Jump to content

christamofo

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by christamofo

  1. christamofo
    There is no log.
  2. christamofo
    It was on the same screen for well over 6 hours, my parents came back the screen was blank, so they turned it on and it was still showing the same thing, eventually it went off again so they unplugged it and went to bed. I don't think it ever got past that deleting folder bit! I've just turned it on and it has loaded up okay.
  3. christamofo
    Damn I got to go out now, I'm leaving it on but if it has crashed what should I tell my parents to do with it?
  4. christamofo
    Got it.
  5. christamofo
    Combofix has been going since a few minutes after I posted those logs it seems to be stuck on deleting a folder plus the desktop has now disappeared, hang on I'll get a photo.......... How do I add another image?
  6. christamofo
    # AdwCleaner v3.211 - Report created 31/05/2014 at 12:11:03 # Updated 26/05/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User1 - ACER-1240D29348 # Running from : C:\Documents and Settings\User1\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\WiseConvert_B2 Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\User1\Local Settings\Application Data\WiseConvert_B2 Folder Deleted : C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\User1\Application Data\Babylon ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835BDB60-DAF3-4A5C-B821-D36319F476BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5513386-9D1B-4768-A4CE-E877EDA33158} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}] Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\WiseConvert_B2 Key Deleted : HKCU\Software\AppDataLow\Software Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\WiseConvert_B2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_B2 Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] ************************* AdwCleaner[R0].txt - [9470 octets] - [31/05/2014 12:09:18] AdwCleaner[s0].txt - [9457 octets] - [31/05/2014 12:11:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9517 octets] ##########
  7. christamofo
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-05-2014 Ran by User1 at 2014-05-31 12:05:53 Run:1 Running from C:\Documents and Settings\User1\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company) HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172e-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172f-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {19cf8f9c-3987-11e2-88f5-0019d20ba795} - F:\StartVMCLite.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {1cbf7774-3984-11e2-88f4-0019d20ba795} - F:\StartVMCLite.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {2f37cbde-4149-11e0-86ab-0019d20ba795} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8416-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8417-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec54-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec55-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05590-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05591-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d40-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d41-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c58-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c59-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e22-f1f5-11e0-8785-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e23-f1f5-11e0-8785-0019d20ba795} - G:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1706-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1707-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7454-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7455-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b670-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b671-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe U3 rpcapd; U1 WS2IFSL; 2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO 2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll End ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KodakHomeCenter => Value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ce172e-a4d9-11dc-824b-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{03ce172e-a4d9-11dc-824b-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ce172f-a4d9-11dc-824b-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{03ce172f-a4d9-11dc-824b-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19cf8f9c-3987-11e2-88f5-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{19cf8f9c-3987-11e2-88f5-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cbf7774-3984-11e2-88f4-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{1cbf7774-3984-11e2-88f4-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f37cbde-4149-11e0-86ab-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{2f37cbde-4149-11e0-86ab-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0f8416-368f-11df-857c-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{5a0f8416-368f-11df-857c-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0f8417-368f-11df-857c-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{5a0f8417-368f-11df-857c-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647dec54-f690-11e0-878f-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{647dec54-f690-11e0-878f-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647dec55-f690-11e0-878f-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{647dec55-f690-11e0-878f-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d05590-d4ac-11de-8535-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{97d05590-d4ac-11de-8535-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d05591-d4ac-11de-8535-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{97d05591-d4ac-11de-8535-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9abc8d40-1d21-11e1-87b6-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{9abc8d40-1d21-11e1-87b6-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9abc8d41-1d21-11e1-87b6-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{9abc8d41-1d21-11e1-87b6-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfda1c58-e297-11de-8549-00197de510b7} => Key