MoonPig

December 6, 2013

Sorry - went quiet on you - ran a full scan - nothing found except the items that we had quarantined. I have deleted those folders and had a tidy up.

Windows update and everything seems to be working fine.

Thanks so much - very much appreciated

December 4, 2013

No obvious problems. Seem to be able to browse ok now. Windows update is working too. :-)

December 4, 2013

getting there - thanks so much...

Farbar Service Scanner Version: 23-11-2013
Ran by Simon Wright (administrator) on 04-12-2013 at 21:52:58
Running from "C:\Users\Simon Wright\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

December 4, 2013

Done - next log...

Farbar Service Scanner Version: 23-11-2013
Ran by Simon Wright (administrator) on 04-12-2013 at 20:26:10
Running from "C:\Users\Simon Wright\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

December 4, 2013

FARBAR scan produced this...

Farbar Service Scanner Version: 23-11-2013
Ran by Simon Wright (administrator) on 04-12-2013 at 13:17:56
Running from "C:\Users\Simon Wright\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-24 09:48] - [2013-07-05 03:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

December 4, 2013

OTM ran - looks like it moved 2 .DSS files but it crashed. I left it overnight again as it was taking ages and come monrning it had crashed.

2 files moved were rlwew6jl.dss and t4a1nb4.dss

Going to run the farbar part now...

December 3, 2013

All done - logs below...

ESET Log....

C:\FRST\Quarantine\1346793773.exe Win32/PSW.Fareit.A trojan
C:\FRST\Quarantine\ms504D9357.dat a variant of Win32/Kryptik.BQEU trojan
C:\FRST\Quarantine\ms504DC32D.dat a variant of Win32/Kryptik.BQEU trojan
C:\FRST\Quarantine\msmwahop.exe Win32/TrojanDownloader.Wauchos.X trojan
C:\FRST\Quarantine\pn.exe Win32/PSW.Fareit.A trojan
C:\FRST\Quarantine\rlwew6jl.dss a variant of Win32/Kryptik.BQEU trojan
C:\FRST\Quarantine\t4a1nb4.dss a variant of Win32/Kryptik.BQEU trojan
C:\Users\Simon Wright\AppData\Local\Temp\rlwew6jl.dss a variant of Win32/Kryptik.BQEU trojan
C:\Users\Simon Wright\AppData\Local\Temp\t4a1nb4.dss a variant of Win32/Kryptik.BQEU Trojan

SCREEN317 log below

Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

December 3, 2013

Scan is under way - already found some threats so will post those when it's finished.

Windows update seems to be disabled at the moment too - tried to see what was available before your reply came in and it just tells me windows update cannot be started.

MP

December 3, 2013

Hi

got somewhat confused with which log is whish for MBAM - I've pasted below the one I think is the full scan where I clicked "fix". I've attached the other log files I have from MBAM in case these help.

Since doing this I've done another full scan and nothing was found.

Computer does seem to be running OK now but haven't done any browsing or anything on it yet (posting this from another PC)

Ta

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Simon Wright :: SIMONWRIGHT-PC [administrator]

03/12/2013 00:15:17
MBAM-log-2013-12-03 (07-53-19).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKLM\SOFTWARE\DomaIQ (PUP.Optional.DomaIQ.A) -> No action taken.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\Simon Wright\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files\AppGraffiti (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\Chrome (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\ProgramData\57833834 (Rogue.Multiple) -> No action taken.

Files Detected: 18
C:\FRST\Quarantine\1l3dw3.dss (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\hdowjclf6j.dss (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\ms5046818E.dat (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\ms504D839B.dat (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\ms504DBD01.dat (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\ms504DFD81.dat (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\qoz8flii.dss (Trojan.FakeMS) -> No action taken.
C:\FRST\Quarantine\rlz822g.dss (Trojan.FakeMS) -> No action taken.
C:\Users\Simon Wright\Downloads\Setup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Simon Wright\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\AppGraffiti64.dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\Chrome\graff_chr.crx (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files\AppGraffiti\Chrome\graff_chr.ver (PUP.Optional.AppGraffiti.A) -> No action taken.

(end)

mbam-log-2013-12-02 (23-42-38).txt

mbam-log-2013-12-02 (23-43-11).txt

mbam-log-2013-12-03 (00-15-17).txt

MBAM-log-2013-12-03 (07-53-19).txt

mbam-log-2013-12-03 (08-07-59).txt

December 3, 2013

Hi Kevin

I hadn't re-booted. Did though and re-set MalwareBytes to do a full scan overnight - at work now but will post the logs created here later

Thanks

December 2, 2013

OK - still up and first scan / fix finished - log below (bit big)...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2013
Ran by Simon Wright at 2013-12-02 22:50:24 Run:2
Running from C:\Users\Simon Wright\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www2.delta-se...40900FF18E76190
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...40900FF18E76190
SearchScopes: HKCU - {107E8020-3347-4917-A3E6-893DE3E4F458} URL = http://websearch.ask...64-D795A875D737
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://toolbar.inbox...id=80269&lng=en
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Winmgmt; C:\PROGRA~2\1l3dw3.dss [x]
C:\PROGRA~2\1l3dw3.dss
C:\Windows\system32\%APPDATA%
C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
End

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{107E8020-3347-4917-A3E6-893DE3E4F458} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{107E8020-3347-4917-A3E6-893DE3E4F458} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Winmgmt => Service restored successfully.
"C:\PROGRA~2\1l3dw3.dss" => File/Directory not found.
C:\Windows\system32\%APPDATA% => Moved successfully.

"C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" directory move:

Could not move "C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.

