 - 2013-11-28 16:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini 2013-11-25 20:04 - 2013-11-25 20:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx 2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls 2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls 2013-11-24 13:01 - 2013-11-24 13:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls 2013-11-24 10:03 - 2013-11-24 10:04 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx 2013-11-23 13:47 - 2013-11-23 13:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls 2013-11-23 13:23 - 2013-11-23 13:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx 2013-11-20 19:11 - 2013-11-20 19:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls 2013-11-20 17:16 - 2013-11-20 17:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx 2013-11-19 16:12 - 2013-11-19 16:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls 2013-11-17 15:40 - 2013-11-17 15:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx 2013-11-17 15:37 - 2013-11-17 15:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls 2013-11-15 12:34 - 2013-11-15 12:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls 2013-11-14 07:14 - 2013-10-13 10:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 07:14 - 2013-10-13 10:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 07:14 - 2013-10-13 09:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 07:14 - 2013-10-13 09:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 07:14 - 2013-10-13 09:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-14 07:14 - 2013-10-13 09:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 07:14 - 2013-10-13 09:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-14 07:14 - 2013-10-13 09:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 07:14 - 2013-10-13 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 07:14 - 2013-10-13 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-14 07:14 - 2013-10-13 09:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-14 07:14 - 2013-10-13 09:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 07:14 - 2013-10-13 09:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 07:14 - 2013-10-13 09:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-14 07:14 - 2013-10-13 09:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 07:14 - 2013-10-13 09:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 19:01 - 2013-11-13 19:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls 2013-11-13 07:24 - 2013-10-11 02:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 07:24 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 07:24 - 2013-10-11 00:39 - 00218228 _____ C:\Windows\system32\WFP.TMF 2013-11-13 07:24 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 07:24 - 2013-10-03 12:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 07:19 - 2013-11-13 07:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx 2013-11-08 19:54 - 2013-11-08 19:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt 2013-11-08 14:29 - 2013-11-08 14:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV 2013-11-08 14:28 - 2013-11-08 14:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV 2013-11-07 20:00 - 2013-11-07 20:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt 2013-11-07 17:35 - 2013-11-07 17:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls 2013-11-06 16:06 - 2013-11-06 16:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls 2013-11-05 16:17 - 2013-11-05 16:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica 2013-11-05 16:16 - 2013-11-05 16:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica 2013-11-05 16:15 - 2013-11-05 16:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica 2013-11-04 22:03 - 2013-11-04 22:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx 2013-11-04 21:05 - 2013-11-04 21:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx 2013-11-04 21:05 - 2013-11-04 21:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx 2013-11-04 21:03 - 2013-11-04 21:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip 2013-11-04 17:28 - 2013-11-04 17:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt 2013-11-04 09:58 - 2013-11-04 09:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx 2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls 2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls 2013-11-03 12:49 - 2013-11-03 12:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls 2013-11-02 20:01 - 2013-11-02 20:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk 2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\ProgramData\FitbitConnect 