deleted successfully. HKCR\CLSID\{bfda1c58-e297-11de-8549-00197de510b7} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfda1c59-e297-11de-8549-00197de510b7} => Key deleted successfully. HKCR\CLSID\{bfda1c59-e297-11de-8549-00197de510b7} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65b7e22-f1f5-11e0-8785-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{c65b7e22-f1f5-11e0-8785-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65b7e23-f1f5-11e0-8785-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{c65b7e23-f1f5-11e0-8785-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae1706-ebd8-11e1-88bf-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{ebae1706-ebd8-11e1-88bf-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae1707-ebd8-11e1-88bf-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{ebae1707-ebd8-11e1-88bf-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f24e7454-96b3-11dc-8234-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{f24e7454-96b3-11dc-8234-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f24e7455-96b3-11dc-8234-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{f24e7455-96b3-11dc-8234-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b9b670-a35f-11dc-8246-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{f2b9b670-a35f-11dc-8246-0019d20ba795} => Key not found. HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b9b671-a35f-11dc-8246-0019d20ba795} => Key deleted successfully. HKCR\CLSID\{f2b9b671-a35f-11dc-8246-0019d20ba795} => Key not found. rpcapd => Service deleted successfully. WS2IFSL => Service deleted successfully. C:\WINDOWS\Y8HQY7GPX6FOX6FO => Moved successfully. C:\Documents and Settings\All Users\Application Data\johclez.cpp => Moved successfully. C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll => Moved successfully. ==== End of Fixlog ====
  8. christamofo
    Okay, I guess getting that comming up in the scan isn't normal then is it? Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014 Ran by User1 (administrator) on ACER-1240D29348 on 31-05-2014 11:13:41 Running from C:\Documents and Settings\User1\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgrsx.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Agere Systems) C:\WINDOWS\System32\AGRSMSVC.EXE (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgemcx.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\AVGUI.EXE (Acer Inc.) C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe () C:\Program Files\AVG SafeGuard toolbar\vprot.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe (Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2006-07-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVG_UI] => D:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Acer ePresentation HPD] => C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [208896 2006-06-07] (Acer Inc.) HKLM\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-12] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2008-07-13] (Apple Computer, Inc.) HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company) HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172e-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {03ce172f-a4d9-11dc-824b-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {19cf8f9c-3987-11e2-88f5-0019d20ba795} - F:\StartVMCLite.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {1cbf7774-3984-11e2-88f4-0019d20ba795} - F:\StartVMCLite.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {2f37cbde-4149-11e0-86ab-0019d20ba795} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8416-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {5a0f8417-368f-11df-857c-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec54-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {647dec55-f690-11e0-878f-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05590-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {97d05591-d4ac-11de-8535-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d40-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {9abc8d41-1d21-11e1-87b6-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c58-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {bfda1c59-e297-11de-8549-00197de510b7} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e22-f1f5-11e0-8785-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {c65b7e23-f1f5-11e0-8785-0019d20ba795} - G:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1706-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {ebae1707-ebd8-11e1-88bf-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7454-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f24e7455-96b3-11dc-8234-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b670-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe HKU\S-1-5-21-3048764170-4027112551-3766241791-1005\...\MountPoints2: {f2b9b671-a35f-11dc-8246-0019d20ba795} - F:\VMC_PBStarter.exe Lsa: [Authentication Packages] msv1_0 nwprovau ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie URLSearchHook: HKCU - WiseConvert B2 Toolbar - {da7a20cf-bef4-4342-ad78-0240fdf87055} - C:\Program Files\WiseConvert_B2\prxtbWis0.dll No File SearchScopes: HKLM - DefaultScope {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL = SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN35513305752290424&UM=2&UP=SP7CFE7FD0-7799-4AE9-8204-2658A6EB40FD&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={3E3B00E2-E930-4E81-A432-9B98BFCA7A05}&mid=f85d8ed427d847d1a438d15094ef4e66-844f50ddd86b4ae3fa5435f2815ce127442dbc64〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-11 11:51:23&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {DC93EB45-EEFA-4D88-99F2-8B01CEFB7D11} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN35513305752290424&UM=2 SearchScopes: HKCU - {DF9ACCA0-A71B-4CD0-945A-3C872BA9CEF6} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - WiseConvert B2 Toolbar - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - C:\Program Files\WiseConvert_B2\prxtbWis0.dll No File DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219790818437 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{CC7FBE3F-CFEF-467F-A2E2-429F7F78F5F4}: [NameServer]4.4.4.4,8.8.8.8 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix FF Extension: Mozilla hotfix - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2014-02-23] FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix FF Extension: Mozilla hotfix - C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2014-02-23] ========================== Services (Whitelisted) ================= R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) R2 AVGIDSAgent; D:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; D:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2006-04-14] (Intel Corporation ) R2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-12] (AVG Secure Search) S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X] ==================== Drivers (Whitelisted) ==================== R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2007-10-24] (Meetinghouse Data Communications) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-12] (AVG Technologies) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328061 2006-01-17] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-01-17] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [850474 2006-01-17] (Broadcom Corporation.) R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-01-17] (Broadcom Corporation.) S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-01-17] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [65688 2006-01-17] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 EpmPsd; C:\WINDOWS\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) R2 EpmShd; C:\WINDOWS\system32\drivers\epm-shd.sys [78208 2005-04-07] (Acer Value Labs, USA) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-24] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-24] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-24] (HP) R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () S3 lv321av; C:\WINDOWS\System32\DRIVERS\lv321av.sys [1097728 2006-06-19] (Logitech) R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2006-06-19] (Logitech) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-30] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2005-11-02] (CACE Technologies) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) S3 psdfilter; C:\WINDOWS\system32\Drivers\psdfilter.sys [12288 2006-04-07] (HiTRUST) S3 psdvdisk; C:\WINDOWS\system32\Drivers\psdvdisk.sys [60416 2006-03-08] (HiTRUST) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) U3 rpcapd; R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2006-04-14] (Intel Corporation) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) R0 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] () R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-04] (Intel® Corporation) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [250496 2006-11-22] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-31 11:13 - 2014-05-31 11:13 - 00018607 _____ () C:\Documents and Settings\User1\Desktop\FRST.txt 2014-05-31 11:12 - 2014-05-31 11:13 - 01056256 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe 2014-05-30 22:05 - 2014-05-30 22:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2014-05-25 02:24 - 2014-05-25 02:25 - 00000169 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2548-F.txt 2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO 2014-05-25 02:20 - 2014-05-25 02:20 - 00000000 __SHD () C:\FOUND.000 2014-05-25 01:10 - 2014-05-25 01:10 - 00000054 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2764-F.txt 2014-05-25 01:05 - 2014-05-25 01:06 - 00000571 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2304-F.txt 2014-05-25 01:02 - 2014-05-25 01:02 - 00000362 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3760-F.txt 2014-05-25 01:02 - 2014-05-25 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\80555278EAABD67929D47DCA445020E8 2014-05-19 11:10 - 2014-05-19 11:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014 2014-05-19 00:00 - 2014-05-25 02:09 - 00001980 _____ () C:\WINDOWS\setupact.log 2014-05-19 00:00 - 2014-05-19 00:00 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-05-11 20:56 - 2014-05-30 20:59 - 00012956 _____ () C:\WINDOWS\setupapi.log 2014-05-11 11:51 - 2014-05-12 20:55 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys 2014-05-11 11:51 - 2014-05-11 11:52 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar 2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar 2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar 2014-05-09 20:50 - 2014-05-09 20:50 - 00000692 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\Malwarebytes 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-09 20:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-09 09:17 - 2014-05-09 09:17 - 00000000 ____D () C:\FRST 2014-05-09 07:26 - 2014-02-15 17:14 - 00000426 _____ () C:\AVScanner.ini 2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG2014 2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014 2014-05-09 06:39 - 2014-05-19 11:10 - 00000508 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk 2014-05-09 06:39 - 2014-05-09 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ___HD () C:\$AVG 2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\MFAData 2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\Avg2014 2014-05-09 06:24 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-05-08 20:25 - 2014-05-08 20:25 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware 2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp ==================== One Month Modified Files and Folders ======= 2014-05-31 11:13 - 2014-05-31 11:13 - 00018607 _____ () C:\Documents