"C:\Program Files\Google\Desktop\Install" directory move:

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Antimalware" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\CleanUpPolicy.xml" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\eppmanifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\setupres.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-02 23:28:24)<=

C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install => Is moved successfully.
C:\Program Files\Google\Desktop\Install => Is moved successfully.

==== End of Fixlog ====

December 2, 2013

yep - somewhat south of you though :-)

December 2, 2013

Scan / fix is running now but taking ages and it's getting late - I'll have check progress in the morning - thanks again for your help Kevin

December 2, 2013

that scan took a bit longer....

It did not seem to create "addition.txt" file - other log is below

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2013
Ran by Simon Wright (administrator) on SIMONWRIGHT-PC on 02-12-2013 22:20:25
Running from C:\Users\Simon Wright\Desktop
Windows Vista Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PRISMSVR.EXE] - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe [295001 2004-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] ()
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {27c17321-5ecb-11e0-9639-001e33a5e78d} - D:\autorun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9574336305714136&q={searchTerms}
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=120518&babsrc=SP_ss&mntrId=540900FF18E76190
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=120518&babsrc=SP_ss&mntrId=540900FF18E76190
SearchScopes: HKCU - {107E8020-3347-4917-A3E6-893DE3E4F458} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=0C507988-2D67-416F-AD3F-A119B3BD51C0&apn_sauid=1C3DCF36-5B3F-4912-9664-D795A875D737
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Jg1bmakTNdAC60R02mle25Sovco?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9574336305714136&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80269&lng=en
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mydesktop.ocado.com/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U38) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Simon Wright\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Extension: (AppGraffiti) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.1.1_0
CHR Extension: (Google Drive) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\SIMONW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files\AppGraffiti\Chrome\graff_chr.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Simon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [572712 2011-01-14] (Nero AG)
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S2 Winmgmt; C:\PROGRA~2\1l3dw3.dss [x]

==================== Drivers (Whitelisted) ====================

R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-08-12] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-04-13] (Meetinghouse Data Communications)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-09-05] ()
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S2 BTWSp50; System32\Drivers\BTWSp50.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-03 04:44 - 2013-12-03 04:44 - 00000000 ____D C:\FRST
2013-12-02 22:20 - 2013-12-02 22:20 - 00019279 _____ C:\Users\Simon Wright\Desktop\FRST.txt
2013-12-02 22:20 - 2013-12-02 22:19 - 01092389 _____ (Farbar) C:\Users\Simon Wright\Desktop\FRST.exe
2013-12-02 21:53 - 2013-12-02 21:53 - 00000000 ____D C:\Users\Simon Wright\AppData\Roaming\Malwarebytes
2013-12-02 21:51 - 2013-12-02 21:51 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 21:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 21:50 - 2013-12-02 21:50 - 00000795 _____ C:\Windows\setupact.log
2013-12-02 21:50 - 2013-12-02 21:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-02 07:03 - 2013-12-02 07:03 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-12-01 15:27 - 2013-12-01 15:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls
2013-11-30 15:54 - 2013-11-30 15:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv
2013-11-29 18:42 - 2013-11-29 18:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls
2013-11-28 16:01 - 2013-11-28 16:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini
2013-11-25 20:04 - 2013-11-25 20:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx
2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls
2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls
2013-11-24 13:01 - 2013-11-24 13:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls
2013-11-24 10:03 - 2013-11-24 10:04 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx
2013-11-23 13:47 - 2013-11-23 13:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls
2013-11-23 13:23 - 2013-11-23 13:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx
2013-11-20 19:11 - 2013-11-20 19:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls
2013-11-20 17:16 - 2013-11-20 17:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx
2013-11-19 16:12 - 2013-11-19 16:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls
2013-11-17 15:40 - 2013-11-17 15:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx
2013-11-17 15:37 - 2013-11-17 15:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls
2013-11-15 12:34 - 2013-11-15 12:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls
2013-11-14 07:14 - 2013-10-13 10:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 07:14 - 2013-10-13 10:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 07:14 - 2013-10-13 09:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 07:14 - 2013-10-13 09:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 07:14 - 2013-10-13 09:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 07:14 - 2013-10-13 09:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 07:14 - 2013-10-13 09:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 07:14 - 2013-10-13 09:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 07:14 - 2013-10-13 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 07:14 - 2013-10-13 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 07:14 - 2013-10-13 09:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 07:14 - 2013-10-13 09:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 07:14 - 2013-10-13 09:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 07:14 - 2013-10-13 09:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 07:14 - 2013-10-13 09:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 07:14 - 2013-10-13 09:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 19:01 - 2013-11-13 19:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls
2013-11-13 07:24 - 2013-10-11 02:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:24 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:24 - 2013-10-11 00:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-13 07:24 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:24 - 2013-10-03 12:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:19 - 2013-11-13 07:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx
2013-11-08 19:54 - 2013-11-08 19:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt
2013-11-08 14:29 - 2013-11-08 14:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV
2013-11-08 14:28 - 2013-11-08 14:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV
2013-11-07 20:00 - 2013-11-07 20:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt
2013-11-07 17:35 - 2013-11-07 17:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls
2013-11-06 16:06 - 2013-11-06 16:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls
2013-11-05 16:17 - 2013-11-05 16:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica
2013-11-05 16:16 - 2013-11-05 16:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica
2013-11-05 16:15 - 2013-11-05 16:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica
2013-11-04 22:03 - 2013-11-04 22:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx
2013-11-04 21:05 - 2013-11-04 21:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx
2013-11-04 21:05 - 2013-11-04 21:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx
2013-11-04 21:03 - 2013-11-04 21:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip
2013-11-04 17:28 - 2013-11-04 17:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt
2013-11-04 09:58 - 2013-11-04 09:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx
2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls
2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls
2013-11-03 12:49 - 2013-11-03 12:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls
2013-11-02 20:01 - 2013-11-02 20:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk
2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\Program Files\Fitbit Connect
2013-11-02 07:55 - 2013-11-02 07:55 - 05572008 _____ (Fitbit Inc.) C:\Users\Simon Wright\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe

==================== One Month Modified Files and Folders =======

2013-12-03 04:44 - 2013-12-03 04:44 - 00000000 ____D C:\FRST
2013-12-02 22:29 - 2013-12-02 22:20 - 00019279 _____ C:\Users\Simon Wright\Desktop\FRST.txt
2013-12-02 22:19 - 2013-12-02 22:20 - 01092389 _____ (Farbar) C:\Users\Simon Wright\Desktop\FRST.exe
2013-12-02 22:15 - 2010-01-30 10:33 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 21:53 - 2013-12-02 21:53 - 00000000 ____D C:\Users\Simon Wright\AppData\Roaming\Malwarebytes
2013-12-02 21:51 - 2013-12-02 21:51 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 21:51 - 2013-12-02 21:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 21:50 - 2013-12-02 21:50 - 00000795 _____ C:\Windows\setupact.log
2013-12-02 21:50 - 2013-12-02 21:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-02 21:47 - 2010-01-30 10:33 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 21:44 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 21:44 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 21:44 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 20:13 - 2006-11-02 13:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-02 20:11 - 2013-06-08 07:19 - 00000000 ___RD C:\Users\Simon Wright\Google Drive
2013-12-02 19:54 - 2013-01-06 17:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 19:54 - 2010-09-10 20:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000UA.job
2013-12-02 18:31 - 2010-09-10 20:32 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000Core.job
2013-12-02 18:17 - 2011-09-11 19:32 - 00000954 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000UA.job
2013-12-02 18:16 - 2011-09-11 19:32 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1589440685-286437405-3900244374-1000Core.job
2013-12-02 16:28 - 2011-02-02 19:36 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\CrashDumps
2013-12-02 07:03 - 2013-12-02 07:03 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-12-02 06:59 - 2009-05-07 15:17 - 00000000 ____D C:\Users\Simon Wright\Documents\Susan
2013-12-02 06:57 - 2009-04-13 15:16 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\Google
2013-12-02 06:57 - 2008-07-01 15:13 - 00000000 ____D C:\Program Files\Google
2013-12-02 06:55 - 2013-05-04 12:38 - 01234677 _____ C:\Windows\WindowsUpdate.log
2013-12-02 06:54 - 2006-11-02 10:33 - 00706952 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 16:42 - 2011-11-06 11:29 - 00000000 ____D C:\Users\Simon Wright\Documents\Kids Homework
2013-12-01 15:27 - 2013-12-01 15:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls
2013-11-30 15:54 - 2013-11-30 15:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv
2013-11-29 18:42 - 2013-11-29 18:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls
2013-11-28 16:01 - 2013-11-28 16:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini
2013-11-27 16:19 - 2013-04-10 15:50 - 00000000 ____D C:\Users\Simon Wright\Documents\Crusaders Fixtures
2013-11-25 20:04 - 2013-11-25 20:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx
2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls
2013-11-24 21:50 - 2013-11-24 21:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls
2013-11-24 21:50 - 2013-09-19 16:19 - 00000000 ____D C:\Users\Simon Wright\Documents\Middle School Gala 2013
2013-11-24 13:01 - 2013-11-24 13:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls
2013-11-24 11:24 - 2013-02-03 14:55 - 00000000 ____D C:\Windows\Minidump
2013-11-24 10:04 - 2013-11-24 10:03 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx
2013-11-23 13:47 - 2013-11-23 13:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls
2013-11-23 13:23 - 2013-11-23 13:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx
2013-11-21 18:15 - 2013-05-20 15:20 - 00000000 ____D C:\Users\Simon Wright\Documents\Woodside Football Club
2013-11-20 19:11 - 2013-11-20 19:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls
2013-11-20 17:16 - 2013-11-20 17:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx
2013-11-19 16:12 - 2013-11-19 16:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls
2013-11-19 13:06 - 2011-05-21 10:28 - 00006648 _____ C:\Users\Simon Wright\AppData\Local\d3d9caps.dat
2013-11-19 10:21 - 2013-01-06 17:55 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 15:40 - 2013-11-17 15:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx
2013-11-17 15:37 - 2013-11-17 15:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls
2013-11-15 12:34 - 2013-11-15 12:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls
2013-11-15 12:25 - 2010-09-10 20:34 - 00002141 _____ C:\Users\Simon Wright\Desktop\Google Chrome.lnk
2013-11-14 16:58 - 2013-09-17 15:51 - 00001924 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 16:57 - 2013-09-17 15:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 08:34 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2013-11-14 07:16 - 2008-07-01 15:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 07:11 - 2013-07-26 05:20 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 07:03 - 2006-11-02 10:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 19:01 - 2013-11-13 19:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls
2013-11-13 07:19 - 2013-11-13 07:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx
2013-11-10 23:35 - 2009-04-13 20:43 - 00000000 ____D C:\Users\Simon Wright\Documents\Simon
2013-11-08 19:54 - 2013-11-08 19:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt
2013-11-08 14:29 - 2013-11-08 14:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV
2013-11-08 14:28 - 2013-11-08 14:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV
2013-11-07 20:00 - 2013-11-07 20:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt
2013-11-07 17:35 - 2013-11-07 17:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls
2013-11-06 16:06 - 2013-11-06 16:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls
2013-11-05 16:17 - 2013-11-05 16:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica
2013-11-05 16:16 - 2013-11-05 16:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica
2013-11-05 16:15 - 2013-11-05 16:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica
2013-11-04 22:03 - 2013-11-04 22:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx
2013-11-04 21:05 - 2013-11-04 21:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx
2013-11-04 21:05 - 2013-11-04 21:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx
2013-11-04 21:03 - 2013-11-04 21:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip
2013-11-04 17:28 - 2013-11-04 17:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt
2013-11-04 09:58 - 2013-11-04 09:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx
2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls
2013-11-04 09:47 - 2013-11-04 09:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls
2013-11-03 12:49 - 2013-11-03 12:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls
2013-11-02 20:01 - 2013-11-02 20:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk
2013-11-02 12:50 - 2013-01-14 17:34 - 00000000 ____D C:\Users\Simon Wright\Documents\Swim Week 2013
2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\ProgramData\FitbitConnect
2013-11-02 07:57 - 2013-11-02 07:57 - 00000000 ____D C:\Program Files\Fitbit Connect
2013-11-02 07:55 - 2013-11-02 07:55 - 05572008 _____ (Fitbit Inc.) C:\Users\Simon Wright\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe
ZeroAccess:
C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-12-02 21:56