2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\Program Files\Fitbit Connect 2013-11-02 07:55 - 2013-11-02 07:55 - 05572008 _____ (Fitbit Inc.) C:\Users\Simon Wright\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe ==================== One Month Modified Files and Folders ======= 2013-12-03 04:44 - 2013-12-03 04:44 - 00000000 ____D C:\FRST 2013-12-02 22:29 - 2013-12-02 22:20 - 00019279 _____ C:\Users\Simon Wright\Desktop\FRST.txt 2013-12-02 22:19 - 2013-12-02 22:20 - 01092389 _____ (Farbar) C:\Users\Simon Wright\Desktop\FRST.exe 2013-12-02 22:15 - 2010-01-30 10:33 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-02 21:53 - 2013-12-02 21:53 - 00000000 ____D C:\Users\Simon Wright\AppData\Roaming\Malwarebytes 2013-12-02 21:51 - 2013-12-02 21:51 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-02 21:50 - 2013-12-02 21:50 - 00000795 _____ C:\Windows\setupact.log 2013-12-02 21:50 - 2013-12-02 21:50 - 00000000 _____ C:\Windows\setuperr.log 2013-12-02 21:47 - 2010-01-30 10:33 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-02 21:44 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-02 21:44 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-02 21:44 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-02 20:13 - 2006-11-02 13:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-02 20:11 - 2013-06-08 07:19 - 00000000 ___RD C:\Users\Simon Wright\Google Drive 2013-12-02 19:54 - 2013-01-06 17:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-02 19:54 - 2010-09-10 20:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000UA.job 2013-12-02 18:31 - 2010-09-10 20:32 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000Core.job 2013-12-02 18:17 - 2011-09-11 19:32 - 00000954 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000UA.job 2013-12-02 18:16 - 2011-09-11 19:32 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000Core.job 2013-12-02 16:28 - 2011-02-02 19:36 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\CrashDumps 2013-12-02 07:03 - 2013-12-02 07:03 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-12-02 06:59 - 2009-05-07 15:17 - 00000000 ____D C:\Users\Simon Wright\Documents\Susan 2013-12-02 06:57 - 2009-04-13 15:16 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\Google 2013-12-02 06:57 - 2008-07-01 15:13 - 00000000 ____D C:\Program Files\Google 2013-12-02 06:55 - 2013-05-04 12:38 - 01234677 _____ C:\Windows\WindowsUpdate.log 2013-12-02 06:54 - 2006-11-02 10:33 - 00706952 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-01 16:42 - 2011-11-06 11:29 - 00000000 ____D C:\Users\Simon Wright\Documents\Kids Homework 2013-12-01 15:27 - 2013-12-01 15:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls 2013-11-30 15:54 - 2013-11-30 15:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv 2013-11-29 18:42 - 2013-11-29 18:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls 2013-11-28 16:01 - 2013-11-28 16:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini 2013-11-27 16:19 - 2013-04-10 15:50 - 00000000 ____D C:\Users\Simon Wright\Documents\Crusaders Fixtures 2013-11-25 20:04 - 2013-11-25 20:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx 2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls 2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls 2013-11-24 21:50 - 2013-09-19 16:19 - 00000000 ____D C:\Users\Simon Wright\Documents\Middle School Gala 2013 2013-11-24 13:01 - 2013-11-24 13:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls 2013-11-24 11:24 - 2013-02-03 14:55 - 00000000 ____D C:\Windows\Minidump 2013-11-24 10:04 - 2013-11-24 10:03 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx 2013-11-23 13:47 - 2013-11-23 13:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls 2013-11-23 13:23 - 2013-11-23 13:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx 2013-11-21 18:15 - 2013-05-20 15:20 - 00000000 ____D C:\Users\Simon Wright\Documents\Woodside Football Club 2013-11-20 19:11 - 2013-11-20 19:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls 2013-11-20 17:16 - 2013-11-20 17:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx 2013-11-19 16:12 - 2013-11-19 16:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls 2013-11-19 13:06 - 2011-05-21 10:28 - 00006648 _____ C:\Users\Simon Wright\AppData\Local\d3d9caps.dat 2013-11-19 10:21 - 2013-01-06 17:55 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-17 15:40 - 2013-11-17 15:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx 2013-11-17 15:37 - 2013-11-17 15:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls 2013-11-15 12:34 - 