and Settings\User1\Desktop\FRST.txt 2014-05-31 11:13 - 2014-05-31 11:12 - 01056256 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe 2014-05-31 11:05 - 2013-10-02 00:41 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D53700B8-169E-422C-996D-BAD488ECF26C}.job 2014-05-31 11:05 - 2006-08-01 16:00 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-31 11:04 - 2006-08-01 16:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-31 11:03 - 2014-03-23 20:29 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-05-31 11:03 - 2011-05-06 17:48 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-31 00:05 - 2014-02-18 18:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-05-31 00:05 - 2007-10-24 07:24 - 00000178 ___SH () C:\Documents and Settings\User1\ntuser.ini 2014-05-31 00:05 - 2006-08-01 16:01 - 01150364 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-31 00:05 - 2006-08-01 16:01 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-31 00:05 - 2006-08-01 16:01 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat 2014-05-30 22:07 - 2014-05-30 22:05 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2014-05-30 20:59 - 2014-05-11 20:56 - 00012956 _____ () C:\WINDOWS\setupapi.log 2014-05-25 02:25 - 2014-05-25 02:24 - 00000169 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2548-F.txt 2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\WINDOWS\Y8HQY7GPX6FOX6FO 2014-05-25 02:20 - 2014-05-25 02:20 - 00000000 __SHD () C:\FOUND.000 2014-05-25 02:09 - 2014-05-19 00:00 - 00001980 _____ () C:\WINDOWS\setupact.log 2014-05-25 01:10 - 2014-05-25 01:10 - 00000054 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2764-F.txt 2014-05-25 01:06 - 2014-05-25 01:05 - 00000571 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-2304-F.txt 2014-05-25 01:02 - 2014-05-25 01:02 - 00000362 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3760-F.txt 2014-05-25 01:02 - 2014-05-25 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\80555278EAABD67929D47DCA445020E8 2014-05-19 11:10 - 2014-05-19 11:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014 2014-05-19 11:10 - 2014-05-09 06:39 - 00000508 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk 2014-05-19 00:00 - 2014-05-19 00:00 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-05-14 16:35 - 2011-02-06 10:28 - 00000278 _____ () C:\Documents and Settings\User1\Desktop\Vehicle tracking systems track vans, trucks & cars with Quartix award-winning GPS devices.url 2014-05-13 14:19 - 2014-03-27 22:15 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys 2014-05-13 14:17 - 2014-03-31 16:11 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys 2014-05-13 14:17 - 2014-03-31 16:11 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys 2014-05-13 14:17 - 2014-03-27 22:14 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiskx.sys 2014-05-13 14:17 - 2014-03-27 22:04 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys 2014-05-13 14:17 - 2014-03-27 22:04 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys 2014-05-13 14:09 - 2014-04-18 15:02 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys 2014-05-13 14:04 - 2014-03-27 22:03 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys 2014-05-13 14:04 - 2014-03-27 22:03 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys 2014-05-12 20:55 - 2014-05-11 11:51 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys 2014-05-11 11:52 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\AVG SafeGuard toolbar 2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG SafeGuard toolbar 2014-05-11 11:51 - 2014-05-11 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search 2014-05-11 11:50 - 2014-05-11 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar 2014-05-09 20:50 - 2014-05-09 20:50 - 00000692 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\Malwarebytes 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-09 11:11 - 2006-08-01 16:00 - 00000211 ___SH () C:\boot.ini 2014-05-09 11:11 - 2006-08-01 13:58 - 00000709 _____ () C:\WINDOWS\win.ini 2014-05-09 11:11 - 2006-08-01 13:52 - 00000246 _____ () C:\WINDOWS\system.ini 2014-05-09 09:17 - 2014-05-09 09:17 - 00000000 ____D () C:\FRST 2014-05-09 07:13 - 2014-04-07 00:45 - 00318818 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\User1\Application Data\AVG2014 2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014 2014-05-09 06:39 - 2014-05-09 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ___HD () C:\$AVG 2014-05-09 06:35 - 2014-05-09 06:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\MFAData 2014-05-09 06:31 - 2014-05-09 06:31 - 00000000 ____D () C:\Documents and Settings\User1\Local Settings\Application Data\Avg2014 2014-05-08 23:36 - 2014-04-07 01:19 - 03052188 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3048764170-4027112551-3766241791-1005-0.dat 2014-05-08 20:25 - 2014-05-08 20:25 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware 2014-05-08 20:17 - 2014-03-23 20:29 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-05-07 01:59 - 2011-05-24 20:11 - 00002209 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk 2014-05-07 01:02 - 2013-01-14 03:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-05-06 16:50 - 2014-05-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\johclez.cpp Some content of TEMP: ==================== C:\Documents and Settings\User1\Local Settings\Temp\w8p0.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-05-2014 Ran by User1 at 2014-05-31 11:19:11 Running from C:\Documents and Settings\User1\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66} ==================== Installed Programs ====================== 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden Acer eDataSecurity Management (Version: 2.0.3077 - Acer) Hidden Acer eDataSecurity Management 2.0.3077 (HKLM\...\InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}) (Version: 2.0.3077 - Acer) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.03.2024 - Acer) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.05.2006 - ) Acer ePerformance Management (HKLM\...