==================== End Of Log ============================

December 2, 2013

Normal mode booted OK. Was just running BM scan but have stopped it now. Do I run FRST again and click "Fix" or do I need a new TXT file first?

Thanks

December 2, 2013

Thanks Kevin

Fix log below.

Putting Malwarebytes on flash disk now to run in normal mode if it boots - will reply soon...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013
Ran by SYSTEM at 2013-12-02 21:37:57 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer\Run: [7734] - C:\ProgramData\msmwahop.exe [341740 2009-04-10] ( ())
C:\ProgramData\msmwahop.exe
HKU\Simon Wright\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk
ShortcutTarget: 3wd3l1.lnk -> C:\ProgramData\1l3dw3.dss (Microsoft Corporation)
C:\ProgramData\1l3dw3.dss
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk
ShortcutTarget: 4bn1a4t.lnk -> C:\ProgramData\t4a1nb4.dss (?????????? ??????????)
C:\ProgramData\t4a1nb4.dss
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk
ShortcutTarget: g228zlr.lnk -> C:\ProgramData\rlz822g.dss (Microsoft Corporation)
C:\ProgramData\rlz822g.dss
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk
ShortcutTarget: iilf8zoq.lnk -> C:\ProgramData\qoz8flii.dss (Microsoft Corporation)
C:\ProgramData\qoz8flii.dss
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk
ShortcutTarget: j6flcjwodh.lnk -> C:\ProgramData\hdowjclf6j.dss (Microsoft Corporation)
C:\ProgramData\hdowjclf6j.dss
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk
ShortcutTarget: lj6wewlr.lnk -> C:\ProgramData\rlwew6jl.dss (?????????? ??????????)
C:\ProgramData\rlwew6jl.dss
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\ \...\???\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Simon Wright\AppData\Roaming\desktop.ini
C:\ProgramData\1l3dw3.dss
C:\ProgramData\3wd3l1.bxx
C:\ProgramData\3wd3l1.fvv
C:\ProgramData\3wd3l1.reg
C:\ProgramData\4bn1a4t.bxx
C:\ProgramData\4bn1a4t.fvv
C:\ProgramData\g228zlr.bxx
C:\ProgramData\g228zlr.fvv
C:\ProgramData\hdowjclf6j.dss
C:\ProgramData\iilf8zoq.bxx
C:\ProgramData\iilf8zoq.fvv
C:\ProgramData\j6flcjwodh.bxx
C:\ProgramData\j6flcjwodh.fvv
C:\ProgramData\lj6wewlr.bxx
C:\ProgramData\lj6wewlr.fvv
C:\ProgramData\ms5046818E.dat
C:\ProgramData\ms504D839B.dat
C:\ProgramData\ms504D9357.dat
C:\ProgramData\ms504DBD01.dat
C:\ProgramData\ms504DC32D.dat
C:\ProgramData\ms504DFD81.dat
C:\ProgramData\msmwahop.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\qoz8flii.dss
C:\ProgramData\rlwew6jl.dss
C:\ProgramData\rlz822g.dss
C:\ProgramData\t4a1nb4.dss
C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe
C:\Users\Simon Wright\AppData\Local\Temp\pn.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\7734 => Value deleted successfully.
C:\ProgramData\msmwahop.exe => Moved successfully.
HKU\Simon Wright\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk => Moved successfully.
C:\ProgramData\1l3dw3.dss => Moved successfully.
"C:\ProgramData\1l3dw3.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk => Moved successfully.
C:\ProgramData\t4a1nb4.dss => Moved successfully.
"C:\ProgramData\t4a1nb4.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk => Moved successfully.
C:\ProgramData\rlz822g.dss => Moved successfully.
"C:\ProgramData\rlz822g.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk => Moved successfully.
C:\ProgramData\qoz8flii.dss => Moved successfully.
"C:\ProgramData\qoz8flii.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk => Moved successfully.
C:\ProgramData\hdowjclf6j.dss => Moved successfully.
"C:\ProgramData\hdowjclf6j.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk => Moved successfully.
C:\ProgramData\rlwew6jl.dss => Moved successfully.
"C:\ProgramData\rlwew6jl.dss" => File/Directory not found.
*etadpug => Service deleted successfully.
"C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install" => Could not move.
"C:\Program Files\Google\Desktop\Install" => Could not move.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Users\Simon Wright\AppData\Roaming\desktop.ini => Moved successfully.
"C:\ProgramData\1l3dw3.dss" => File/Directory not found.
C:\ProgramData\3wd3l1.bxx => Moved successfully.
C:\ProgramData\3wd3l1.fvv => Moved successfully.
C:\ProgramData\3wd3l1.reg => Moved successfully.
C:\ProgramData\4bn1a4t.bxx => Moved successfully.
C:\ProgramData\4bn1a4t.fvv => Moved successfully.
C:\ProgramData\g228zlr.bxx => Moved successfully.
C:\ProgramData\g228zlr.fvv => Moved successfully.
"C:\ProgramData\hdowjclf6j.dss" => File/Directory not found.
C:\ProgramData\iilf8zoq.bxx => Moved successfully.
C:\ProgramData\iilf8zoq.fvv => Moved successfully.
C:\ProgramData\j6flcjwodh.bxx => Moved successfully.
C:\ProgramData\j6flcjwodh.fvv => Moved successfully.
C:\ProgramData\lj6wewlr.bxx => Moved successfully.
C:\ProgramData\lj6wewlr.fvv => Moved successfully.
C:\ProgramData\ms5046818E.dat => Moved successfully.
C:\ProgramData\ms504D839B.dat => Moved successfully.
C:\ProgramData\ms504D9357.dat => Moved successfully.
C:\ProgramData\ms504DBD01.dat => Moved successfully.
C:\ProgramData\ms504DC32D.dat => Moved successfully.
C:\ProgramData\ms504DFD81.dat => Moved successfully.
"C:\ProgramData\msmwahop.exe" => File/Directory not found.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
"C:\ProgramData\qoz8flii.dss" => File/Directory not found.
"C:\ProgramData\rlwew6jl.dss" => File/Directory not found.
"C:\ProgramData\rlz822g.dss" => File/Directory not found.
"C:\ProgramData\t4a1nb4.dss" => File/Directory not found.
C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe => Moved successfully.
C:\Users\Simon Wright\AppData\Local\Temp\pn.exe => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.
Error: DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client => entry should be fixed outside recovery mode.