2013-11-15 12:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls 2013-11-15 12:25 - 2010-09-10 20:34 - 00002141 _____ C:\Users\Simon Wright\Desktop\Google Chrome.lnk 2013-11-14 16:58 - 2013-09-17 15:51 - 00001924 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-11-14 16:57 - 2013-09-17 15:51 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-14 08:34 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache 2013-11-14 07:16 - 2008-07-01 15:16 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 07:11 - 2013-07-26 05:20 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 07:03 - 2006-11-02 10:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-13 19:01 - 2013-11-13 19:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls 2013-11-13 07:19 - 2013-11-13 07:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx 2013-11-10 23:35 - 2009-04-13 20:43 - 00000000 ____D C:\Users\Simon Wright\Documents\Simon 2013-11-08 19:54 - 2013-11-08 19:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt 2013-11-08 14:29 - 2013-11-08 14:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV 2013-11-08 14:28 - 2013-11-08 14:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV 2013-11-07 20:00 - 2013-11-07 20:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt 2013-11-07 17:35 - 2013-11-07 17:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls 2013-11-06 16:06 - 2013-11-06 16:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls 2013-11-05 16:17 - 2013-11-05 16:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica 2013-11-05 16:16 - 2013-11-05 16:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica 2013-11-05 16:15 - 2013-11-05 16:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica 2013-11-04 22:03 - 2013-11-04 22:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx 2013-11-04 21:05 - 2013-11-04 21:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx 2013-11-04 21:05 - 2013-11-04 21:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx 2013-11-04 21:03 - 2013-11-04 21:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip 2013-11-04 17:28 - 2013-11-04 17:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt 2013-11-04 09:58 - 2013-11-04 09:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx 2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls 2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls 2013-11-03 12:49 - 2013-11-03 12:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls 2013-11-02 20:01 - 2013-11-02 20:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk 2013-11-02 12:50 - 2013-01-14 17:34 - 00000000 ____D C:\Users\Simon Wright\Documents\Swim Week 2013 2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\ProgramData\FitbitConnect 2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\Program Files\Fitbit Connect 2013-11-02 07:55 - 2013-11-02 07:55 - 05572008 _____ (Fitbit Inc.) C:\Users\Simon Wright\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe ZeroAccess: C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2013-12-02 21:56 ==================== End Of Log ============================

Normal mode booted OK. Was just running BM scan but have stopped it now. Do I run FRST again and click "Fix" or do I need a new TXT file first? Thanks

Thanks Kevin Fix log below. Putting Malwarebytes on flash disk now to run in normal mode if it boots - will reply soon... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013 Ran by SYSTEM at 2013-12-02 21:37:57 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Start HKLM\...\Policies\Explorer\Run: [7734] - C:\ProgramData\msmwahop.exe [341740 2009-04-10] ( ()) C:\ProgramData\msmwahop.exe HKU\Simon Wright\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk ShortcutTarget: 3wd3l1.lnk -> C:\ProgramData\1l3dw3.dss (Microsoft Corporation) C:\ProgramData\1l3dw3.dss Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk ShortcutTarget: 4bn1a4t.lnk -> C:\ProgramData\t4a1nb4.dss (?????????? ??????????) C:\ProgramData\t4a1nb4.dss Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk ShortcutTarget: g228zlr.lnk -> C:\ProgramData\rlz822g.dss (Microsoft Corporation) C:\ProgramData\rlz822g.dss Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk ShortcutTarget: iilf8zoq.lnk -> C:\ProgramData\qoz8flii.dss (Microsoft Corporation) C:\ProgramData\qoz8flii.dss Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk ShortcutTarget: j6flcjwodh.lnk -> C:\ProgramData\hdowjclf6j.dss (Microsoft Corporation) C:\ProgramData\hdowjclf6j.dss Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk ShortcutTarget: lj6wewlr.lnk -> C:\ProgramData\rlwew6jl.dss (?????????? ??????????) C:\ProgramData\rlwew6jl.dss S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\ \...