\{7057702F-6D71-4F30-8000-9E72BC771887}) (Version: 2.00.2007 - Acer) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.00.2027 - Acer Inc) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.00.2012 - Acer Inc.) Acer eSettings Management (HKLM\...\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}) (Version: 2.03.2017 - Acer) Acer GridVista (HKLM\...\GridVista) (Version: 2.53.0209 - ) Acer Screensaver (HKLM\...\{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}) (Version: 1.0.0 - acer) AcerOrbiCam (HKLM\...\{D26569C3-9B03-4669-9EC5-9FCF70933688}) (Version: 1.0.10 - Sonix) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated) Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7646-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies) AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies) BookletCreator (HKLM\...\BookletCreator) (Version: 1.3.0.0 - BookletCreator.com) C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ConstructionSkills (HKLM\...\{5499A827-E4C8-49B8-8462-4C0E5CA976A5}) (Version: 1.00.673 - IDS) Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Elevated Installer (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{50b02c70-f203-47ba-a926-5e4d816688db}) (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden Garmin POI Loader (HKLM\...\{80A2A967-C1B7-412D-B2B2-C4A33209C205}) (Version: 2.5.2.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - ) Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.1.1.3 API - Intel Corporation) Java 2 Runtime Environment, SE v1.4.2_08 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142080}) (Version: 1.4.2_08 - Sun Microsystems, Inc.) K-Lite Codec Pack 6.5.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.5.0 - ) Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 9.12.4.3 - Marvell) mCore (Version: 5.73.0000 - Intel Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) mMHouse (Version: 5.73.0000 - Intel Corporation) Hidden mPfMgr (Version: 5.73.0000 - Intel Corporation) Hidden mProSafe (Version: 9.00.0000 - Intel) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation) mWlsSafe (Version: 9.00.0000 - Intel) Hidden mXML (Version: 5.73.0000 - Intel Corporation) Hidden Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - ) NTI Backup NOW! 4.5 (HKLM\...\{B06B842F-2450-494F-BBDE-217CDC151A37}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden PIF DESIGNER2.1 (HKLM\...\{23B59B9F-C360-11D7-875B-0090CC005647}) (Version: - ) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation) PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) QuickTime (HKLM\...\QuickTime) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5273 - Realtek Semiconductor Corp.) ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - ) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.3.0.0 - Synaptics) TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.) TIPCI (Version: 1.15.0000 - Texas Instruments Inc.) Hidden Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.1 - Tweaking.com) Uninstall Remote Fitter (HKLM\...\Wirtgen Remote Fitter GB_is1) (Version: - ) Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation) Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vodafone Mobile Connect Lite Runtime Components (HKLM\...\{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}) (Version: 2.1.6.1 - Vodafone) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.1500 - ) WIDOS (HKLM\...\WIDOS) (Version: 20.12.03.01 - Wirtgen GmbH) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Wirtgen ProSecCo Client (HKLM\...\Wirtgen ProSecCo Client) (Version: 4.4.8.2 - LexCom Informationssysteme) WiseConvert B2 Toolbar (HKLM\...\WiseConvert_B2 Toolbar) (Version: 6.14.0.28 - WiseConvert B2) ==================== Restore Points ========================= 07-04-2014 00:37:22 Installed Microsoft Fix it 50356 08-04-2014 13:51:43 System Checkpoint 13-04-2014 19:55:35 System Checkpoint 20-04-2014 13:33:02 System Checkpoint 23-04-2014 02:27:20 System Checkpoint 24-04-2014 03:21:23 System Checkpoint 24-04-2014 21:59:58 Software Distribution Service 3.0 24-04-2014 23:35:45 Garmin Express 27-04-2014 19:27:28 System Checkpoint 30-04-2014 21:28:17 System Checkpoint 06-05-2014 23:08:44 System Checkpoint 09-05-2014 05:34:55 Installed AVG 2014 09-05-2014 05:35:41 Installed AVG 2014 09-05-2014 10:27:28 Removed Symantec AntiVirus 11-05-2014 11:23:36 System Checkpoint 14-05-2014 16:36:42 System Checkpoint 19-05-2014 16:04:00 System Checkpoint 20-05-2014 17:13:46 System Checkpoint 21-05-2014 17:19:21 System Checkpoint 24-05-2014 19:21:23 System Checkpoint 30-05-2014 22:44:31 System Checkpoint ==================== Hosts content: ========================== 2004-08-04 05:00 - 2011-10-08 21:47 - 00438972 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 163ns.com 127.0.0.1 www.163ns.com 127.0.0.1 171203.com 127.0.0.1 17-plus.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D53700B8-169E-422C-996D-BAD488ECF26C}.job => C:\WINDOWS\system32\msfeedssync.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2006-04-14 12:04 - 2006-04-14 12:04 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll 2006-04-14 12:04 - 2006-04-14 12:04 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll 2006-04-14 12:04 - 2006-04-14 12:04 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL 2013-07-15 02:25 - 2013-07-15 02:25 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df7136db\mscorlib.dll 2013-07-15 02:24 - 2013-07-15 02:24 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_76333b3d\system.dll 2013-07-15 02:24 - 2013-07-15 02:24 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f85fe12a\system.xml.dll 2014-05-11 11:50 - 2014-05-12 20:55 - 01633304 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll 2013-07-15 02:24 - 2013-07-15 02:24 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_74258b7a\system.windows.forms.dll 2013-07-15 02:25 - 2013-07-15 02:25 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3b55b0a7\system.drawing.dll 2014-05-11 11:50 - 2014-05-12 20:55 - 02561560 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe 2014-05-12 20:56 - 2014-05-12 20:55 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll 2014-05-12 20:56 - 2014-05-12 20:55 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27908078.