==== End of Fixlog ====

December 2, 2013

Thanks ...

December 2, 2013

Hi - desperate for help

I have a laptop that has been infected with the ukash ransomware - I've run FRST and the log is below.

FYI - this was run in the recovery console. Cannot boot in any other mode at the moment.

Thanks in advance for any help

MP

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by SYSTEM on MINWINPC on 02-12-2013 21:02:43
Running from G:\
Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PRISMSVR.EXE] - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe [295001 2004-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] ()
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\Policies\Explorer\Run: [7734] - C:\ProgramData\msmwahop.exe [341740 2009-04-10] ( ())
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Simon Wright\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Simon Wright\...\Run: [Google Update] - C:\Users\Simon Wright\AppData\Local\Google\Update\GoogleUpdate.exe [ 2010-03-17] (Google Inc.)
HKU\Simon Wright\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-09-04] (Samsung)
HKU\Simon Wright\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-07-01] (Google Inc.)
HKU\Simon Wright\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-09-04] (Samsung)
HKU\Simon Wright\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\Simon Wright\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-09-25] (Google)
HKU\Simon Wright\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [ 2013-10-02] (Fitbit, Inc.)
HKU\Simon Wright\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Simon Wright\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wd3l1.lnk
ShortcutTarget: 3wd3l1.lnk -> C:\ProgramData\1l3dw3.dss (Microsoft Corporation)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4bn1a4t.lnk
ShortcutTarget: 4bn1a4t.lnk -> C:\ProgramData\t4a1nb4.dss (Корпорация Майкрософт)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g228zlr.lnk
ShortcutTarget: g228zlr.lnk -> C:\ProgramData\rlz822g.dss (Microsoft Corporation)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iilf8zoq.lnk
ShortcutTarget: iilf8zoq.lnk -> C:\ProgramData\qoz8flii.dss (Microsoft Corporation)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6flcjwodh.lnk
ShortcutTarget: j6flcjwodh.lnk -> C:\ProgramData\hdowjclf6j.dss (Microsoft Corporation)
Startup: C:\Users\Simon Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lj6wewlr.lnk
ShortcutTarget: lj6wewlr.lnk -> C:\ProgramData\rlwew6jl.dss (Корпорация Майкрософт)