\???\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install C:\Program Files\Google\Desktop\Install C:\Windows\assembly\GAC\Desktop.ini C:\Users\Simon Wright\AppData\Roaming\desktop.ini C:\ProgramData\1l3dw3.dss C:\ProgramData\3wd3l1.bxx C:\ProgramData\3wd3l1.fvv C:\ProgramData\3wd3l1.reg C:\ProgramData\4bn1a4t.bxx C:\ProgramData\4bn1a4t.fvv C:\ProgramData\g228zlr.bxx C:\ProgramData\g228zlr.fvv C:\ProgramData\hdowjclf6j.dss C:\ProgramData\iilf8zoq.bxx C:\ProgramData\iilf8zoq.fvv C:\ProgramData\j6flcjwodh.bxx C:\ProgramData\j6flcjwodh.fvv C:\ProgramData\lj6wewlr.bxx C:\ProgramData\lj6wewlr.fvv C:\ProgramData\ms5046818E.dat C:\ProgramData\ms504D839B.dat C:\ProgramData\ms504D9357.dat C:\ProgramData\ms504DBD01.dat C:\ProgramData\ms504DC32D.dat C:\ProgramData\ms504DFD81.dat C:\ProgramData\msmwahop.exe C:\ProgramData\PKP_DLdu.DAT C:\ProgramData\PKP_DLdw.DAT C:\ProgramData\qoz8flii.dss C:\ProgramData\rlwew6jl.dss C:\ProgramData\rlz822g.dss C:\ProgramData\t4a1nb4.dss C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe C:\Users\Simon Wright\AppData\Local\Temp\pn.exe DeleteJunctionsIndirectory: C:\Program Files\Windows Defender DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client End ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\7734 => Value deleted successfully. C:\ProgramData\msmwahop.exe => Moved successfully. HKU\Simon Wright\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk => Moved successfully. C:\ProgramData\1l3dw3.dss => Moved successfully. "C:\ProgramData\1l3dw3.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk => Moved successfully. C:\ProgramData\t4a1nb4.dss => Moved successfully. "C:\ProgramData\t4a1nb4.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk => Moved successfully. C:\ProgramData\rlz822g.dss => Moved successfully. "C:\ProgramData\rlz822g.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk => Moved successfully. C:\ProgramData\qoz8flii.dss => Moved successfully. "C:\ProgramData\qoz8flii.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk => Moved successfully. C:\ProgramData\hdowjclf6j.dss => Moved successfully. "C:\ProgramData\hdowjclf6j.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk => Moved successfully. C:\ProgramData\rlwew6jl.dss => Moved successfully. "C:\ProgramData\rlwew6jl.dss" => File/Directory not found. *etadpug => Service deleted successfully. "C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" => Could not move. "C:\Program Files\Google\Desktop\Install" => Could not move. C:\Windows\assembly\GAC\Desktop.ini => Moved successfully. C:\Users\Simon Wright\AppData\Roaming\desktop.ini => Moved successfully. "C:\ProgramData\1l3dw3.dss" => File/Directory not found. C:\ProgramData\3wd3l1.bxx => Moved successfully. C:\ProgramData\3wd3l1.fvv => Moved successfully. C:\ProgramData\3wd3l1.reg => Moved successfully. C:\ProgramData\4bn1a4t.bxx => Moved successfully. C:\ProgramData\4bn1a4t.fvv => Moved successfully. C:\ProgramData\g228zlr.bxx => Moved successfully. C:\ProgramData\g228zlr.fvv => Moved successfully. "C:\ProgramData\hdowjclf6j.dss" => File/Directory not found. C:\ProgramData\iilf8zoq.bxx => Moved successfully. C:\ProgramData\iilf8zoq.fvv => Moved successfully. C:\ProgramData\j6flcjwodh.bxx => Moved successfully. C:\ProgramData\j6flcjwodh.fvv => Moved successfully. C:\ProgramData\lj6wewlr.bxx => Moved successfully. C:\ProgramData\lj6wewlr.fvv => Moved successfully. C:\ProgramData\ms5046818E.dat => Moved successfully. C:\ProgramData\ms504D839B.dat => Moved successfully. C:\ProgramData\ms504D9357.dat => Moved successfully. C:\ProgramData\ms504DBD01.dat => Moved successfully. C:\ProgramData\ms504DC32D.dat => Moved successfully. C:\ProgramData\ms504DFD81.dat => Moved successfully. "C:\ProgramData\msmwahop.exe" => File/Directory not found. C:\ProgramData\PKP_DLdu.DAT => Moved successfully. C:\ProgramData\PKP_DLdw.DAT => Moved successfully. "C:\ProgramData\qoz8flii.dss" => File/Directory not found. "C:\ProgramData\rlwew6jl.dss" => File/Directory not found. "C:\ProgramData\rlz822g.dss" => File/Directory not found. "C:\ProgramData\t4a1nb4.dss" => File/Directory not found. C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe => Moved successfully. C:\Users\Simon Wright\AppData\Local\Temp\pn.exe => Moved successfully. Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode. Error: DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client => entry should be fixed outside recovery mode. ==== End of Fixlog ====

Thanks ...