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27908078.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk => C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecurityClient.lnk => C:\WINDOWS\pss\SecurityClient.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wirtgen ProSecCo Client.lnk => C:\WINDOWS\pss\Wirtgen ProSecCo Client.lnkCommon Startup MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE MSCONFIG\startupreg: Boot => C:\Acer\Empowering Technology\ePower\Boot.exe MSCONFIG\startupreg: BrowserChoice => "C:\WINDOWS\system32\browserchoice.exe" /run MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe MSCONFIG\startupreg: ePower_DMC => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe MSCONFIG\startupreg: eRecoveryService => C:\Acer\Empowering Technology\eRecovery\eRAgent.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: H/PC Connection Agent => "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 MSCONFIG\startupreg: LaunchApp => Alaunch MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC MSCONFIG\startupreg: ntiMUI => C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE MSCONFIG\startupreg: SkyTel => SkyTel.EXE MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: updateMgr => C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe" MSCONFIG\startupreg: vptray => C:\PROGRA~1\SYMANT~1\VPTray.exe ==================== Faulty Device Manager Devices ============= Name: Bluetooth LAN Access Server Driver Description: Bluetooth LAN Access Server Driver Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: %V_WIDCOMM% Service: BTWDNDIS Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/31/2014 11:09:25 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (05/31/2014 11:03:40 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/31/2014 00:04:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (05/30/2014 08:56:59 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 02:27:10 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 02:23:54 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 02:21:46 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 01:22:11 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 01:18:53 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (05/25/2014 01:09:23 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. System errors: ============= Error: (05/31/2014 11:05:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048). Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Help and Support service terminated with the following error: %%126 Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Error: (05/31/2014 11:05:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect. Error: (05/30/2014 08:58:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048). Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Help and Support service terminated with the following error: %%126 Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Error: (05/30/2014 08:58:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect. Error: (05/25/2014 02:25:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 2147483720 (0x80000048). Error: (05/25/2014 02:25:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Help and Support service terminated with the following error: %%126 Microsoft Office Sessions: ========================= Error: (09/09/2012 03:18:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8153 seconds with 1500 seconds of active time. This session ended with a crash. Error: (04/04/2012 06:18:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 228 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/29/2012 10:58:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3229 seconds with 720 seconds of active time. This session ended with a crash. Error: (01/17/2011 02:02:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/17/2011 02:01:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 570 seconds with 300 seconds of active time. This session ended with a crash. Error: (01/17/2011 01:51:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/17/2011 01:50:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/13/2010 02:46:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141865 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/09/2009 02:56:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 838 seconds with 600 seconds of active time. This session ended with a crash. Error: (12/07/2009 00:51:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5775 seconds with 2460 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 2038.1 MB Available physical RAM: 1266.7 MB Total Pagefile: 3921.71 MB Available Pagefile: 3234.44 MB Total Virtual: 2047.88 MB Available Virtual: 1952.63 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:53.2 GB) (Free:10.48 GB) FAT32 ==>[Drive with boot components (Windows XP)] Drive d: (ACERDATA) (Fixed) (Total:53.69 GB) (Free:39.41 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 112 GB) (Disk ID: F404143B) Partition 1: (Not Active) - (Size=5 GB) - (Type=12) Partition 2: (Active) - (Size=53 GB) - (Type=0C) Partition 3: (Not Active) - (Size=54 GB) - (Type=0C) ==================== End Of Log ============================
  9. christamofo
    Hey I have been fighting a nasty ransom type virus on my dads old computer, I ran a scan before startup and managed to remove something but whilst doing a Malwarebytes scan after to make sure it's gone I'm getting very weird files!! It just keep adding slashes now it's gone on to the next line and they all look like full stops, anyone know what's going on. Thank you in advance. Chris.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.