========================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [572712 2011-01-14] (Nero AG)
S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Winmgmt; C:\ProgramData\1l3dw3.dss [206848 2013-12-01] (Microsoft Corporation)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\ \...\???\{a2970bbd-8e17-1c0e-9f60-cafb5c3c4e4d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-08-12] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-04-13] (Meetinghouse Data Communications)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-09-05] ()
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S2 BTWSp50; System32\Drivers\BTWSp50.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-02 20:44 - 2013-12-02 20:44 - 00000000 ____D C:\FRST
2013-12-02 12:11 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\4bn1a4t.bxx
2013-12-02 12:11 - 2013-12-02 12:11 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\t4a1nb4.dss
2013-12-02 12:11 - 2013-12-02 12:11 - 00000000 _____ C:\ProgramData\4bn1a4t.fvv
2013-12-02 12:01 - 2013-12-02 12:10 - 95025368 ____T C:\ProgramData\lj6wewlr.bxx
2013-12-02 12:01 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\lj6wewlr.fvv
2013-12-02 12:01 - 2013-12-02 12:01 - 00204288 _____ (Корпорация Майкрософт) C:\ProgramData\rlwew6jl.dss
2013-12-02 10:38 - 2013-12-02 12:11 - 95025368 ____T C:\ProgramData\j6flcjwodh.bxx
2013-12-02 10:38 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\j6flcjwodh.fvv
2013-12-02 10:38 - 2013-12-02 10:38 - 00204800 _____ (Microsoft Corporation) C:\ProgramData\hdowjclf6j.dss
2013-12-02 08:34 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\iilf8zoq.bxx
2013-12-02 08:34 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\iilf8zoq.fvv
2013-12-02 08:34 - 2013-12-02 08:34 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\qoz8flii.dss
2013-12-02 08:28 - 2013-12-02 12:12 - 95025368 ____T C:\ProgramData\g228zlr.bxx
2013-12-02 08:28 - 2013-12-02 12:10 - 00000000 _____ C:\ProgramData\g228zlr.fvv
2013-12-02 08:28 - 2013-12-02 08:28 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\rlz822g.dss
2013-12-02 08:28 - 2013-12-02 08:28 - 00000273 _____ C:\ProgramData\3wd3l1.reg
2013-12-01 23:03 - 2013-12-01 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-12-01 22:57 - 2013-12-02 12:13 - 95025368 ____T C:\ProgramData\3wd3l1.bxx
2013-12-01 22:57 - 2013-12-02 12:09 - 00000000 _____ C:\ProgramData\3wd3l1.fvv
2013-12-01 22:57 - 2013-12-01 22:57 - 00206848 _____ (Microsoft Corporation) C:\ProgramData\1l3dw3.dss
2013-12-01 07:27 - 2013-12-01 07:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls
2013-11-30 07:54 - 2013-11-30 07:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv
2013-11-29 10:42 - 2013-11-29 10:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls
2013-11-28 08:01 - 2013-11-28 08:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini
2013-11-25 12:04 - 2013-11-25 12:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx
2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls
2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls
2013-11-24 05:01 - 2013-11-24 05:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls
2013-11-24 02:03 - 2013-11-24 02:04 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx
2013-11-23 05:47 - 2013-11-23 05:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls
2013-11-23 05:23 - 2013-11-23 05:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx
2013-11-20 11:11 - 2013-11-20 11:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls
2013-11-20 09:16 - 2013-11-20 09:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx
2013-11-19 08:12 - 2013-11-19 08:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls
2013-11-17 07:40 - 2013-11-17 07:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx
2013-11-17 07:37 - 2013-11-17 07:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls
2013-11-15 04:34 - 2013-11-15 04:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls
2013-11-13 23:14 - 2013-10-13 02:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 23:14 - 2013-10-13 02:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 23:14 - 2013-10-13 01:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 23:14 - 2013-10-13 01:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 23:14 - 2013-10-13 01:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-13 23:14 - 2013-10-13 01:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 23:14 - 2013-10-13 01:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-13 23:14 - 2013-10-13 01:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 23:14 - 2013-10-13 01:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 23:14 - 2013-10-13 01:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-13 23:14 - 2013-10-13 01:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-13 23:14 - 2013-10-13 01:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 23:14 - 2013-10-13 01:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 23:14 - 2013-10-13 01:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-13 23:14 - 2013-10-13 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 23:14 - 2013-10-13 01:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 11:01 - 2013-11-13 11:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls
2013-11-12 23:24 - 2013-10-10 18:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-12 23:24 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-12 23:24 - 2013-10-10 16:39 - 00218228 _____ C:\Windows\System32\WFP.TMF
2013-11-12 23:24 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-12 23:24 - 2013-10-03 04:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-12 23:19 - 2013-11-12 23:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx
2013-11-08 11:54 - 2013-11-08 11:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt
2013-11-08 06:29 - 2013-11-08 06:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV
2013-11-08 06:28 - 2013-11-08 06:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV
2013-11-07 12:00 - 2013-11-07 12:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt
2013-11-07 09:35 - 2013-11-07 09:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls
2013-11-06 08:06 - 2013-11-06 08:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls
2013-11-05 08:17 - 2013-11-05 08:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica
2013-11-05 08:16 - 2013-11-05 08:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica
2013-11-05 08:15 - 2013-11-05 08:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica
2013-11-04 14:03 - 2013-11-04 14:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx
2013-11-04 13:05 - 2013-11-04 13:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx
2013-11-04 13:05 - 2013-11-04 13:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx
2013-11-04 13:03 - 2013-11-04 13:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip
2013-11-04 09:28 - 2013-11-04 09:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt
2013-11-04 01:58 - 2013-11-04 01:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx
2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls
2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls
2013-11-03 04:49 - 2013-11-03 04:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls
2013-11-02 12:01 - 2013-11-02 12:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk

==================== One Month Modified Files and Folders =======

2013-12-02 20:44 - 2013-12-02 20:44 - 00000000 ____D C:\FRST
2013-12-02 12:13 - 2013-12-01 22:57 - 95025368 ____T C:\ProgramData\3wd3l1.bxx
2013-12-02 12:12 - 2013-12-02 12:11 - 95025368 ____T C:\ProgramData\4bn1a4t.bxx
2013-12-02 12:12 - 2013-12-02 08:34 - 95025368 ____T C:\ProgramData\iilf8zoq.bxx
2013-12-02 12:12 - 2013-12-02 08:28 - 95025368 ____T C:\ProgramData\g228zlr.bxx
2013-12-02 12:11 - 2013-12-02 12:11 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\t4a1nb4.dss
2013-12-02 12:11 - 2013-12-02 12:11 - 00000000 _____ C:\ProgramData\4bn1a4t.fvv
2013-12-02 12:11 - 2013-12-02 10:38 - 95025368 ____T C:\ProgramData\j6flcjwodh.bxx
2013-12-02 12:11 - 2013-06-07 23:19 - 00000000 ___RD C:\Users\Simon Wright\Google Drive
2013-12-02 12:10 - 2013-12-02 12:01 - 95025368 ____T C:\ProgramData\lj6wewlr.bxx
2013-12-02 12:10 - 2013-12-02 12:01 - 00000000 _____ C:\ProgramData\lj6wewlr.fvv
2013-12-02 12:10 - 2013-12-02 10:38 - 00000000 _____ C:\ProgramData\j6flcjwodh.fvv
2013-12-02 12:10 - 2013-12-02 08:34 - 00000000 _____ C:\ProgramData\iilf8zoq.fvv
2013-12-02 12:10 - 2013-12-02 08:28 - 00000000 _____ C:\ProgramData\g228zlr.fvv
2013-12-02 12:09 - 2013-12-01 22:57 - 00000000 _____ C:\ProgramData\3wd3l1.fvv
2013-12-02 12:08 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 12:08 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 12:01 - 2013-12-02 12:01 - 00204288 _____ (Корпорация Майкрософт) C:\ProgramData\rlwew6jl.dss
2013-12-02 10:38 - 2013-12-02 10:38 - 00204800 _____ (Microsoft Corporation) C:\ProgramData\hdowjclf6j.dss
2013-12-02 08:34 - 2013-12-02 08:34 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\qoz8flii.dss
2013-12-02 08:28 - 2013-12-02 08:28 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\rlz822g.dss
2013-12-02 08:28 - 2013-12-02 08:28 - 00000273 _____ C:\ProgramData\3wd3l1.reg
2013-12-02 08:28 - 2011-02-02 11:36 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\CrashDumps
2013-12-01 23:03 - 2013-12-01 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-12-01 22:59 - 2009-05-07 07:17 - 00000000 ____D C:\Users\Simon Wright\Documents\Susan
2013-12-01 22:57 - 2013-12-01 22:57 - 00206848 _____ (Microsoft Corporation) C:\ProgramData\1l3dw3.dss
2013-12-01 22:57 - 2009-04-13 07:16 - 00000000 ____D C:\Users\Simon Wright\AppData\Local\Google
2013-12-01 22:57 - 2008-07-01 07:13 - 00000000 ____D C:\Program Files\Google
2013-12-01 22:55 - 2013-05-04 04:38 - 01234677 _____ C:\Windows\WindowsUpdate.log
2013-12-01 22:54 - 2006-11-02 02:33 - 00706952 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-01 08:42 - 2011-11-06 03:29 - 00000000 ____D C:\Users\Simon Wright\Documents\Kids Homework
2013-12-01 07:27 - 2013-12-01 07:27 - 00038400 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk13-011213.xls
2013-11-30 07:54 - 2013-11-30 07:54 - 00002631 _____ C:\Users\Simon Wright\Downloads\report.csv
2013-11-29 10:42 - 2013-11-29 10:42 - 00022528 _____ C:\Users\Simon Wright\Downloads\Completed Inquests.xls
2013-11-28 08:01 - 2013-11-28 08:01 - 00000199 ____H C:\Users\Simon Wright\Downloads\.picasa.ini
2013-11-27 08:19 - 2013-04-10 07:50 - 00000000 ____D C:\Users\Simon Wright\Documents\Crusaders Fixtures
2013-11-25 12:04 - 2013-11-25 12:04 - 00028056 _____ C:\Users\Simon Wright\Downloads\RugbyTeam&EntryTimes 23-11-2013.xlsx
2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013.xls
2013-11-24 13:50 - 2013-11-24 13:50 - 00088064 _____ C:\Users\Simon Wright\Downloads\Schools Gala Results 2013 (1).xls
2013-11-24 13:50 - 2013-09-19 08:19 - 00000000 ____D C:\Users\Simon Wright\Documents\Middle School Gala 2013
2013-11-24 05:01 - 2013-11-24 05:01 - 00039424 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk12-241113.xls
2013-11-24 03:24 - 2013-02-03 06:55 - 00000000 ____D C:\Windows\Minidump
2013-11-24 02:04 - 2013-11-24 02:03 - 00017184 _____ C:\Users\Simon Wright\Downloads\Programmes for 2014.xlsx
2013-11-23 05:47 - 2013-11-23 05:47 - 00035840 _____ C:\Users\Simon Wright\Downloads\House Oct 13 (2).xls
2013-11-23 05:23 - 2013-11-23 05:23 - 00030972 _____ C:\Users\Simon Wright\Downloads\Round 1.xlsx
2013-11-21 10:15 - 2013-05-20 07:20 - 00000000 ____D C:\Users\Simon Wright\Documents\Woodside Football Club
2013-11-20 11:11 - 2013-11-20 11:11 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk12-201113.xls
2013-11-20 09:16 - 2013-11-20 09:16 - 00011034 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 6.xlsx
2013-11-19 08:12 - 2013-11-19 08:12 - 00028160 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (8).xls
2013-11-19 05:06 - 2011-05-21 02:28 - 00006648 _____ C:\Users\Simon Wright\AppData\Local\d3d9caps.dat
2013-11-19 02:21 - 2013-01-06 09:55 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-17 07:40 - 2013-11-17 07:40 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (2).xlsx
2013-11-17 07:37 - 2013-11-17 07:37 - 00036864 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk11-171113.xls
2013-11-15 04:34 - 2013-11-15 04:34 - 00033792 _____ C:\Users\Simon Wright\Downloads\Just Hoods Basic Specs.xls
2013-11-15 04:25 - 2010-09-10 12:34 - 00002141 _____ C:\Users\Simon Wright\Desktop\Google Chrome.lnk
2013-11-14 08:58 - 2013-09-17 07:51 - 00001924 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 08:57 - 2013-09-17 07:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 00:34 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-11-13 23:16 - 2008-07-01 07:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 23:11 - 2013-07-25 21:20 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 23:03 - 2006-11-02 02:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-11-13 11:01 - 2013-11-13 11:01 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk11-131113.xls
2013-11-12 23:19 - 2013-11-12 23:19 - 00011301 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 & 6.xlsx
2013-11-10 15:35 - 2009-04-13 12:43 - 00000000 ____D C:\Users\Simon Wright\Documents\Simon
2013-11-08 11:54 - 2013-11-08 11:54 - 00465408 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (2).ppt
2013-11-08 06:29 - 2013-11-08 06:29 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video (1).MOV
2013-11-08 06:28 - 2013-11-08 06:28 - 04971481 _____ C:\Users\Simon Wright\Downloads\Video.MOV
2013-11-07 12:00 - 2013-11-07 12:00 - 00377344 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013 (1).ppt
2013-11-07 09:35 - 2013-11-07 09:35 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside fixtures 2013-14NEW (7).xls
2013-11-06 08:06 - 2013-11-06 08:06 - 00071168 _____ C:\Users\Simon Wright\Downloads\Wednesday-Black-wk10-061113.xls
2013-11-05 08:17 - 2013-11-05 08:17 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch.ica
2013-11-05 08:16 - 2013-11-05 08:16 - 00001639 _____ C:\Users\Simon Wright\Downloads\launch (2).ica
2013-11-05 08:15 - 2013-11-05 08:15 - 00001638 _____ C:\Users\Simon Wright\Downloads\launch (1).ica
2013-11-04 14:03 - 2013-11-04 14:03 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5 (1).xlsx
2013-11-04 13:05 - 2013-11-04 13:05 - 01693774 _____ C:\Users\Simon Wright\Downloads\Key Reports for Supplier Meetings.pptx
2013-11-04 13:05 - 2013-11-04 13:05 - 00713678 _____ C:\Users\Simon Wright\Downloads\20130501 Ocado Segment Summary.pptx
2013-11-04 13:03 - 2013-11-04 13:03 - 00493696 _____ C:\Users\Simon Wright\Downloads\welcometoshoppercentreperformance.zip
2013-11-04 09:28 - 2013-11-04 09:28 - 00365056 _____ C:\Users\Simon Wright\Downloads\Ocado powerpoint template 2013.ppt
2013-11-04 01:58 - 2013-11-04 01:58 - 00011363 _____ C:\Users\Simon Wright\Downloads\Club Champ 2013 gala 5.xlsx
2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13).xls
2013-11-04 01:47 - 2013-11-04 01:47 - 00027648 _____ C:\Users\Simon Wright\Downloads\Woodside Rovers U12 Schedule Sept-Dec 2013 (as 12.10.13) (1).xls
2013-11-03 04:49 - 2013-11-03 04:49 - 00048128 _____ C:\Users\Simon Wright\Downloads\Sunday-Black-wk9-031113.xls
2013-11-02 12:01 - 2013-11-02 12:01 - 00001875 _____ C:\Users\Simon Wright\Desktop\Fitbit Connect.lnk
2013-11-02 04:50 - 2013-01-14 09:34 - 00000000 ____D C:\Users\Simon Wright\Documents\Swim Week 2013
ZeroAccess:
C:\Users\Simon Wright\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Simon Wright\AppData\Roaming\desktop.ini
C:\ProgramData\1l3dw3.dss
C:\ProgramData\3wd3l1.bxx
C:\ProgramData\3wd3l1.fvv
C:\ProgramData\3wd3l1.reg
C:\ProgramData\4bn1a4t.bxx
C:\ProgramData\4bn1a4t.fvv
C:\ProgramData\g228zlr.bxx
C:\ProgramData\g228zlr.fvv
C:\ProgramData\hdowjclf6j.dss
C:\ProgramData\iilf8zoq.bxx
C:\ProgramData\iilf8zoq.fvv
C:\ProgramData\j6flcjwodh.bxx
C:\ProgramData\j6flcjwodh.fvv
C:\ProgramData\lj6wewlr.bxx
C:\ProgramData\lj6wewlr.fvv
C:\ProgramData\ms5046818E.dat
C:\ProgramData\ms504D839B.dat
C:\ProgramData\ms504D9357.dat
C:\ProgramData\ms504DBD01.dat
C:\ProgramData\ms504DC32D.dat
C:\ProgramData\ms504DFD81.dat
C:\ProgramData\msmwahop.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\qoz8flii.dss
C:\ProgramData\rlwew6jl.dss
C:\ProgramData\rlz822g.dss
C:\ProgramData\t4a1nb4.dss