Hi - desperate for help I have a laptop that has been infected with the ukash ransomware - I've run FRST and the log is below. FYI - this was run in the recovery console. Cannot boot in any other mode at the moment. Thanks in advance for any help MP Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013 Ran by SYSTEM on MINWINPC on 02-12-2013 21:02:43 Running from G:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.) HKLM\...\Run: [NDSTray.exe] - NDSTray.exe HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor) HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [PRISMSVR.EXE] - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe [295001 2004-07-02] (Conexant Systems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] () HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.) HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.) HKLM\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.) HKLM\...\Policies\Explorer\Run: [7734] - C:\ProgramData\msmwahop.exe [341740 2009-04-10] ( ()) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) HKU\Simon Wright\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation) HKU\Simon Wright\...\Run: [Google Update] - C:\Users\Simon Wright\AppData\Local\Google\Update\GoogleUpdate.exe [ 2010-03-17] (Google Inc.) HKU\Simon Wright\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-09-04] (Samsung) HKU\Simon Wright\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-07-01] (Google Inc.) HKU\Simon Wright\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-09-04] (Samsung) HKU\Simon Wright\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup HKU\Simon Wright\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-09-25] (Google) HKU\Simon Wright\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [ 2013-10-02] (Fitbit, Inc.) HKU\Simon Wright\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation) HKU\Simon Wright\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk ShortcutTarget: 3wd3l1.lnk -> C:\ProgramData\1l3dw3.dss (Microsoft Corporation) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk ShortcutTarget: 4bn1a4t.lnk -> C:\ProgramData\t4a1nb4.dss (Корпорация Майкрософт) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk ShortcutTarget: g228zlr.lnk -> C:\ProgramData\rlz822g.dss (Microsoft Corporation) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk ShortcutTarget: iilf8zoq.lnk -> C:\ProgramData\qoz8flii.dss (Microsoft Corporation) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk ShortcutTarget: j6flcjwodh.lnk -> C:\ProgramData\hdowjclf6j.dss (Microsoft Corporation) Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk ShortcutTarget: lj6wewlr.lnk -> C:\ProgramData\rlwew6jl.dss (Корпорация Майкрософт) ========================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks) S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation) S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [572712 2011-01-14] (Nero AG) S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S2 Winmgmt; C:\ProgramData\1l3dw3.dss [206848 2013-12-01] (Microsoft Corporation) S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x] S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x] S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\ \...\???\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-08-12] (Juniper Networks) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-04-13] (Meetinghouse Data Communications) S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation) S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation) S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-09-05] () S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) S2 BTWSp50; System32\Drivers\BTWSp50.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Tosrfcom; No ImagePath S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-02 20:44 - 2013-12-02 20:44 - 00000000 ____D C:\FRST 2013-12-02 12:11 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\4bn1a4t.bxx 2013-12-02 12:11 - 2013-12-02 12:11 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\t4a1nb4.dss 2013-12-02 12:11 - 2013-12-02 12:11 - 00000000 _____ C:\ProgramData\4bn1a4t.fvv 2013-12-02 12:01 - 2013-12-02 12:10 - 95025368 ____T C:\ProgramData\lj6wewlr.bxx 2013-12-02 12:01 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\lj6wewlr.fvv 2013-12-02 12:01 - 2013-12-02 12:01 - 00204288 _____ (Корпорация Майкрософт) C:\ProgramData\rlwew6jl.dss 2013-12-02 10:38 - 2013-12-02 12:11 - 95025368 ____T C:\ProgramData\j6flcjwodh.bxx 2013-12-02 10:38 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\j6flcjwodh.fvv 2013-12-02 10:38 - 2013-12-02 10:38 - 00204800 _____ (Microsoft Corporation) C:\ProgramData\hdowjclf6j.dss 2013-12-02 08:34 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\iilf8zoq.bxx 2013-12-02 08:34 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\iilf8zoq.fvv 2013-12-02 08:34 - 2013-12-02 08:34 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\qoz8flii.dss 2013-12-02 08:28 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\g228zlr.bxx 2013-12-02 08:28 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\g228zlr.fvv 2013-12-02 08:28 - 2013-12-02 08:28 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\rlz822g.dss 2013-12-02 08:28 - 2013-12-02 08:28 - 00000273 _____ C:\ProgramData\3wd3l1.reg 2013-12-01 23:03 - 2013-12-01 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2013-12-01 22:57 - 2013-12-02 12:13 - 95025368 ____T C:\ProgramData\3wd3l1.bxx 2013-12-01 22:57 - 2013-12-02 12:09 - 00000000 _____ C:\ProgramData\3wd3l1.fvv 2013-12-01 22:57 - 2013-12-01 22:57 - 00206848 _____ (Microsoft Corporation) C:\ProgramData\1l3dw3.dss 2013-12-01 07:27 - 2013-12-01 07:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls 2013-11-30 07:54 - 2013-11-30 07:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv 2013-11-29 10:42 - 2013-11-29 10:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls 2013-11-28 08:01 - 2013-11-28 08:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini 2013-11-25 12:04 - 2013-11-25 12:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx 2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls 2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls 2013-11-24 05:01 - 2013-11-24 05:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls 2013-11-24 02:03 - 2013-11-24 02:04 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx 2013-11-23 05:47 - 2013-11-23 05:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls 2013-11-23 05:23 - 2013-11-23 05:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx 2013-11-20 11:11 - 2013-11-20 11:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls 2013-11-20 09:16 - 2013-11-20 09:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx 2013-11-19 08:12 - 2013-11-19 08:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls 2013-11-17 07:40 - 2013-11-17 07:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx 2013-11-17 07:37 - 2013-11-17 07:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls 2013-11-15 04:34 - 2013-11-15 04:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls 2013-11-13 23:14 - 2013-10-13 02:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-13 23:14 - 2013-10-13 02:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-13 23:14 - 2013-10-13 01:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-13 23:14 - 2013-10-13 01:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-13 23:14 - 2013-10-13 01:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-11-13 23:14 - 2013-10-13 01:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-13 23:14 - 2013-10-13 01:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-11-13 23:14 - 2013-10-13 01:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-13 23:14 - 2013-10-13 01:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-11-13 23:14 - 2013-10-13 01:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-11-13 23:14 - 2013-10-13 01:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-11-13 23:14 - 2013-10-13 01:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-13 23:14 - 2013-10-13 01:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-11-13 23:14 - 2013-10-13 01:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-11-13 23:14 - 2013-10-13 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-13 23:14 - 2013-10-13 01:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-13 11:01 - 2013-11-13 11:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls 2013-11-12 23:24 - 2013-10-10 18:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-11-12 23:24 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-11-12 23:24 - 2013-10-10 16:39 - 00218228 _____ C:\Windows\System32\WFP.TMF 2013-11-12 23:24 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-11-12 23:24 - 2013-10-03 04:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-11-12 23:19 - 2013-11-12 23:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx 2013-11-08 11:54 - 2013-11-08 11:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt 2013-11-08 06:29 - 2013-11-08 06:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV 2013-11-08 06:28 - 2013-11-08 06:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV 2013-11-07 12:00 - 2013-11-07 12:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt 2013-11-07 09:35 - 2013-11-07 09:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls 2013-11-06 08:06 - 2013-11-06 08:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls 2013-11-05 08:17 - 2013-11-05 08:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica 2013-11-05 08:16 - 2013-11-05 08:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica 2013-11-05 08:15 - 2013-11-05 08:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica 2013-11-04 14:03 - 2013-11-04 14:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx 2013-11-04 13:05 - 2013-11-04 13:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx 2013-11-04 13:05 - 2013-11-04 13:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx 2013-11-04 13:03 - 2013-11-04 13:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip 2013-11-04 09:28 - 2013-11-04 09:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt 2013-11-04 01:58 - 2013-11-04 01:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx 2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls 2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls 2013-11-03 04:49 - 2013-11-03 04:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls 2013-11-02 12:01 - 2013-11-02 12:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk ==================== One Month Modified Files and Folders ======= 2013-12-02 20:44 - 2013-12-02 20:44 - 00000000 ____D C:\FRST 2013-12-02 12:13 - 2013-12-01 22:57 - 95025368 ____T C:\ProgramData\3wd3l1.bxx 2013-12-02 12:12 - 2013-12-02 12:11 - 95025368 ____T C:\ProgramData\4bn1a4t.bxx 2013-12-02 12:12 - 2013-12-02 08:34 - 95025368 ____T C:\ProgramData\iilf8zoq.bxx 2013-12-02 12:12 - 2013-12-02 08:28 - 95025368 ____T C:\ProgramData\g228zlr.bxx 2013-12-02 12:11 - 2013-12-02 12:11 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\t4a1nb4.dss 2013-12-02 12:11 - 2013-12-02 12:11 - 00000000 _____ C:\ProgramData\4bn1a4t.fvv 2013-12-02 12:11 - 2013-12-02 10:38 - 95025368 ____T C:\ProgramData\j6flcjwodh.bxx 2013-12-02 12:11 - 2013-06-07 23:19 - 00000000 ___RD C:\Users\Simon Wright\Google Drive 2013-12-02 12:10 - 2013-12-02 12:01 - 95025368 ____T C:\ProgramData\lj6wewlr.bxx 2013-12-02 12:10 - 2013-12-02 12:01 - 00000000 _____ C:\ProgramData\lj6wewlr.fvv 2013-12-02 12:10 - 2013-12-02 10:38 - 00000000 _____ C:\ProgramData\j6flcjwodh.fvv 2013-12-02 12:10 - 2013-12-02 08:34 - 00000000 _____ C:\ProgramData\iilf8zoq.fvv 2013-12-02 12:10 - 2013-12-02 08:28 - 00000000 _____ C:\ProgramData\g228zlr.fvv 2013-12-02 12:09 - 2013-12-01 22:57 - 00000000 _____ C:\ProgramData\3wd3l1.fvv 2013-12-02 12:08 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-02 12:08 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-02 12:01 - 2013-12-02 12:01 - 00204288 _____ (Корпорация Майкрософт) C:\ProgramData\rlwew6jl.dss 2013-12-02 10:38 - 2013-12-02 10:38 - 00204800 _____ (Microsoft Corporation) C:\ProgramData\hdowjclf6j.dss 2013-12-02 08:34 - 2013-12-02 08:34 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\qoz8flii.dss 2013-12-02 08:28 - 2013-12-02 08:28 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\rlz822g.dss 2013-12-02 08:28 - 2013-12-02 08:28 - 00000273 _____ C:\ProgramData\3wd3l1.reg 2013-12-02 08:28 - 2011-02-02 11:36 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\CrashDumps 2013-12-01 23:03 - 2013-12-01 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2013-12-01 22:59 - 2009-05-07 07:17 - 00000000 ____D C:\Users\Simon Wright\Documents\Susan 2013-12-01 22:57 - 2013-12-01 22:57 - 00206848 _____ (Microsoft Corporation) C:\ProgramData\1l3dw3.dss 2013-12-01 22:57 - 2009-04-13 07:16 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\Google 2013-12-01 22:57 - 2008-07-01 07:13 - 00000000 ____D C:\Program Files\Google 2013-12-01 22:55 - 2013-05-04 04:38 - 01234677 _____ C:\Windows\WindowsUpdate.log 2013-12-01 22:54 - 2006-11-02 02:33 - 00706952 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-01 08:42 - 2011-11-06 03:29 - 00000000 ____D C:\Users\Simon Wright\Documents\Kids Homework 2013-12-01 07:27 - 2013-12-01 07:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls 2013-11-30 07:54 - 2013-11-30 07:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv 2013-11-29 10:42 - 2013-11-29 10:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls 2013-11-28 08:01 - 2013-11-28 08:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini 2013-11-27 08:19 - 2013-04-10 07:50 - 00000000 ____D C:\Users\Simon Wright\Documents\Crusaders Fixtures 2013-11-25 12:04 - 2013-11-25 12:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx 2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls 2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls 2013-11-24 13:50 - 2013-09-19 08:19 - 00000000 ____D C:\Users\Simon Wright\Documents\Middle School Gala 2013 2013-11-24 05:01 - 2013-11-24 05:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls 2013-11-24 03:24 - 2013-02-03 06:55 - 00000000 ____D C:\Windows\Minidump 2013-11-24 02:04 - 2013-11-24 02:03 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx 2013-11-23 05:47 - 2013-11-23 05:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls 2013-11-23 05:23 - 2013-11-23 05:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx 2013-11-21 10:15 - 2013-05-20 07:20 - 00000000 ____D C:\Users\Simon Wright\Documents\Woodside Football Club 2013-11-20 11:11 - 2013-11-20 11:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls 2013-11-20 09:16 - 2013-11-20 09:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx 2013-11-19 08:12 - 2013-11-19 08:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls 2013-11-19 05:06 - 2011-05-21 02:28 - 00006648 _____ C:\Users\Simon Wright\AppData\Local\d3d9caps.dat 2013-11-19 02:21 - 2013-01-06 09:55 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-11-17 07:40 - 2013-11-17 07:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx 2013-11-17 07:37 - 2013-11-17 07:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls 2013-11-15 04:34 - 2013-11-15 04:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls 2013-11-15 04:25 - 2010-09-10 12:34 - 00002141 _____ C:\Users\Simon Wright\Desktop\Google Chrome.lnk 2013-11-14 08:58 - 2013-09-17 07:51 - 00001924 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-11-14 08:57 - 2013-09-17 07:51 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-14 00:34 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache 2013-11-13 23:16 - 2008-07-01 07:16 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 23:11 - 2013-07-25 21:20 - 00000000 ____D C:\Windows\System32\MRT 2013-11-13 23:03 - 2006-11-02 02:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-11-13 11:01 - 2013-11-13 11:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls 2013-11-12 23:19 - 2013-11-12 23:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx 2013-11-10 15:35 - 2009-04-13 12:43 - 00000000 ____D C:\Users\Simon Wright\Documents\Simon 2013-11-08 11:54 - 2013-11-08 11:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt 2013-11-08 06:29 - 2013-11-08 06:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV 2013-11-08 06:28 - 2013-11-08 06:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV 2013-11-07 12:00 - 2013-11-07 12:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt 2013-11-07 09:35 - 2013-11-07 09:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls 2013-11-06 08:06 - 2013-11-06 08:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls 2013-11-05 08:17 - 2013-11-05 08:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica 2013-11-05 08:16 - 2013-11-05 08:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica 2013-11-05 08:15 - 2013-11-05 08:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica 2013-11-04 14:03 - 2013-11-04 14:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx 2013-11-04 13:05 - 2013-11-04 13:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx 2013-11-04 13:05 - 2013-11-04 13:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx 2013-11-04 13:03 - 2013-11-04 13:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip 2013-11-04 09:28 - 2013-11-04 09:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt 2013-11-04 01:58 - 2013-11-04 01:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx 2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls 2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls 2013-11-03 04:49 - 2013-11-03 04:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls 2013-11-02 12:01 - 2013-11-02 12:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk 2013-11-02 04:50 - 2013-01-14 09:34 - 00000000 ____D C:\Users\Simon Wright\Documents\Swim Week 2013 ZeroAccess: C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini Files to move or delete: ==================== C:\Users\Simon Wright\AppData\Roaming\desktop.ini C:\ProgramData\1l3dw3.dss C:\ProgramData\3wd3l1.bxx C:\ProgramData\3wd3l1.fvv C:\ProgramData\3wd3l1.reg C:\ProgramData\4bn1a4t.bxx C:\ProgramData\4bn1a4t.fvv C:\ProgramData\g228zlr.bxx C:\ProgramData\g228zlr.fvv C:\ProgramData\hdowjclf6j.dss C:\ProgramData\iilf8zoq.bxx C:\ProgramData\iilf8zoq.fvv C:\ProgramData\j6flcjwodh.bxx C:\ProgramData\j6flcjwodh.fvv C:\ProgramData\lj6wewlr.bxx C:\ProgramData\lj6wewlr.fvv C:\ProgramData\ms5046818E.dat C:\ProgramData\ms504D839B.dat C:\ProgramData\ms504D9357.dat C:\ProgramData\ms504DBD01.dat C:\ProgramData\ms504DC32D.dat C:\ProgramData\ms504DFD81.dat C:\ProgramData\msmwahop.exe C:\ProgramData\PKP_DLdu.DAT C:\ProgramData\PKP_DLdw.DAT C:\ProgramData\qoz8flii.dss C:\ProgramData\rlwew6jl.dss C:\ProgramData\rlz822g.dss C:\ProgramData\t4a1nb4.dss Some content of TEMP: ==================== C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe C:\Users\Simon Wright\AppData\Local\Temp\pn.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 11 Restore point made on: 2013-11-06 13:57:16 Restore point made on: 2013-11-07 11:53:54 Restore point made on: 2013-11-10 01:03:31 Restore point made on: 2013-11-13 08:09:10 Restore point made on: 2013-11-13 23:01:43 Restore point made on: 2013-11-14 13:03:43 Restore point made on: 2013-11-17 10:53:00 Restore point made on: 2013-11-20 12:20:31 Restore point made on: 2013-11-24 01:30:16 Restore point made on: 2013-11-27 08:18:22 Restore point made on: 2013-11-30 14:38:51 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3963.06 MB Available physical RAM: 3377.7 MB Total Pagefile: 3632.18 MB Available Pagefile: 3461.31 MB Total Virtual: 2047.88 MB Available Virtual: 1964.46 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:148.89 GB) (Free:49.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:147.73 GB) (Free:92.16 GB) NTFS Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS Drive g: () (Removable) (Total:0.24 GB) (Free:0.06 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4BCB0FB6) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 250 MB) (Disk ID: 5C55BD79) Partition 1: (Active) - (Size=250 MB) - (Type=06) LastRegBack: 2013-12-02 10:42 ==================== End Of Log ============================