Some content of TEMP:
====================
C:\Users\Simon Wright\AppData\Local\Temp\1346793773.exe
C:\Users\Simon Wright\AppData\Local\Temp\pn.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

11
Restore point made on: 2013-11-06 13:57:16
Restore point made on: 2013-11-07 11:53:54
Restore point made on: 2013-11-10 01:03:31
Restore point made on: 2013-11-13 08:09:10
Restore point made on: 2013-11-13 23:01:43
Restore point made on: 2013-11-14 13:03:43
Restore point made on: 2013-11-17 10:53:00
Restore point made on: 2013-11-20 12:20:31
Restore point made on: 2013-11-24 01:30:16
Restore point made on: 2013-11-27 08:18:22
Restore point made on: 2013-11-30 14:38:51

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3963.06 MB
Available physical RAM: 3377.7 MB
Total Pagefile: 3632.18 MB
Available Pagefile: 3461.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.46 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:148.89 GB) (Free:49.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:147.73 GB) (Free:92.16 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS
Drive g: () (Removable) (Total:0.24 GB) (Free:0.06 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4BCB0FB6)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 250 MB) (Disk ID: 5C55BD79)
Partition 1: (Active) - (Size=250 MB) - (Type=06)

LastRegBack: 2013-12-02 10:42

==================== End Of Log ============================

Events

Profiles

Forums

Posts posted by MoonPig

Important Information